Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected unknown, compromised passwords (not the issue)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Zassaliss

Zassaliss

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 23 June 2017 - 04:30 PM

I only understand that my pc is infected with something, behaviour is erratic and a few accounts have been affected

 

unsure where to begin, have followed step 6 of farbar search log and postingAttached File  FRST.txt   103.5KB   5 downloadsAttached File  Addition.txt   77.71KB   2 downloads



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 23 June 2017 - 05:30 PM

Hello Zassaliss and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8,10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    chrdefaults;
    emptyalltemp;
    emptyclsid;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Logs to include with next post:

zoek-results.log
RKreport.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Zassaliss

Zassaliss
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 24 June 2017 - 02:08 AM

zoek unavailable

Attached Files



#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 24 June 2017 - 03:21 AM

What do you mean "Zoek is unavailable"?

 

Did Zoek run OK? If so, you should find a log here:

 

C:\zoek-results.log

 

If it didn't run, can you tell me what the problem was.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Zassaliss

Zassaliss
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 24 June 2017 - 02:57 PM

i cant access the link to zoek



#6 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 24 June 2017 - 03:48 PM

Sorry about the link but I can give the good link as and when we may need it.


Enable System Restore

Did you know that System Restore is disabled?

If you did’t do this intentionally, please check the following:

  • go to Start and type System in the search box
  • click on System, (under ‘Control Panel’ or ‘Settings’) and then on System Protection
  • click on Configure and then select Turn on system protection
  • click Apply and then on OK.

In the ‘System Protection’ screen, is Protection now On?

If the status of System Restore is still Off or Disabled, please let me know.

===================================================

P2P - I see you have P2P software, qBitTorrent, installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

Please don’t use it until we have finished up here.

===================================================

You may have illegal software on your computer and, besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

Continuing to help you could be viewed as supporting/condoning this so if you want to continue, I need you to uninstall any illegal software that you have downloaded and installed. When you have done that, do the following:

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Zassaliss

Zassaliss
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 25 June 2017 - 02:32 AM

computer wouldnt boot, pc was reset

 

this is the file

Attached Files



#8 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 25 June 2017 - 02:48 AM

As you have reset the PC can you tell me if that resolved the problems.

 

If there are still problems please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 27 June 2017 - 02:24 AM

Hi Zassaliss

It has been a couple of days since I asked if there were any remaining problems.

Please let me know if there are any.

If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:06 AM

Posted 28 June 2017 - 02:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users