Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 issue; no AntiVirus/Antispyware program working


  • Please log in to reply
3 replies to this topic

#1 virtualflying

virtualflying

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 11 July 2017 - 12:28 PM

Hi everyone
 
Yesterday I thought I was downloading a few sky textures for my flight simulator, but instead it was a virus. It installed a lot of these games on my desktop.
 
The first thing I did was try to run MalwareBytes, which did not work. The virus didn't allow the program to run. Then, I tried downloading AVG, which didn't install correctly due to an "unspecified error", AKA the virus not working. So I tried installing Malwarebytes Chameleon and then I scanned with a different version of MBAM, and it didn't catch anything.
 
Then I was able to download Norton Security, the free trial. Ran that overnight but only found 17 cookie issues within my computer. 
 
So I moved on and found out about this thing called RSKILL, which is a command-prompt program that looks and "kills" the infected areas of your PC. It doesn't remove them though, it just stops them, so if you restart your PC, you have to rerun that program.
 
I used that and I still couldn't get Discord, Malwarebytes, or AVG to work. I then went and looked at my host file, and it had a LOT of entries in there. So I followed Microsofts steps to removing and replacing my host file, and then deleted the infected one. 
 
Now, I am currently scanning my PC with SuperAntiSpyware in Windows safe mode, and it found 462 Tracking cookies within the FireFox and Chrome folders, but thats it. Out of my 7 million files, it found 462 cookies. I am running out of ideas, what steps would I try next? I really don't want to reformat; I have 2 drives and they both have a lot of stuff on there.
 
I seriously doubt that is all that is there.

Edited by hamluis, 11 July 2017 - 12:50 PM.
Moved from MRL to Am I Infected, no logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 11 July 2017 - 12:55 PM

Tracking cookies are not "infections".

 

Try using System Restore to go back to a point before the issue happened.

 

Then, do the following malware checks and post the logs...

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Malwarebytes Anti-Malware -

https://www.malwarebytes.org/antimalware/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/
 


Edited by jwoods301, 11 July 2017 - 12:58 PM.


#3 virtualflying

virtualflying
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 11 July 2017 - 01:54 PM

Tracking cookies are not "infections".

 

Try using System Restore to go back to a point before the issue happened.

 

Then, do the following malware checks and post the logs...

Download and run AdwCleaner -

https://www.bleepingcomputer.com/download/adwcleaner/

Download and run Malwarebytes Anti-Malware -

https://www.malwarebytes.org/antimalware/

Download and run the portable version of Zemana Anti-Malware

https://www.zemana.com/en-US/Download

Download and run Junkware Removal Tool -

https://www.bleepingcomputer.com/download/junkware-removal-tool/
 

 

 

The system restore wasn't available, so I couldn't do that.

 

I ran ADW Cleaner, and here is that log:

 

**************************************

 

# AdwCleaner v6.047 - Logfile created 11/07/2017 at 13:09:14
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-10.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Grant - DESKTOP-FE7BE0B
# Running from : C:\Users\Grant\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
[-] Service deleted: Dataup
[-] Service deleted: windowsmanagementservice
[-] Service deleted: drmkpro64

***** [ Folders ] *****
[-] Folder deleted: C:\Users\Grant\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Grant\AppData\Local\AdvinstAnalytics
[-] Folder deleted: C:\Users\Grant\AppData\Local\llssoft
[-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****
 
***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\dataup
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[-] Key deleted: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
[-] Key deleted: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}

***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2037 Bytes] - [11/07/2017 13:09:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [2232 Bytes] - [11/07/2017 13:08:09]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2183 Bytes] ##########
 

***********************************************************************

 

As explained, Malwarebytes does not run, I had to download it from a direct download in command prompt, here's the log from that

 

***********************************************************************

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/11/2017
Scan Time: 8:58 AM
Logfile: malwarebytes.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Grant
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474178
Time Elapsed: 24 min, 14 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP, Delete-on-Reboot, [2b3bbaa742578da9fe525af764a0817f],
Registry Values: 1
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath, C:\Users\Grant\AppData\Local\ntuserlitelist\dataup\dataup.exe, Delete-on-Reboot, [2b3bbaa742578da9fe525af764a0817f]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)

 

​*************************************************************************

 

Zemana Antivirus Portable deleted some things, but it was glitching out on me. This screen kept popping up:

 

Q1V7o3o.png

 

I rebooted multiple times but it would not stop popping up, therefore I did not get a log.

 

Now here is the Junkware Removal Tool log

 

***************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Grant (Administrator) on Tue 07/11/2017 at 13:39:22.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\ProgramData\esellerate (Folder)
 
Registry: 5
Failed to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value)
Failed to delete: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\DATAUP (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\windowsmanagementservice (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B4E9779156F26FC26D03BF7A2ADC2259 (Registry Value)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/11/2017 at 13:44:01.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

​***********************************************************

 

There are the logs, hopefully we can beat this.



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 11 July 2017 - 01:59 PM

Start a new thread in the Virus, Trojan, Spyware, and Malware Removal Logs forum.

Please read the Preparation Guide before proceeding.

 

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users