Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Bladabindi.gen; Windows Defender can't fix it, scans get interrupted; "res


  • This topic is locked This topic is locked
5 replies to this topic

#1 ultraprofessional

ultraprofessional

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 27 September 2015 - 06:58 AM

I noticed the problem(s) 2 days ago. Windows Defender window kept popping, informing me of the trojan and when I attempted to remove it, Defender reported it no longer being there. Repeatedly.
Malwarebytes detected nothing, neither did Hitman Pro.
Avira's quick scan didn't detect anything but the full scan kept getting interrupted with the message:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
This is a private computer and I am the administrator.

Now, said message is popping up at every system startup. Scans are still being interrupted but Windows Defender no longer reports on the malware.

I did FRST, AdwCleaner and aswMBR scans.
I am attaching the logs.

Attached File  FRST.txt   42.09KB   5 downloads

Attached File  Addition.txt   39.77KB   2 downloads

Attached File  AdwCleanerS3.txt   332bytes   2 downloads

Attached File  AdwCleanerS4.txt   626bytes   2 downloads

Attached File  AdwCleanerC2.txt   690bytes   2 downloads

Attached File  aswMBR.txt   2KB   3 downloads



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 27 September 2015 - 10:27 AM

Hello ultraprofessional and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

-------------------------------------------------------------------------------------------------

Please contact your system administrator
This is a private computer and I am the administrator.

You must be an administrator on the system. Otherwise, failure may occur.

 
Sincerely
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 27 September 2015 - 11:55 AM

Hello,
 
C:\Users\Kacper\Documents\Transcript Annotations Cleaner
Remove the software if you do not use
-----------------------------------------------------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  Fixlist.txt   4.06KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 

Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

 

Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Step 4:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and uncheck  "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 ultraprofessional

ultraprofessional
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 27 September 2015 - 05:58 PM

I did the scans and removed some potential threats I was unaware of. Eventually, though, I thought to let Windows Defender remove Win32/Bladabindi.gen insteat of putting it in quarantine.

Somehow, it succeeded. Weird.

There were no warnings upon next startup. I did a full Avira scan that completed this time.
This topic can be closed. Thank you for your help, my bleeping OS didn't have to be removed!



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 27 September 2015 - 06:21 PM

Nice. I'm glad the problem is solved.

This topic can be closed now.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:13 AM

Posted 27 September 2015 - 06:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users