Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan of Some Kind?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Archer32

Archer32

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 06 February 2016 - 05:48 PM

Computer has been running a little slow, and connections time out every few seconds when I switch between websites.

 

I've run some tools already:

 

MBAM log is clean.

Roguekiller log is clean.

HITMANPRO log is clean.

 

Combofix deleted a malicious file. I'll post that log and a few others also.

 

Connections are still timing out, and the computer is still quite slow.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 06 February 2016 - 10:04 PM

Hello Archer32, and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

 

C:\Users\Jake\Desktop\kedswevt.exe

What is the file and  is it safe ?

====================================
Please delete all
C:\Program Files (x86)\stinger
C:\Program Files\McAfee
C:\Program Files (x86)\Tweaking.com

========================================

FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   923bytes   3 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

=========================================================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

 

PC restart now.
=================================================================

 

How is the machine running now ?

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Archer32

Archer32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 February 2016 - 01:28 AM

Olgun, kedswevt.exe is just a copy of GMER.

 

I ran the fixlist. It will take me some time to determine whether the machine is running well again.

 

Thanks for your help!



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 07 February 2016 - 05:42 PM

Please can you post Fixlist.Log file.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Archer32

Archer32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 07 February 2016 - 06:21 PM

Olgun, I accidentally deleted the fixlist.log file. I apologize. I can post fresh FRST logs if you need them.

 

Also, I'm not sure the problem is gone. I just had a connection time out again.

 

 

Attached Files



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 08 February 2016 - 01:04 PM

Hi Archer32,
 
C:\Program Files (x86)\Tweaking.com
C:\Program Files (x86)\stinger
C:\Program Files\McAfee

This softwares still looks in the system. Did you uninstall and but this is just a suggestion.

=========================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program.
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Include All Browser Extensions > Tick the box next
  • Smart scan settings to replace as deep scan
  • Close all open files, folders and browsers
  • Click scan now and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.

Note: I created this new guide. Hopefully the language a mistake is not .


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 11 February 2016 - 12:54 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 17 February 2016 - 09:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users