Below are some rules that you will need to follow while receiving my assistance:
- I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
- Please do not seek assistance elsewhere without letting me know, as "Too many cooks can spoil the soup".
- Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
- If you wish to do other interventions, please let me know. I will assist you if possible.
- Make sure to read my instructions fully before attempting a step.
- If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
- Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
- Important information in my posts will often be in bold, make sure to take note of these.
- I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
- Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.
If you do not agree with any of the above, please let me know so I can have this topic closed.
I can only help you clean your machine. Please do know that currently there is no solution for TeslaCrypt 3.0 - the best you can do is to backup the encrypted files somewhere and wait.
Regarding the method of infection: My hypothesis is that you got infected via a drive-by download while visiting torrent or porn sites. These locations tend to have exploit kits containing malware lying in wait for visitors to infect them, and TeslaCrypt is one of the more popular payloads.
Please take note of the following warning. Peer-to-peer software
Going over your logs I noticed that you have BitTorrent
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
- They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent
, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.If you wish to keep it, please do not use it until your computer is cleaned.
=== Multiple antivirus software present
You have two antivirus software installed - Ad-Aware and Microsoft Security Essentials. Please uninstall one and keep the other.
Let me know which one you decided to keep.
=== Search with Farbar Recovery Scan Tool
- Double-click on FRST.exe/FRST64.exe to open it.
- In the search box, type the following: *recover*
- Press the Search Files button, allow FRST to run.
- A log file Search.txt will appear when complete, please post it in your next reply.
Edited by Sintharius, 03 February 2016 - 02:48 AM.