Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus ate up remainder of HDD space and deleted restore points.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kilitan

Kilitan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 PM

Posted 09 November 2015 - 12:37 AM

Hello and good evening,

 

I'm up to my wits end with this virus. I've been following Bleeping Computer for a while, and have learned many things over the years, and I thank you all for the knowledge. This virus, root kit, whatever it is, however, has me perplexed. I really do not want to have to format my HDD, and was hoping one of you wonderful malware removal experts could guide me in figuring out which virus I have and how to remove it. 

 

Also, besides what I put in the title the virus is preventing MBAM from running. Spybot, on the other hand still scans, but I don't think it got the virus completely or even found everything. Spybot did find a root kit and attempted to fix it, but some of the registry entries were immutable. Pretty much, I believe Spybot slowed the virus down if not disabled it completely - it's no longer eating up HDD space as fast as I can make it, but there are still over 2 GB unaccounted for. I fear that this isn't the end of whatever disease has corrupted my OS. I'm still having issues with MBAM and certain other weird things...like my Twitter account being compromised this week and I haven't logged in. Maybe that's a coincidence...

 

I may have gotten infected from trying to watch movies online, I went to what I thought was a legit website (cineble...evil, stay away) that required a credit or debit card to use with a 5 day free trial. Well, it wasn't legit, and I should have researched better. Anyway, I had to call my bank, of course, and my computer started acting up the very next day by eating up every single megabyte on my HDD and doing all the other horrible stuff mentioned in the title. 

 

Thank you so very much for your time and I hope for the sake of sanity one of you will walk me through this. 

 

P.S. Farbar Recovery Tool is not wanting to scan for me, it's getting locked up. 

 

Edit: I've notice a text file in my C drive named mdmcls and it is almost 2 GB in size...that is huge. Also, I've lost .15 GB more from my C drive.


Edited by Kilitan, 09 November 2015 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 11 November 2015 - 09:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
process;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

p.s.
If you Virus protection software may react to this tool as not being safe.
Make sure that you acknowledge that it's OK and safe to download.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 16 November 2015 - 09:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 20 November 2015 - 07:59 AM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 24 November 2015 - 09:19 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 30 November 2015 - 09:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users