Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Removal Help


  • Please log in to reply
20 replies to this topic

#1 tiptop

tiptop

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 08 July 2015 - 11:49 AM

Hi,

 

My screen was flashing from the desktop to blue.. and back, like flashing, and I did use my anti-virus and it was noticeably slow and also it detected "heuristic viruses" (Norton Security).

 

I had flag warnings that my firewall was off and other security related things were off.

 

I'm using Safe Mode. Not sure what to do. I'm on the same computer.

 

Please help me tackle this. I'm using Windows 8.1

 

ESET has failed to complete twice. On Safe Mode too

 

Norton doesn't work properly now. It freezes up.

 

Update:

 

Removed and Re-Installed Norton,

 

Scanned with different things.. No Malware Found

 

Computer's back to running smoothly, but still concerned there might be something lurking in the darkness


Edited by tiptop, 08 July 2015 - 09:23 PM.


BC AdBot (Login to Remove)

 


m

#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 02:27 AM

Hi,

 

 

Scanned with different things.. No Malware Found

 

Computer's back to running smoothly, but still concerned there might be something lurking in the darkness

 

Which things?

 

----

 

Download  Malwarebytes Anti-Rootkit (MBAR) to your desktop.
 

§  Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

§  Double click on downloaded file. OK self extracting prompt.

§  MBAR will start. Click "Next" to continue.

§  Click in the following screen "Update" to obtain the latest malware definitions.

§  Once the update is complete select "Next" and click "Scan".

§  When the scan is finished and no malware has been found select "Exit".

§  If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.

§  Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

§  "mbar-log-{date} (xx-xx-xx).txt"

§  "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

----

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

 

------

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S1].txt as well.

-------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


Edited by severac, 09 July 2015 - 02:28 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 12:11 PM

 

 

 

Thank you for responding.

 

I used Rogue Killer, Norton Internet Security, I used Norton Power Eraser... Malwarebytes and an Online Scanner that didn't complete.

 

I had symptoms today. My Windows Firewall was again turned off. And Norton was flagged as off and Windows Security Centre was turned off too.

 

Had to go into Safe Mode again.

 

I am running the first scan atm.


Edited by tiptop, 09 July 2015 - 12:58 PM.


#4 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 01:27 PM

Ok, I am done.

 

Results:

 

Malware Anti-Rookit = Nothing Found

Kaspersky Virus Removal = Nothing Found

 

AdwCleaner = Nothing Found

 

AdwCleaner's txt.doc:

 

# AdwCleaner v4.208 - Logfile created 09/07/2015 at 19:11:43
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : PEE CEE - PC
# Running from : C:\Users\XXX\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Opera v30.0.1835.88
 
 
*************************
 
AdwCleaner[R0].txt - [712 bytes] - [09/07/2015 19:09:06]
AdwCleaner[S0].txt - [638 bytes] - [09/07/2015 19:11:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [696  bytes] ##########
 

 

JRT = Nothing Found

 

JRT's txt.doc:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.8 (07.09.2015:1)
OS: Windows 8.1 x64
Ran by XXX on 09/07/2015 at 19:21:34.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/07/2015 at 19:23:06.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by tiptop, 09 July 2015 - 01:35 PM.


#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 01:35 PM

Your logs are clean as a baby ... :whistle:

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

§  Please copy and paste the log to your reply.

 

----

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

 

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 01:40 PM

Yeah, I don't have a lot of junk.

 

Results:
 
Farbar Service Scanner Version: 17-01-2015
Ran by XXX (administrator) on 09-07-2015 at 19:36:58
Running from "C:\Users\XXX\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Security Check:
 

Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

Edited by tiptop, 09 July 2015 - 01:49 PM.


#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 01:59 PM

Download the ESET ServicesRepair utility
 
Run it, click Yes, restart the PC.

At the desktop you should find folder CC support, in that folder is Logs folder, find file SvcRepair.txt and post it here. 

--------
Post a new FSS log. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 02:09 PM

Log Opened: 2015-07-09 @ 20:02:06
20:02:06 - -----------------
20:02:06 - | Begin Logging |
20:02:06 - -----------------
20:02:06 - Fix started on a UNKNOWN X64 computer
20:02:06 - Prep in progress.  Please Wait.
20:02:09 - Prep complete
20:02:09 - Repairing Services Now.  Please wait...
20:02:09 - Services Repair Complete.
20:02:12 - Reboot Initiated
 
Farbar Service Scanner Version: 17-01-2015
Ran by XXX (administrator) on 09-07-2015 at 20:04:20
Running from "C:\Users\XXX\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 02:25 PM

Do you still have problems? Can you boot in Normal mode?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 02:29 PM

Do you still have problems? Can you boot in Normal mode?

 

I can boot in Normal mode. But I had problems that Windows Firewall, Norton Sec. and Windows Security Centre were turned off, not by me. So I don't know if it's safe. Plus Norton had prior detected 3 Heuristic Viruses. So I am not sure if I am clean or not.



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 02:56 PM

Can you get that Norton log, to see what was detected? 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 03:03 PM

Can you get that Norton log, to see what was detected? 

 

Unfortunately not. I removed Norton completely & re-installed. This is what I recall:

 

Left computer idle for a while with the Internet on and browsers open. Came back and saw that 

 

/Either/ the flashing started, (desktop showing and then dark blue screen showing) or after/before that I saw Norton requesting to update and so I downloaded it, and I think I had to restart my computer.

 

I came back and I ran a full system scan. The Windows Flag on the taskbar had a red circle with a white 'x' on it and so I clicked that and I saw:

 

1. Windows Firewall was Off

2. Norton Internet Security was Off

3. Windows Security Centre (I think) was Off

4. And Anti-Malware/Virus (Something like that) was Off

 

And my computer performance was bad. Norton showed:

 

2 Heuristic Viruses & 2 were dealt with and 1 quarantined. The scan wasn't completed. So I don't know. I recall that I tried to put the Firewall back on and it was turned off again. Just again like today it was turned off.

 

I also noticed through Task Manager that my disc was hitting 100% and Norton wasn't functioning properly. I couldn't even open it.


Edited by tiptop, 09 July 2015 - 03:09 PM.


#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 03:17 PM

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next BootReboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open RepairsLeave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 tiptop

tiptop
  • Topic Starter

  • Members
  • 187 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 09 July 2015 - 05:44 PM

Well, that was annoying!

 

I tried to check disk and it always got stuck at 11% and I eventually used System Restore to 07/07/15 because it wasn't letting me get past the disk check. So... yeah


Edited by tiptop, 09 July 2015 - 05:45 PM.


#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:42 PM

Posted 09 July 2015 - 06:35 PM

Well, that is not good. 

 

1. Open Elevated Command Prompt

2. In the elevated command prompt or PowerShell, type sfc /scannow and press Enter

3. Let me know the results.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users