Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and can't run FRST64


  • This topic is locked This topic is locked
6 replies to this topic

#1 Kekke

Kekke

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 16 April 2016 - 02:43 PM

Hello!

 

Yesterday my WoW account got compromised. The intresting part is that just six hours before I had removed my authenticator(which is a security feature that requires you to write in a code from a mobile app).

So I'm guessing that someone has access to my computer and I came here for professional help!

 

I read the"Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and when I tried to run/install FRST64 I get an error window like this:

 

 tJYOnHe.png

 

I have double checked that I idd have 64bit system Can anyone assist me? I will not try to fix anything on my own.

 

Much thanks/ Kekke


Edited by Kekke, 16 April 2016 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:32 AM

Posted 16 April 2016 - 09:13 PM

Hi Kekke,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....


Please download Rkill by Grinler and save it to your desktop.


  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.


Please delete the copy of FRST64.exe you have on your desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
 

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 Kekke

Kekke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 17 April 2016 - 07:22 AM

Hello!

 

First I need to say that I'm very impressed by how fast you guys responded!

 

I tried Rkill and the program ran, however it did not help. I did get a windows saying "Windows smartscreen. ....."  that suggested me to not run the file, I figure this was the problem so a quick google search and I found out how to disable it. After I did it worked :)

 

Before I post the logs I need to add that I removed false positive files some days ago, it was Teamviewer and a software I dont want to talk about here, but It was only a zip and an unpacked exe file I have never run on this computer. I have also disabled my CD emulation software with the program suggest here.

Here are the logs:

Attached Files


Edited by Kekke, 17 April 2016 - 07:30 AM.


#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:32 AM

Posted 19 April 2016 - 10:38 AM

Your logs are clean; there is no evidence of any malware showing in them.  The error with FRST at first was due to a code issue that the author of FRST fixed that day (so the next download of FRST you ran worked).

 

Are you still having issues with your WoW account?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 Kekke

Kekke
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 19 April 2016 - 11:14 AM

No I have added the 2nd authentication again so Its impossible to compromise. Something more we can try cause I cant see any other explanation than a keylogger or something, I guess there is a tiny chance somebody just had access to my email



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:32 AM

Posted 19 April 2016 - 10:23 PM

Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.

  • Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
  • Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
  • Once the scanner loads, allow it check for updates.
  • When the updates are finished, click the BACK button to return to the main menu.
  • Click on the SCAN and select Malware Scan to start scanning your system.  Please enable the PUA/PUP/PMA detection option (IF the software asks you).
  • If the scan finds anything, it will open a scan finding window.  Please click on View Report; copy this report and paste it here in reply post.
  • Please close the Emergency Kit Scanner program now.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:02:32 AM

Posted 12 May 2016 - 04:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users