Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zodiac Games virus help needed


  • This topic is locked This topic is locked
4 replies to this topic

#1 smetsson

smetsson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 15 February 2017 - 02:01 PM

Dear all,

 

Been having some major issues with the Zodiac Games pop-up.

Please help me fix it.

 

Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 15 February 2017 - 02:11 PM

Hello smetsson and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 15 February 2017 - 03:26 PM

Hi smetsson,

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

=========================================================================================

Please do this;

Uninstall:Ubisoft Game Launcher

 

Ensure your external and/or USB drives are inserted during always the scan

Step 1:
Run FRST fixlist
 
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-306034687-1328041128-3967345152-1000\...\Run: [OneDrive] => C:\Users\Jens\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1517280 2017-02-04] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-306034687-1328041128-3967345152-1000\...\Run: [Discord] => C:\Users\Jens\AppData\Local\Discord\app-0.0.291\Discord.exe [57929912 2016-06-20] (Hammer & Chisel, Inc.) <===== ATTENTION
HKU\S-1-5-21-306034687-1328041128-3967345152-1000\...\Run: [Jens] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-306034687-1328041128-3967345152-1000\...\MountPoints2: {611230a8-361f-11e5-bebc-0862662e59ea} - "F:\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\Users\Jens\AppData\Local\Temp
Task: {10086087-4866-4B0C-BC16-5E7C7135051F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1394FDE9-08E6-4998-A46D-8E6387D3CF76} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1F7BD74D-9168-4269-9951-9148D9E10F07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {398A913B-E287-4EB1-B38C-DBE39E55CA6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5328A740-1769-41F8-B6DB-A93376D98F95} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {65395F14-97B5-4C54-9D83-2D5C9C8BE9CB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8D5E1981-9D76-40F9-AAA1-C88259030911} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8E77E259-7999-408C-96C9-3662B2E52F34} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {95448E99-AFA3-429A-8F07-9B12A68237C4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A81F8E84-1CD4-4A3E-98E3-BFAE1210D3B8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BFE24BE1-8C1B-4D13-8CA2-C25CCCA58B67} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
FirewallRules: [UDP Query User{CC3E5F45-E86A-4F3B-B9D5-335B0C95BCEB}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
FirewallRules: [TCP Query User{F9E08D3A-E2B4-4C56-833C-811B08B365B4}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe
C:\windows\temp
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.
When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.

 

Step2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 18 February 2017 - 02:08 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 PM

Posted 21 February 2017 - 12:30 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users