Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows krasch, says not genuine windows, bluescreen.


  • This topic is locked This topic is locked
27 replies to this topic

#1 Natricia

Natricia

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 03:06 AM

I am sure i have some type of malware, but i don´t know how to get rid of it. Computer keep krasching, superantispyware find 450 cookies every time i run it even though i have not used my computer. Other programs can´t find anything. I can´t use windows securitycenter, it wont open. There is a lot of problems, this is just a few of them. What should i do?

 

Attached File  Addition.txt   52.03KB   9 downloads

 

Attached File  FRST.txt   25.87KB   12 downloads



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 13 January 2016 - 02:47 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 13 January 2016 - 03:37 PM

Thank you; Here is the log. The computer bluescreened after running the program (it usually does now and again so it´s not unique), so i had to restart.

 

When i restart the computer in safemode it usually freeze when its loading Classpnp.sys, and it did this time as well.

 

 

 

Attached File  Fixlog.txt   9.88KB   5 downloads


Edited by Natricia, 13 January 2016 - 03:37 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 13 January 2016 - 03:47 PM

Please run FRST again like you did the first time you ran it and post the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 01:48 AM

Ok, here it is!

 

Attached File  FRST.txt   23.15KB   7 downloads

 

Attached File  Addition.txt   47.16KB   2 downloads



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 15 January 2016 - 08:00 AM

Windows 7 includes a disk checking tool called CHKDSK which is similar to the "scandisk" tool from older versions of Windows. This application scans your hard drives for errors such as lost sectors, bad sectors and corruption.

You can launch CHKDSK using two methods (the former being the easiest):

Graphical Interface:

Open the Computer option from the start menu, which will display all of the drives available to scan on your PC:

108d1237820652-use-chkdsk-check-disk-chk

Then, right click on the drive you wish to scan for errors and select Properties:
107d1237820652-use-chkdsk-check-disk-chk

Now click the Tools menu, then Check Now under the error-checking section:
106d1237820652-use-chkdsk-check-disk-chk

You have several options within the check disk tool. It is always recommended you leave the "automatically fix file system errors" box checked, as this repairs and problems found. If you want to perform a deeper scan, tick "scan for and attempt recovery of bad sectors". This second option takes longer, but is worth doing if you suspect a drive problem. Once you are configured, click Start:

105d1237820652-use-chkdsk-check-disk-chk

If you try to check a disk that is currently in use, you will receive a message asking if you wish to schedule a scan. Accepting this will perform the scan next time you restart your PC:

104d1237820652-use-chkdsk-check-disk-chk

 

 

This may take some time to complete.

 

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 05:26 PM

Ok, i will try this!

 

edit: Thanks :)


Edited by Natricia, 15 January 2016 - 05:27 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 17 January 2016 - 08:23 PM

let me know how it goes


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 18 January 2016 - 02:45 AM

Well it started to do a scan but i don´t think it was complete since it was very short (the disc-scan). I tried to do it several times. Also the computer for some reason think all usb entries are discs?

 

The rougekillprogram found some registryitems, then something called foxplayer which was placed in a strange place and i removed it manually. I ran the program again and it doesn´t find anything else.

 

The computer is starting up in safe mode, but i still have no access to securitycenter, and it still says its not genuine windows. Also when i try to download updates i get redirected, to download windows 10, which i´m not planning to do.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 19 January 2016 - 07:50 AM

1.

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

2.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

  • Click in the introduction screen "next" to continue.

  • Click in the following screen "Update" to obtain the latest malware definitions.

  • Once the update is complete select "Next" and click "Scan".

  • When the scan is finished and no malware has been found select "Exit".

  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.

  • Open the MBAR folder and paste the content of the following files in your next reply:

  • "mbar-log-{date} (xx-xx-xx).txt"

  • "system-log.txt"


Edited by fireman4it, 19 January 2016 - 07:50 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 01:43 AM

Ok!

I will be back with the results.



#12 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 01:54 AM

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 60  
 Adobe Flash Player 19.0.0.226  
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
 Google Chrome (Plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 
````````````````````End of Log`````````````````````` 


#13 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 03:44 AM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.01.20.01
  rootkit: v2016.01.09.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LLLL :: NAT-DATOR [administrator]
 
2016-01-20 08:05:37
mbar-log-2016-01-20 (08-05-37).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 523421
Time elapsed: 53 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SYSTEM\CONTROLSET001\SERVICES\‮etadpug (Trojan.ZeroAccess.GU) -> Delete on reboot. [10d19d9eadec86b001ab689a2bd505fb]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#14 Natricia

Natricia
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 03:58 AM

Here is the system log.

 

I got my firewall running, but the settings look like this ( attached); and i cant change it.

 

 

Attached Files



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:55 PM

Posted 20 January 2016 - 07:50 AM

1.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

2.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users