Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infections + dead antivirus/malware programs


  • Please log in to reply
30 replies to this topic

#16 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 November 2017 - 11:23 AM

Yes, sorry, I'm just having problems getting Windows 10 installed.


Edited by marionthorne, 10 November 2017 - 11:24 AM.


BC AdBot (Login to Remove)

 


m

#17 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 10 November 2017 - 02:09 PM

I don't want you to install Windows, just create the disk.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#18 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 November 2017 - 05:15 PM

Ah, my apologies. I've got it burned to a DVD from the tool you provided. What should I do next?



#19 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 10 November 2017 - 06:29 PM

No problem, I should have been more specific.

Please do this.

===================================================

Farbar's Recovery Scan Tool Fix in the Recovery Environment Using a Windows Installation Disk

--------------------

For this step you will need a USB device. Please note the size of the USB device.
  • Please download Farbar Recovery Scan Tool for either 64 bit or 32 bit computers and save it to your USB device. If you are unsure which version you need download both versions.
  • Press the Windows Key + R at the same time
  • Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device with the file name as fixlist
C:\Users\User\AppData\Local\wiakxrl
  • Insert the installation disc and the USB drive into your compromised computer
  • Restart your computer and boot to the Installation Disk. If you are unsure how to do it see How to Boot From a CD or USB Drive on Any PC
  • Click Repair your computer
  • Select the appropriate keyboard language settings then click Next
  • Select the operating system you want to repair then click Next
  • Select your user account and click Next
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter
  • Click File then Open
  • Select Computer
  • Locate and double click on the USB device (look for the noted drive size if you are unsure which is the USB device)
  • Click the down arrow on the Text Documents (*.txt) box and select All Files
  • Right click on FRST64 or FRST depending on your operating system and select Run as administrator
  • When the tool opens click Yes to the disclaimer
  • Press Fix
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste the contents of the report in your reply
  • Restart your computer and check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Edited by Oh My!, 10 November 2017 - 06:30 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#20 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 November 2017 - 10:14 PM

I'm running a virus scan right now and haven't finished it yet, but it hasn't crashed yet like it had been doing and now Windows Update seems to be working again. I'm quite hopeful that this means the fix worked. Shall I update you when the scan has finished?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by SYSTEM (10-11-2017 20:46:39) Run:5
Running from E:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
C:\Users\User\AppData\Local\wiakxrl
*****************
 
C:\Users\User\AppData\Local\wiakxrl => moved successfully
 
==== End of Fixlog 20:46:40 ====


#21 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 10 November 2017 - 10:47 PM

Yes, please provide an update. I am ending for the evening but will check in first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#22 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 November 2017 - 10:12 AM

The scan is done and it found these 5 files. It couldn't delete them because access is denied.

C:\FRST\Quarantine\C\Users\User\AppData\Local\wiakxrl\libcef.dll
C:\FRST\Quarantine\C\Users\User\AppData\Local\wiakxrl\libEGL.dll
C:\FRST\Quarantine\C\Users\User\AppData\Local\wiakxrl\libGLESv2.dll
C:\FRST\Quarantine\C\Users\User\AppData\Local\wiakxrl\widevinecdm.dll
C:\FRST\Quarantine\C\Users\User\AppData\Local\wiakxrl\widevinecdmadapter.dll


#23 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 11 November 2017 - 03:12 PM

How is your computer running? Any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#24 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 November 2017 - 03:39 PM

Well, there wasn't a notable problem with performance even before. The only thing that's really changed is that now on occasion my antivirus will block a malware connection originating from wiakxrl.



#25 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 11 November 2017 - 04:06 PM

Thank you, I just wanted to make sure things were good before we do this next step.

Boot to the Command Propmt again using the Installation disk. Open Notepad like you did before but rather than go to your USB drive letter double click on the C: drive. Locate the C:\FRST folder, right click on it and select Delete. Let me know how that goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#26 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 November 2017 - 11:08 PM

My apologies for the late reply; I haven't been able to get to my computer these past days.

 

The folder appears to have been successfully deleted, but I ran another virus scan and wiakxrl is still in AppData/Local. Avast is still unable to delete it.



#27 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 14 November 2017 - 09:17 AM

Greetings.

No problem, thanks for letting me know.

Please rerun a FRST scan and copy/paste both reports in your reply. In addition, run these for me.

===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then continually click Next until you click Install
  • Click Finish
  • Click Accept
  • Under # Software Version if it does not indicate up to date click Check for updates >>
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for either 64 bit or 32 bit systems and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
*wiakxrl*
:folderfind
*wiakxrl*
:regfind
*wiakxrl*
:dir
C:\Users\User\AppData\Local\wiakxrl
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please copy and paste the report contents in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST report
  • Addition report
  • RogueKiller report
  • SystemLook report

Edited by Oh My!, 14 November 2017 - 09:19 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#28 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 17 November 2017 - 10:10 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#29 marionthorne

marionthorne
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 18 November 2017 - 11:02 AM

Yes, sorry, once again I'm unable to get to the computer. I'll reply when I've done your previous request with the results.



#30 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,562 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 18 November 2017 - 03:50 PM

Thanks, just need to make sure you are still here.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users