Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TOWK.exe


  • Please log in to reply
17 replies to this topic

#1 TheTripleDeuce

TheTripleDeuce

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 16 October 2016 - 11:44 PM

so i was just skimming through my start up tab in windows 10 and noticed it had TOWK.exe listed as a start up item, i promptly disabled it and have no idea what it is or where to even submit it for analysis i scanned it with malwarebytes and spybot and both say its clean by even the good ole google doesnt come up with anything for it

 

any help?

 

(also if im in wrong section just direct me to right section)



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 16 October 2016 - 11:54 PM

This is quite likely a malicious file

 

http://vms.drweb-av.es/virus/?i=4337160

https://totalhash.cymru.com/analysis/?36ce1cc7581e3a7f293b53f28a7639b2d56435c8

 

I will request your thread to be moved to the correct section for further assistance.



#3 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 16 October 2016 - 11:56 PM

oh ok thanks, its strange even with malwarebytes premium,peerblock,spybot,malwarebytes anti ransom and malwarebytes anti exploit it managed to get on my pc



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 17 October 2016 - 12:04 AM

There's many 1000's of undetected items out the in the wild. According to that analysis by TotalHash, Malwarebytes did not detect this item. Spybot and PeerBlock are not targeted at this type of application either.

 

I'm not saying it is a malicious file, but it appears to be a file that's created by a malicious application... as that's the only reference I can find.



#5 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 17 October 2016 - 12:05 AM

it has the teamviewer icon for its icon and i dont touch teamviewer lol



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 17 October 2016 - 12:25 AM

Ok, your topic has been moved now. Let's see what we can find.

 

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

149nkg7.jpg Please download Farbar Service Scanner and run it

  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click Clean and ok the reboot
  • When complete, your machine will restart and a log file will appear
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

2hrmr9e.jpg  Please download rKill to your desktop.

  • Right click the file > Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

 

2eeagd2.jpg Please download RogueKiller and run it

  • Click Scan and then Scan again to start the application
  • Please be patient the scan can take quite some time
  • When it completes close the browser pop up.
  • click Open Report then Open TXT
  • Copy and paste the output into your reply.

Please copy and paste all the logs into your reply.

 

TsVk!



#7 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 17 October 2016 - 02:38 AM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 8 Update 101  
 Java version 32-bit out of Date!
 Adobe Flash Player     23.0.0.185  
 Mozilla Firefox (49.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Ransomware MB3Service.exe  
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Ransomware mbarw.exe  
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by TheTripleDeuce (administrator) on 17-10-2016 at 04:28:43
Running from "C:\Users\sr116\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

ADW found nothing but here is log:

# AdwCleaner v6.021 - Logfile created 17/10/2016 at 04:30:35
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-16.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : TheTripleDeuce - THETRIPLEDEUCE
# Running from : C:\Users\sr116\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [986 Bytes] - [17/10/2016 04:30:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1058 Bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by TheTripleDeuce (Administrator) on Mon 10/17/2016 at  4:31:05.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\sr116\AppData\Roaming\TOWK.exe (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-3386015559-402513533-3230624844-1001.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/17/2016 at  4:32:06.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/17/2016 04:32:36 AM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    localhost
  127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com practivate.adobe.ipp activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com
  127.0.0.1 practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe prod-rel-ffc-ccm.oobesaas.adobe.com 3dns-2.adobe.com www.wip4.adobe.com
  127.0.0.1 3dns-3.adobe.com crl.verisign.net adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com na1r.services.adobe.com wip4.adobe.com cmdls.adobe.com
  127.0.0.1 lm.licenses.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com www.wip1.adobe.com adobeereg.com lmlicenses.wip4.adobe.com www.wip2.adobe.com ereg.wip2.adobe.com www.wip.adobe.com
  127.0.0.1 wip2.adobe.com practivate.adobe.newoa wwis-dubc1-vip60.adobe.com wip.adobe.com adobe-dns-3.adobe.com www.adobeereg.com practivate.adobe.com activate-sea.adobe.com activate.wip3.adobe.com
  127.0.0.1 activate.adobe.com adobe-dns-2.adobe.com www.wip3.adobe.com hl2rcv.adobe.com ereg.wip3.adobe.com ereg.wip1.adobe.com
  127.0.0.1 lmlicenses.wip4.adobe.com
  127.0.0.1 lm.licenses.adobe.com
  127.0.0.1 na1r.services.adobe.com
  127.0.0.1 hlrcv.stage.adobe.com
  127.0.0.1 practivate.adobe.com
  127.0.0.1 activate.adobe.com
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com

  20 out of 15633 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/17/2016 04:32:47 AM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

 

 

just waiting on roguekiller to finish

while waiting for roguekiller to finish ran a sfc /scannow found and fixed everything nothing it couldnt repair

 

roguekiller found mirc and marked it red lol i didnt delete it for obvious reasons

RogueKiller V12.7.2.0 (x64) [Oct 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : TheTripleDeuce [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/17/2016 04:33:43 (Duration : 00:24:02)

¤¤¤ Processes : 1 ¤¤¤
[VT.Spr.Mirc.Gen!c] mirc.exe(7440) -- C:\Program Files (x86)\mIRC\mirc.exe[-] -> Found

¤¤¤ Registry : 4 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3386015559-402513533-3230624844-1001\Software\Microsoft\Windows\CurrentVersion\Run | Load : C:\Users\sr116\AppData\Roaming\TOWK.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3386015559-402513533-3230624844-1001\Software\Microsoft\Windows\CurrentVersion\Run | Load : C:\Users\sr116\AppData\Roaming\TOWK.exe [x] -> ERROR [2]
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtop ("C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe") -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS5C3020ALA632 ATA Device +++++
--- User ---
[MBR] a1c7fbdc47bf3be4be553ec279014940
[BSP] a18c40f44b2e1be351e26eaa42a2ded2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EARS-00J2GB0 ATA Device +++++
--- User ---
[MBR] ef75b753a23564d92d4859bf8511abcb
[BSP] 2a001ac7823795ae563092364d74d54a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST31000520AS ATA Device +++++
--- User ---
[MBR] 072c91776dc6513fb800b64c741b046e
[BSP] ae02a1b1301fb4bf2598c5e40ec07af5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 684921dc35eea8380a6de00b2df0d7db
[BSP] 44f2f23b5b1697477943d0ce81d1fdf5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] 640960ae4a5f1b03238d163298fdbc76
[BSP] fed86ca570255c512f3ba92e1760e803 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] 81343266c6b39959d0967dfaf46dae04
[BSP] 7c2385fbf25b109fc9c0350ec79ea761 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114020 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233515008 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

Edited by TheTripleDeuce, 17 October 2016 - 03:00 AM.


#8 boooliyooo

boooliyooo

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 17 October 2016 - 04:04 AM

Hello,

 

 

This is quite likely a malicious file

 

http://vms.drweb-av.es/virus/?i=4337160

https://totalhash.cymru.com/analysis/?36ce1cc7581e3a7f293b53f28a7639b2d56435c8

 

I will request your thread to be moved to the correct section for further assistance.

 

Based on drweb link, I believed you will be able to download its utility to give it a try as well.

 

Indicator:

blocks the following features:
  • User Account Control (UAC)

Try to see if you access the UAC to assure that the malware hasn't weaponized itself..



#9 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 17 October 2016 - 04:14 AM

 

Hello,

 

 

This is quite likely a malicious file

 

http://vms.drweb-av.es/virus/?i=4337160

https://totalhash.cymru.com/analysis/?36ce1cc7581e3a7f293b53f28a7639b2d56435c8

 

I will request your thread to be moved to the correct section for further assistance.

 

Based on drweb link, I believed you will be able to download its utility to give it a try as well.

 

Indicator:

blocks the following features:
  • User Account Control (UAC)

Try to see if you access the UAC to assure that the malware hasn't weaponized itself..

 

yeah their fine and maxed out



#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 17 October 2016 - 05:09 AM

Hello,

 

Based on drweb link, I believed you will be able to download its utility to give it a try as well.

 

Indicator:

blocks the following features:
  • User Account Control (UAC)

Try to see if you access the UAC to assure that the malware hasn't weaponized itself..

 

If you read the log from Security Check, line 2....

 

Ok TheTripleDeuce,

 

2evtder.jpg  Please download CCleaner and install it.

  • Run the temp cleaner.

iokzrb.jpg  Download Sophos Free Virus Removal Tool and save it to your desktop.

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program

Please delete

C:\Program Files\ByteFence

Please update Java to the latest version

 

I strongly suggest you uninstall Spybot and install a better rated free anti-virus. Avast, AVG or BitDefender are all suitable.

  • after you have installed an anti-virus, update it.
  • run a full system scan.

How did you go?

 

TsVk!


Edited by TsVk!, 17 October 2016 - 05:42 AM.


#11 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 17 October 2016 - 05:07 PM

sophos and bitdefender found nothing



#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 17 October 2016 - 05:12 PM

That's great, that is what I was hoping. :)

 

To finish up, let's remove the tools we have used...

 

You can uninstall Sophos now, and CCleaner if you wish also.

 

BWuhenj.png Download DelFix and move the executable to your Desktop;

  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply.

Edited by TsVk!, 17 October 2016 - 05:33 PM.


#13 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 18 October 2016 - 05:01 AM

# DelFix v1.013 - Logfile created 18/10/2016 at 07:00:15
# Updated 17/04/2016 by Xplode
# Username : TheTripleDeuce - THETRIPLEDEUCE
# Operating System : Windows 10 Pro  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #7 [JRT Pre-Junkware Removal | 10/17/2016 07:31:05]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

 



#14 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:25 PM

Posted 18 October 2016 - 05:29 AM

Ok mate, you're clear. :)

 

Your anti-ransomware software may have saved you a lot of trouble in this instance.

 

Here's a bit of reading that you might find interesting. Simple and easy ways to keep your computer safe on the Internet.

 

And another article that I think is relevant for every Internet user. How did I get infected?

 

Any questions?



#15 TheTripleDeuce

TheTripleDeuce
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada EH!
  • Local time:05:25 AM

Posted 18 October 2016 - 07:27 PM

after i ran delfix it hid my appdata folder and i cant unhide it with folder options i select show hidden and apply and nothing happens

 

anti ransom actually didnt even flinch






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users