Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fixlist.txt Needed


  • Please log in to reply
5 replies to this topic

#1 McVon

McVon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 24 September 2016 - 07:06 AM

Hi, i'm McVon and need a little help here.

 

I visited a hacked site, and clicked on a link, and immediately got a rootkit attack. Was detected by comodo antivirus, but while cleaning it restarted and could not clean the files after restart. Did a system restore and used lots of available rootkit removal tools (MalwareBites, Rougekiller, Tdsskiller, Stinger, Avast, ADWcleaner etc) to clean the system. System seem fine but its a rootkit and cant be too certain. I have scanned with Farbar RS and need a fixlist.txt  to clear any malware still present.

 

Kindly find attached.

 

Thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 25 September 2016 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#3 McVon

McVon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 26 September 2016 - 02:29 AM

Hey Nasdaq,

 

Thanks for your kind reaponse.

 

Find attached the log file from Zoek.

 

My system feels alive once again. There was a liilte bit of slow performance right after the incidence, and after running this tool you recommended, I could notice a significant improvement with the performance.

 

Kindly look through the log and let me know if there are still further checks I need to carry out, to completely eradicate all traces of the infections malware.

 

One more question, I have an external HD for Backup, and at some point before running the Zoek, I plugged it to my system to retrieve some files. Now do I need to do a check on it too? 

 

Awaiting further instructions.

 

Regards

 

McVon. :)

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 26 September 2016 - 08:24 AM


Looking good.


Run this tool.

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 McVon

McVon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 26 September 2016 - 10:48 AM

Hi,

 

Flash_Disinfector.exe by sUBs​ would not install on windows 10 64bits. Any alternatives?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:15 AM

Posted 26 September 2016 - 01:03 PM

Try this one.

http://flash-disinfector.en.lo4d.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users