Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vawtak virus


  • This topic is locked This topic is locked
55 replies to this topic

#1 owlman

owlman

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 16 February 2015 - 09:28 PM

malwarebytes and avg will not update. pc very slow

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:11 PM

Posted 19 February 2015 - 07:38 PM

hi,

 

I will be helping you with the malware problem. First we will use FRST:

 

copy/paste whats below in the code box into notepad. Save it as fixlist.txt in the same location that you have FRST, your desktop. Start FRST like before except this time click on the Fix button and wait.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

 
HKLM\...\Run: [{833be12e-11df-b354-25dd-0a69dc3a6d52}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{833be12e-11df-b354-25dd-0a69dc3a6d52}\{833be12e-11df-b354-25dd-0a69dc3a6d52}.exe [376884 2015-02-14] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{833be12e-11df-b354-25dd-0a69dc3a6d52}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{833be12e-11df-b354-25dd-0a69dc3a6d52}\{833be12e-11df-b354-25dd-0a69dc3a6d52}.exe [376884 2015-02-14] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1844237615-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1844237615-1897051121-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1844237615-1897051121-839522115-1003 -> URL http://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPD53DC930-65D8-4F77-BDF3-FB5C02275494&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1844237615-1897051121-839522115-1003 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:

  Next download and run Adwcleaner:

  Please download adwcleaner and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application. For XP, just doubleclick
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report at restart. Copy & Paste this report in your reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located in your root drive, C:>AdwCleaner >AdwCleaner[S0].txt

 


How Can I Reduce My Risk to Malware?


#3 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 02:29 PM

Attached File  fix list text.txt   2.15KB   2 downloadsAttached File  AdwCleanerS6.txt   1.5KB   1 downloadsAttached File  FRST.txt   20.36KB   3 downloadsShelf Life,

Thank you so much for your involvemet. Vawtak will not allow new adware cleaner download. I've sent what I could. Very slow, almost confused responses. I Have been disconnecting ethernet cable and turning off pc. Should I continue doing this or does it matter?

Owlman

Dennis



#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:11 PM

Posted 21 February 2015 - 04:28 PM

hi,

 

Looks like you just posted the fixlist.txt

 

Did you do this from post 2:

 

 

copy/paste whats below in the code box into notepad. Save it as fixlist.txt in the same location that you have FRST, your desktop. Start FRST like before except this time click on the Fix button and wait.
The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

 You should have a text file on the desktop called Fixlog.txt This will show if the deletions/changes where successful. Do you see that?

  You can continue to disconnect the ethernet cable so that there is no connectivity. you can leave it on if you want.

 

You can also try booting your machine into safe mode. To reach safe mode you would tap the f8 key during a computer restart and choice the first option from the list; safe mode. Once at the safe mode desktop you can run your AV and malwarebytes. Also if the fixlist.txt is having problems, launch FRST when your in safe mode and click the clean button.

To get back to "normal" mode just reboot machine normally.

 


How Can I Reduce My Risk to Malware?


#5 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 08:41 PM

pc will not boot up in safe mode unless ethernet is disconnected,diconnected, the arrow keys will not respond. I will try again to follow your steps



#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:11 PM

Posted 21 February 2015 - 08:50 PM

 

will not boot up in safe mode unless ethernet is disconnected

Leave the ethernet unplugged if that will get you in safe mode.

 


How Can I Reduce My Risk to Malware?


#7 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 08:55 PM

frst will not allow me past 'no fix list' I have copied and tried to paste what you asked for but no box open for me to paste to.

#8 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 08:57 PM

I can not use the arrow keys once I'm disconnected



#9 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 09:17 PM

I just tried to download a new farbar but message read ' my security setting would not allow download '



#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:11 PM

Posted 21 February 2015 - 09:17 PM

Go to start>All Programs>Accessories>click on notepad. A blank notepad should open up

 

Left click on the mouse to highlight whats in the box below

Right click on the mouse and select copy

go to the blank open notepad right click and select paste.

this should paste whats below into notepad.

in notepad go to File>save as fixlist.txt to your desktop, same place FRST is

 

click on FRST and click on the Fix button

HKLM\...\Run: [{833be12e-11df-b354-25dd-0a69dc3a6d52}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{833be12e-11df-b354-25dd-0a69dc3a6d52}\{833be12e-11df-b354-25dd-0a69dc3a6d52}.exe [376884 2015-02-14] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{833be12e-11df-b354-25dd-0a69dc3a6d52}] => C:\Documents and Settings\All Users\Application Data\Microsoft\{833be12e-11df-b354-25dd-0a69dc3a6d52}\{833be12e-11df-b354-25dd-0a69dc3a6d52}.exe [376884 2015-02-14] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1844237615-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1844237615-1897051121-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1844237615-1897051121-839522115-1003 -> URL http://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPD53DC930-65D8-4F77-BDF3-FB5C02275494&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1844237615-1897051121-839522115-1003 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:

Attached Files

  • Attached File  pic1.png   55.71KB   0 downloads
  • Attached File  pic2.png   647.03KB   0 downloads

How Can I Reduce My Risk to Malware?


#11 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 09:32 PM

I am familiar with notepad. what seems to be happening is the farbar is corrupt.can we stsrt with new downloads?



#12 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 09:58 PM

I tried copy/paste notepad fixlist  to frst last night and you replied you didn't receive it.many errors are showing up as I have lost audio out and the key boards, wired and wireless, have developed mind of their own.



#13 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:11 PM

Posted 21 February 2015 - 10:02 PM

 

can we stsrt with new downloads?

Yes download it (FRST) again and try. You can also download Roguekiller;

 

Please download RogueKillerX64.exe and save to the desktop.

 

   http://www.bleepingcomputer.com/download/roguekiller/

 

    Close all windows and browsers

    Doubleclick icon to start.

    A prescan will start automatically. When the prescan is done: press the Scan button.

    When the scan is done press the Report button.

    Dont fix anything yet.

    Please copy and past the results in your next reply.

    File>Quit to exit Roguekiller

 

 

you replied you didn't receive it

If FRST worked ok you should see a log on the desktop called Fixlog.txt. If you see it please post it in your reply

I wont be back oline10-12 hours from now.


Edited by shelf life, 21 February 2015 - 10:05 PM.

How Can I Reduce My Risk to Malware?


#14 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 10:13 PM

message reads "my security settings will not allow file/s to be downloaded"  for both farbar and roguekiller



#15 owlman

owlman
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 February 2015 - 12:23 AM

roguekiller file too large to attach, farbar lockedup. roguekiiler and farbar were downloaded from laptop to flash drive. roguekiller crashed at 75% first scan. reran-100% finished. 15 files in red, two were marked no kill.saved report to desk top.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users