Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me W32/Mytob-EW worm. This infection, connects to an IRC


  • Please log in to reply
12 replies to this topic

#1 Momadice

Momadice

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 12:38 AM

According to Bleeping I have a worm.  Below is Bleepings epitaph. . .

 

 

 

Home > Startup Programs Database > remote.exe Information

 
   This is an undesirable program.

 This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums. 

Name: Remote Procedure Call (RPC) Remote
Filename: remote.exe
Command: %System%\remote.exe

Description:
 
Added by the W32/Mytob-EW worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.

File Location: %System%
Startup Type: This startup entry is installed as a Windows service.
Service Name: RpcRemotes
Service Display Name: Remote Procedure Call (RPC) Remote
HijackThis Category: O23 Entry 
Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.
Removal Instructions:  How to remove a Trojan, Virus, Worm, or other Malware 
 
 



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 26 April 2015 - 12:40 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 01:02 AM

I'm just starting to execute your suggestions. . .  First I m learning how to boot in safe mode.  Also I posted this topic in the removal forum, as I just realized that is the one I should have used.

 

I also have this one:

 

This is an undesirable program.

 This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums. 

Name: Spooler SubSystem App
Filename: spoolv.exe
Command: Unknown at this time.

Description:
 
Added by the W32/Sdbot-BN backdoor worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute. This infection also steals cd keys from popular games and applications.

File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry 
Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.
Removal Instructions:  How to remove a Trojan, Virus, Worm, or other Malware 
 


Edited by Momadice, 26 April 2015 - 01:30 AM.


#4 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 09:19 AM

26 Apr 2015 09:19:09 [0970] - **********************************************************
26 Apr 2015 09:19:09 [0970] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 09:19:09 [0970] - Copyright © MicroWorld Technologies
26 Apr 2015 09:19:09 [0970] - **********************************************************
26 Apr 2015 09:19:09 [0970] - Source: C:\Users\Cindy\Desktop\bigbadbear.exe
26 Apr 2015 09:19:09 [0970] - Version 14.0.178 (C:\USERS\CINDY\APPDATA\LOCAL\TEMP\MEXE.COM)
26 Apr 2015 09:19:09 [0970] - Log File: C:\Users\Cindy\AppData\Local\Temp\MWAV.LOG
26 Apr 2015 09:19:09 [0970] - MWAV Registered: TRUE
26 Apr 2015 09:19:09 [0970] - User Account: Cindy (Administrator Mode)
26 Apr 2015 09:19:09 [0970] - OS Type: Windows Workstation [InstallType: Client]
26 Apr 2015 09:19:09 [0970] - OS: Windows 8.1 64-Bit [OS Install Date: 21 Apr 2015 12:17:18]
26 Apr 2015 09:19:09 [0970] - Ver: Personal Build 9200
26 Apr 2015 09:19:09 [0970] - System Up Time: 34 Minutes, 1 Second

26 Apr 2015 09:19:09 [0970] - Parent Process Name : C:\Users\Cindy\Desktop\bigbadbear.exe
26 Apr 2015 09:19:09 [0970] - Windows Root  Folder: C:\WINDOWS
26 Apr 2015 09:19:09 [0970] - Windows Sys32 Folder: C:\WINDOWS\system32
26 Apr 2015 09:19:09 [0970] - DHCP NameServer: 24.226.10.193 24.226.10.194 24.226.1.94
26 Apr 2015 09:19:09 [0970] - Interface0 DHCPNameServer: 24.226.10.193 24.226.10.194 24.226.1.94 24.226.1.93
26 Apr 2015 09:19:09 [0970] - Interface1 DHCPNameServer: 24.226.10.193 24.226.10.194 24.226.1.94
26 Apr 2015 09:19:09 [0970] - Local Fixed Drives: c:\
26 Apr 2015 09:19:09 [0970] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
26 Apr 2015 09:19:09 [0970] - [CREATED ZIP FILE: C:\Users\Cindy\AppData\Local\Temp\pinfect.zip]
26 Apr 2015 09:19:09 [0970] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
26 Apr 2015 09:19:11 [0970] - ** Changed Value of "Path"
26 Apr 2015 09:19:11 [0970] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Cindy\AppData\Local\Temp\ESCANDB.LOG]
26 Apr 2015 09:19:13 [0970] - Loaded/Created FileScan Cache Database...
26 Apr 2015 09:19:13 [0970] - Loading AV Library [DB]...
26 Apr 2015 09:20:00 [0970] - ArchiveScan: DISABLED
26 Apr 2015 09:20:02 [0970] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
26 Apr 2015 09:20:02 [0970] - MWAV doing self scanning...
26 Apr 2015 09:20:03 [0970] - MWAV files are clean.
26 Apr 2015 09:22:22 [0970] - ArchiveScan: DISABLED
26 Apr 2015 09:22:22 [0970] - Virus Database Date: 02 Mar 2015
26 Apr 2015 09:22:22 [0970] - Virus Database Count: 6701505
26 Apr 2015 09:22:22 [0970] - Sign Version: 7.59505 [518257]
26 Apr 2015 09:23:49 [0970] - Downloading AntiVirus and Anti-Spyware Databases...
26 Apr 2015 09:30:45 [0970] - Update Successful...
26 Apr 2015 09:31:21 [0970] - Indexed Spyware Databases Successfully Created...
26 Apr 2015 09:31:22 [0970] - Old Sign Version: 7.59505 New Sign Version: 7.60297
26 Apr 2015 09:31:47 [0970] - Reload of AntiVirus Signatures successfully done.
26 Apr 2015 09:31:47 [0970] - Virus Database Date: 26 Apr 2015
26 Apr 2015 09:31:47 [0970] - Virus Database Count: 5725789
26 Apr 2015 09:31:47 [0970] - Sign Version: 7.60297 [519049]
 
26 Apr 2015 09:33:23 [0970] - **********************************************************
26 Apr 2015 09:33:23 [0970] - MWAV - eScanAV AntiVirus Toolkit.
26 Apr 2015 09:33:23 [0970] - Copyright © MicroWorld Technologies
26 Apr 2015 09:33:23 [0970] -
26 Apr 2015 09:33:23 [0970] - Support: support@escanav.com
26 Apr 2015 09:33:23 [0970] - Web: http://www.escanav.com
26 Apr 2015 09:33:23 [0970] - **********************************************************
26 Apr 2015 09:33:23 [0970] - Version 14.0.178[DB] (C:\USERS\CINDY\APPDATA\LOCAL\TEMP\MEXE.COM)
26 Apr 2015 09:33:23 [0970] - Log File: C:\Users\Cindy\AppData\Local\Temp\MWAV.LOG
26 Apr 2015 09:33:23 [0970] - User Account: Cindy (Administrator Mode)
26 Apr 2015 09:33:23 [0970] - Parent Process Name : C:\Users\Cindy\Desktop\bigbadbear.exe
26 Apr 2015 09:33:23 [0970] - Windows Root  Folder: C:\WINDOWS
26 Apr 2015 09:33:23 [0970] - Windows Sys32 Folder: C:\WINDOWS\system32
26 Apr 2015 09:33:23 [0970] - OS: Windows 8.1 64-Bit [OS Install Date: 21 Apr 2015 12:17:18]
26 Apr 2015 09:33:23 [0970] - Ver: Personal Build 9200
26 Apr 2015 09:33:23 [0970] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
26 Apr 2015 09:33:23 [0120] - Options Selected by User:
26 Apr 2015 09:33:23 [0120] - Memory Check: Enabled
26 Apr 2015 09:33:23 [0120] - Registry Check: Enabled
26 Apr 2015 09:33:23 [0120] - StartUp Folder Check: Enabled
26 Apr 2015 09:33:23 [0120] - System Folder Check: Enabled
26 Apr 2015 09:33:23 [0120] - Services Check: Enabled
26 Apr 2015 09:33:23 [0120] - Scan Spyware: Enabled
26 Apr 2015 09:33:23 [0120] - Scan Archives: Disabled
26 Apr 2015 09:33:23 [0120] - Drive Check: Enabled
26 Apr 2015 09:33:23 [0120] - All Drive Check :Disabled
26 Apr 2015 09:33:23 [0120] - Drive Selected = C:\
26 Apr 2015 09:33:23 [0120] - Folder Check: Disabled
26 Apr 2015 09:33:23 [0120] - SCAN: All_Files [ANSI]
26 Apr 2015 09:33:23 [0120] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
26 Apr 2015 09:33:23 [0120] - Scanning DNS Records...
26 Apr 2015 09:33:23 [0120] - Scanning Master Boot Record (User)...
26 Apr 2015 09:33:23 [0120] - Scanning Logical Boot Records...
26 Apr 2015 09:33:24 [0120] - ***** Scanning For Hidden Rootkit Processes *****
26 Apr 2015 09:33:24 [0120] - ***** Scanning For Hidden Rootkit Services *****
 
26 Apr 2015 09:33:28 [0120] - ***** Scanning Memory Files *****
 
26 Apr 2015 09:33:36 [0120] - ***** Scanning Registry Files *****
26 Apr 2015 09:33:42 [0120] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
26 Apr 2015 09:33:42 [0120] - ERROR(3)!!! Invalid Entry RESTART_STICKY_NOTES = C:\WINDOWS\system32\StikyNot.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
26 Apr 2015 09:33:43 [0120] - ERROR(3)!!! Invalid Entry  = "%1" %* (in key HKCR64\htmlfile\shell\open\command). Action Taken: Removing it.
 
26 Apr 2015 09:33:43 [0120] - ***** Scanning StartUp Folders *****
 
26 Apr 2015 09:34:04 [0120] - ***** Scanning Service Files *****
26 Apr 2015 09:34:04 [0120] - Scanning File C:\WINDOWS\System32\drivers\1394ohci.sys
26 Apr 2015 09:34:04 [0120] - ERROR(2)!!! ScanFile Fails for C:\WINDOWS\System32\drivers\1394ohci.sys...
26 Apr 2015 09:34:25 [0120] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
26 Apr 2015 09:34:34 [0120] - ***** Scanning Registry and File system for Adware/Spyware *****
26 Apr 2015 09:34:34 [0120] - Loading Spyware Signatures from new External Database [Name: C:\Users\Cindy\AppData\Local\Temp\spydb.avs, Size: 464724]...
26 Apr 2015 09:34:34 [0120] - Indexed Spyware Databases Successfully Created...
 
 
26 Apr 2015 09:34:44 [0120] - ***** Scanning Registry Files *****
 
26 Apr 2015 09:34:45 [0120] - ***** Scanning System32 Folders *****
 
26 Apr 2015 09:35:49 [0dd4] - Scanning File C:\Users\Cindy\AppData\Local\Temp\MWZ5E3F.tmp
 
26 Apr 2015 09:36:17 [0120] - ***** Scanning Drive C:\ *****
26 Apr 2015 09:43:28 [07cc] - Scanning File C:\System Volume Information\{d86042bb-eb74-11e4-8266-c45444a059de}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 09:43:28 [0d34] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 09:43:28 [0e20] - Scanning File C:\System Volume Information\{de3dab20-e879-11e4-825e-18cf5e8ac09d}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 09:43:28 [0dd4] - Scanning File C:\System Volume Information\{370265af-e9d0-11e4-8260-c45444a059de}{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 10:10:01 [088c] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.16480_none_26aeef2171eaf403\FlashPlayerApp.exe) took 5297 ms
26 Apr 2015 10:10:01 [07cc] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashPlayerApp.exe) took 5157 ms
 
26 Apr 2015 10:13:35 [0120] - ***** Checking for specific ITW Viruses *****
 
26 Apr 2015 10:13:35 [0120] - ***** Scanning complete. *****
 
26 Apr 2015 10:13:35 [0120] - Total Objects Scanned: 291002
26 Apr 2015 10:13:35 [0120] - Total Critical Objects: 0
26 Apr 2015 10:13:35 [0120] - Total Disinfected Objects: 0
26 Apr 2015 10:13:35 [0120] - Total Objects Renamed: 0
26 Apr 2015 10:13:35 [0120] - Total Deleted Objects: 0
26 Apr 2015 10:13:35 [0120] - Total Errors: 4
26 Apr 2015 10:13:35 [0120] - Time Elapsed: 00:38:28
26 Apr 2015 10:13:35 [0120] - Virus Database Date: 26 Apr 2015
26 Apr 2015 10:13:35 [0120] - Virus Database Count: 5725789
26 Apr 2015 10:13:35 [0120] - Sign Version: 7.60297 [519049]
 
26 Apr 2015 10:13:35 [0120] - Scan Completed.



#5 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 09:22 AM

That eScan was quite the ordeal to download and execute. I had to  rename the file, which worked.  So when you see bigbadbear, that's what I named it.

 

my pc settings do change, example, I changed the mouse pointer to see it better and its changed back, I didn't do it.


Edited by Momadice, 26 April 2015 - 09:23 AM.


#6 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 10:42 AM

Zemana Log

 

 

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015-4-26
Operating System      : Windows 8.1 64-bit
Processor             : 4X AMD A4-6210 APU with AMD Radeon R3 Graphics
BIOS Mode             : UEFI
CUID                  : 00CE625C3E093F4C4EBA40
Scan Type             : Deep Scan
Duration              : 27m 19s
Scanned Objects       : 26209
Detected Objects      : 0
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky

Detected Objects
-------------------------------------------------------
There are no detected objects



#7 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 11:00 AM

I had to reboot in order to use internet explorer to post the demand job. Browser is blocking attempts to download any of the links you have provided. I right clicked and choose copy and then pasted it into the browser. I also right clicked the download file and did a save as. Clicking on the download link did nothing except give me a blank page.

#8 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 11:07 AM

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.4 (04.26.2015:1)
OS: Windows 8.1 x64
Ran by Cindy on 2015-04-26 at 11:50:31.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-04-26 at 11:58:12.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 26 April 2015 - 11:59 AM

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

 

 

Step 2: 9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.
 

 

Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document


#10 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 03:40 PM

Here is some information.  Over the last four weeks I have wiped my drive and done a factory reset, bare bones installation four times.  As a matter of fact my college technician performed one for me.  I've been in the middle of exams and assignments, and we did the bare minimum of installing virus programs,  just so I could get my work in on time.  I have one overdue assignment to complete before tomorrow.  I gave way to just using what came preinstalled.

 

The adware log is below.  It says I have Chrome installed as a browser -  I did not install it!  I was getting far too many redirects so I just gave up on it.  This pc has so much preloaded crap on it, that all reinstalls itself with every drive wipe.  I have no idea where these worms are coming from, I just know that just before the last drive wipe for some reason I discovered 15 private networks on this pc.  Then they just magically disappeared.  So I unplugged the wifi, and plugged Ethernet directly into my pc and when I wasn't using the pc I completely unplugged every wire from the router and cut all power.  This computer problem of mine almost caused me to fail one course, but I managed to get an extension granted and I am about 10 documents away from completing my assignment.

 

If you are wondering Why I ran this so many times, it is because every time I had trouble doing my work, a rkill run and adware run let my computer function so I could continue to do my assignments.  I was under far too much pressure to get my work done and didn't have the time to trouble shoot anymore.  it was out of pure frustration that I started to investigate every thing running on task manager one at a time as a kind of coffee break from assignments, that's when I got the special warning on bleeping's information page alerting me I had a problem.  I still have other logs from JRT, adware, rkill, emsisoft, that found a few things here and there.  Emsisoft keeps detecting and quarantining the same registry keys over and over again, even after I have deleted them.  I know you don't need those logs, but if you are curious I still have them.

 

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 10:11:33
# Updated 08/04/2015 by Xplode
# Database : 2015-04-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Cindy - PERFECTPC
# Running from : C:\Users\Cindy\Documents\Programs\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v42.0.2311.90

[C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [19865 bytes] - [11/04/2015 08:46:48]
AdwCleaner[R10].txt - [1629 bytes] - [17/04/2015 10:05:46]
AdwCleaner[R11].txt - [1887 bytes] - [19/04/2015 10:08:35]
AdwCleaner[R1].txt - [19964 bytes] - [12/04/2015 11:13:40]
AdwCleaner[R2].txt - [1116 bytes] - [12/04/2015 11:18:59]
AdwCleaner[R3].txt - [1096 bytes] - [12/04/2015 12:28:46]
AdwCleaner[R4].txt - [1214 bytes] - [15/04/2015 06:30:27]
AdwCleaner[R5].txt - [1332 bytes] - [15/04/2015 23:37:04]
AdwCleaner[R6].txt - [1391 bytes] - [16/04/2015 18:16:37]
AdwCleaner[R7].txt - [1451 bytes] - [16/04/2015 18:18:36]
AdwCleaner[R8].txt - [1510 bytes] - [16/04/2015 18:20:21]
AdwCleaner[R9].txt - [1569 bytes] - [17/04/2015 10:01:38]
AdwCleaner[S0].txt - [1131 bytes] - [11/04/2015 08:50:05]
AdwCleaner[S1].txt - [1350 bytes] - [12/04/2015 11:15:47]
AdwCleaner[S2].txt - [1041 bytes] - [12/04/2015 11:21:11]
AdwCleaner[S3].txt - [1161 bytes] - [12/04/2015 12:30:47]
AdwCleaner[S4].txt - [1279 bytes] - [15/04/2015 06:32:45]
AdwCleaner[S5].txt - [1693 bytes] - [17/04/2015 10:07:58]
AdwCleaner[S6].txt - [1814 bytes] - [19/04/2015 10:11:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1873  bytes] ##########
# AdwCleaner v4.202 - Logfile created 26/04/2015 at 12:18:33
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Cindy - PERFECTPC
# Running from : C:\Users\Cindy\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [22759 bytes] - [11/04/2015 08:46:48]
AdwCleaner[R10].txt - [3996 bytes] - [17/04/2015 10:05:46]
AdwCleaner[R11].txt - [4255 bytes] - [19/04/2015 10:08:35]
AdwCleaner[R12].txt - [4446 bytes] - [19/04/2015 16:13:26]
AdwCleaner[R13].txt - [4342 bytes] - [19/04/2015 16:20:02]
AdwCleaner[R14].txt - [2186 bytes] - [19/04/2015 16:56:58]
AdwCleaner[R15].txt - [2164 bytes] - [19/04/2015 17:02:57]
AdwCleaner[R16].txt - [2224 bytes] - [19/04/2015 17:17:39]
AdwCleaner[R17].txt - [2285 bytes] - [19/04/2015 20:24:44]
AdwCleaner[R18].txt - [2345 bytes] - [20/04/2015 01:49:06]
AdwCleaner[R19].txt - [2405 bytes] - [20/04/2015 07:25:05]
AdwCleaner[R1].txt - [24997 bytes] - [12/04/2015 11:13:40]
AdwCleaner[R2].txt - [5925 bytes] - [12/04/2015 11:18:59]
AdwCleaner[R3].txt - [5914 bytes] - [12/04/2015 12:28:46]
AdwCleaner[R4].txt - [3877 bytes] - [15/04/2015 06:30:27]
AdwCleaner[R5].txt - [3783 bytes] - [15/04/2015 23:37:04]
AdwCleaner[R6].txt - [3758 bytes] - [16/04/2015 18:16:37]
AdwCleaner[R7].txt - [3818 bytes] - [16/04/2015 18:18:36]
AdwCleaner[R8].txt - [4054 bytes] - [16/04/2015 18:20:21]
AdwCleaner[R9].txt - [3973 bytes] - [17/04/2015 10:01:38]
AdwCleaner[S0].txt - [3973 bytes] - [11/04/2015 08:50:05]
AdwCleaner[S1].txt - [6329 bytes] - [12/04/2015 11:15:47]
AdwCleaner[S2].txt - [3503 bytes] - [12/04/2015 11:21:11]
AdwCleaner[S3].txt - [3833 bytes] - [12/04/2015 12:30:47]
AdwCleaner[S4].txt - [3741 bytes] - [15/04/2015 06:32:45]
AdwCleaner[S5].txt - [4244 bytes] - [17/04/2015 10:07:58]
AdwCleaner[S6].txt - [4057 bytes] - [19/04/2015 10:11:33]
AdwCleaner[S7].txt - [2074 bytes] - [19/04/2015 16:15:53]
AdwCleaner[S8].txt - [2251 bytes] - [19/04/2015 16:59:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4234  bytes] ##########


Edited by Momadice, 26 April 2015 - 04:00 PM.


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 26 April 2015 - 04:01 PM

Ok, lets get you some advanced help. :)

 

Follow the instructions in the link below.

 

 

 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

Create a new thread.



#12 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:11:18 PM

Posted 26 April 2015 - 04:06 PM

Do I need to disable all the antivirus software and turn my firewall off to run these programs?  I guess we are on here at the same time, and I am reading your responses after I make my comments, which makes my comments obsolete.

 

To be clear:

 

1)  Shall I still run the above trouble-shooters?

2)  Do I need to disable anything?

3)  Or, would you like me to abandoned this thread all together and start the new one?

4)  Or, shall I continue with the above trouble-shooters AND make a new thread?

 

In case I don't get a quick response I am planning to do the fourth one.

 

It is very difficult to get to the proper download page, and very difficult to download the programs, but I am persistent, and have managed to work around these issues.  So far.


Edited by Momadice, 26 April 2015 - 04:17 PM.


#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 PM

Posted 26 April 2015 - 04:08 PM

No, I would like you to see my last post, you need to get help from the people in the malware forums, see last post and create a new thread with your FRST and addition.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users