Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is slow, net doesnt work after infection and malwarebytes wont open


  • Please log in to reply
No replies to this topic

#1 Shock710

Shock710

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 22 February 2017 - 09:44 AM

Hey guys,
This just happened tonight, i had downloaded vuze and accidently clicked on the yahoo toolbar thing by spigot or something i quickly ran malwarebytes and removed 6 items by spigot, but it was still causing my chrome to open to yahoo so i changed that in the chrome settings just incase it was a leftover thing.
Just to double check i downloaded hitmanpro and ran it, it came up with 123 something items it considered dangerous so i let it remove it.
Wanting to cover all my bases after removal i rescanned, this time hitman found 22 items that it found before but didnt delete so i manually selected the option to delete these and they went away.
Again still nervous i went to download adwcleaner off the malwarebytes website. Its scanned revealed two items: a folder and something inside it (sorry i cant remember), i dont know much about computers so i did the suggested thing which was to remove them.
This prompted my computer to restart and where everything falls apart.
So while restarting i notice a black screen with hitman written in the top left corner before flashing away and bringing me to my login screen. I login in and wait for all my startup apps to load however after a while theres no sign of them, also the adwcleaner report never showed up like it said it would after the reboot and i get a msg saying windows could not automatically detect proxy and something about other users and admin things. I have never seen it before so i tried to open up chrome to google it but it turns out my internet is off(as in theres no wfi icon in the tray) on the computer theres no wireless or ethernet sign there. Worried i try to open up malwarebytes and it says the application ran into an error and couldnt open.
Now i know im in trouble...everything opens up incredibly slowly (for example hitting the windows key to search for something gets stuck in loading) and i cant do anything without using the run command to open up services or programs and features (control panel wont open from right clicking the windows start button).

I really need this laptop back as i had just gotten it a couple of months back after my last one had died.

Thank you hope you guys can help!

 

edit: if u need me to do anything i can to help u guys just let me know, also is it safe to use a usb on my computer to transfer files? should i fiddle around with it following ur pinned guides :( not sure how to proceed, just remember another thing windows said my firewall was off and i had to turn it on manually but i dont know how to do that.

Im using windows 10 im not sure how to provide the other information as i need to run a dixdag thing i had to do for my last computer but like i said nervous about using the usb port and am typing this on my sisters computer i definitely dont want to infect  her computer as well.

 

Day 2 (SOLVED I THINK...)

Alright i have found a reddit thread for general malware removal

it says to use a usb to get the installers of

1. rkill

2. malwarebytes 3.0 

3. Malwarebytes adwcleaner

4. Malwarebytes junkware removal tool

5. Netadapter repair tool (because my internet isnt working it was an optional thing to do)

So i have downloaded all of these on to a usb (clean) and moved them across to check on my computer.

 

Alrightly, so rkill has just been run, it said it didnt find anything  but it did say my firewall was off but now set to automatic it has posted a notepad file which see if i can type out as im wary to move it using my usb onto my sisters computer. 

I have just tried to run the malwarebytes 3.0 but i am getting an error msg that reads: Runtime error (at 14:76): could not call proc. 

I have no idea what this means so im just gonna skip and go to the next one. 

Running adwcleaner now, it opened up! so hopefully it can do some work. 

Okay so my adwcleaner has found 3 hits 

1. search provider mysearch.avg.com webdata

2. search provider blekko webdata

3. search provider mysearch.avg.com webdata

going to clean these now, and restarting now!

 

My internet icon has shown up again!! I can see the adwcleaner notepad file this time around. Hopefully these are good signs. 

Alright a brieft review of the notepad file says ( i will post the full version later due to my computer now having internet access again) 

It states under web browers that the 3 things i listed before are now deleted.

Tracing keys deleted and winsock settings cleared

Now on to junkware removal tool, it has found two things, and successfully deleted them (will attach below)

So far so good going to try and rerun malwarebytes 3.0 and see i get the same msg. 

MALWAREBYTES 3.0 is up and running!!! WHOOOO!

 

Malwarebutes has finished its scan with nothing to report. 

If it isnt too much could someone just have a quick look over and tell me what happened? is there any way to find out how i got it, was it from the 3rd party program that i installed from vuze? is it safe to keep my vuze or should i jsut uninstall it?

Everything seems to be okay, so time to post the scan reports below. Thank you guys, i love this forum! You've helped me in the past and also gives me a way to look back incase anything else like this happens again. Cheers!

 

RKILL REPORT

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/23/2017 08:28:54 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * tunnel [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/23/2017 08:32:25 PM
Execution time: 0 hours(s), 3 minute(s), and 31 seconds(s)
 
ADWCLEANER REPORT
# AdwCleaner v6.043 - Logfile created 23/02/2017 at 00:52:58
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Andrew - DESKTOP-3NJSO07
# Running from : C:\Users\Andrew\Downloads\adwcleaner_6.043.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: netfilter2
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\WINDOWS\SysNative\drivers\netfilter2.sys
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [857 Bytes] - [23/02/2017 00:52:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1182 Bytes] - [23/02/2017 00:52:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1002 Bytes] ##########
 
ADWCLEANER REPORT 2
# AdwCleaner v6.043 - Logfile created 23/02/2017 at 20:38:02
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Andrew - DESKTOP-3NJSO07
# Running from : F:\adwcleaner_6.043.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com_
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: blekko
[-] [C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1081 Bytes] - [23/02/2017 00:52:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1167 Bytes] - [23/02/2017 20:38:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [1182 Bytes] - [23/02/2017 00:52:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [1555 Bytes] - [23/02/2017 20:37:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] ##########
 
 
JRT REPORT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Andrew (Administrator) on Thu 23/02/2017 at 20:46:17.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Andrew\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 23/02/2017 at 20:49:31.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes 3.0 report
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/23/17
Scan Time: 8:54 PM
Logfile: Mal report1.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1064
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393386
Time Elapsed: 7 min, 27 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Shock710, 23 February 2017 - 05:20 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users