G'day again Chirality,
Thanks for running that tool. It appears clean. That's good. Excellent in fact!!
Sorry about the wait. I have tailored these next steps together for you.
We will do all we can to get this computer back to good health.
Now for some more steps........
These instructions will be quite complex and lengthy. I suggest you print them out to make things easier; if possible.
Please save the tools to your Desktop for simplicity.
DO NOT ENCLOSE REPORTS IN QUOTES OR DELETE OR INSERT ANY CHARACTERS!!!!!!!
PLEASE POST ALL REPORTS IN PLAIN TEXT. ENSURE YOU INCLUDE REPORT HEADERS.
Don't Attach them either.....Pleeeez!
Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!
You can find free Back Up Software in the Bleeping Computer "Downloads" Section.
It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.
Some Tools may Close Down any Open Windows or Programs, please be aware of this!
Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP & Message Me!!
**Read All Notes Below Individual Instructions BEFORE Running the Tools.**
Let's Get Started..........
Please download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:
(This program attempts to stop any running malware processes so other tools may function efficiently. This is in addition to a few other useful things.)
Save it to your Desktop so you can easily locate it.
(If one won't run, download the other: Malware sometimes recognises RKill.exe and tries to interfere with it.)
- Right Click RKill and Select "Run As Administrator."
- Soon after a Black Box will appear while RKill Runs. (This is normal. It may seem to stall, please be patient.)
- When the RKill has finished it will Open a Report in Notepad.
- RKill will also save a copy of its log to your Desktop called "RKill.log"
- After RKill has run successfully Don't Restart your computer until the other tools have run.(If you need to reboot, re-run RKill please.)
- Please Copy and Paste the contents of the Report into your Next Reply.
- If RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.
- Please Ignore any warnings from about RKill containing Viruses or Trojans etc.
- If necessary, shut down or temporarily disable your Antivirus while RKill runs.
- Don't forget to Re-enable your Anti-Virus(if you needed to shut it down) once RKill completes.
- If RKill still won't run, please Post back here and advise me.(After trying Both Versions and Safe Mode.) Please note any Error messages or other useful troubleshooting information and Include it in your Reply.
Please Download the Security Check Tool (by screen317) from HERE & save it to your Desktop.
- Right Click on SecurityCheck and Select "Run As Administrator."
- Follow the Prompts in the Black Box which opens on your screen.
- A Notepad Document called Checkup.txt should open Automatically.
- Please Copy & Paste the Contents of Checkup.txt into your Next Reply.
Please Note the Following:
- If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.
- Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.
- Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.
- It is not uncommon for Security Check to generate "false positives" from some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.
Download Farbar Service Scanner onto your Desktop (FSS:) HERE
Please Ensure the following Options are Selected:
- RpcSs and PlugPlay <= (May be greyed out.)
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
(Please Don't Click the "Search Files" or "Export Service Buttons")
Click the Scan button to start scanning.
(FSS can take a short while to complete. )
- When the Scan is Complete, a Report should Pop-Up.
- Please Copy and Paste the Contents into your Reply.
*(The Tool will create a log file called FSS.txt in the Folder the Tool is Run From.
That log will be saved. If there are any problems with the Pop-Up one, Copy from FSS.txt.)
Download MiniToolBox(By FARBAR) to your Desktop: HERE
Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."
(The Tool will show Version: 17-06-2016 in the title bar.)
Select the following Check-boxes:
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
- List Users, Partitions and Memory size
- List Minidump Files
- List Restore Points
Click the "Go" Button.
- A Report should Pop-Up on your screen. Please copy the contents into your Next Reply.
- (If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)
Download a Copy of Malwarebytes V.188.8.131.523: HERE
Please Save To Desktop.
Right Click the Installer Icon and Select "Run as Administrator."
Follow the Prompts throughout the Installation Process. Then give it a minute.
If Malwarebytes has not auto-started, Right Click the Desktop Icon and select "Run as Administrator."
If you wish to use it now, enable the Trial License. (I suggest you enable the Trial[Once Only, Time Limited] if the option is available and you don't have a license. This should permit Auto-Updating to the latest versions and definitions during the trial period.) I believe a license costs about US$39.00. I use this myself and it's surprising how much it catches(I'm not on the payroll!) A license is not necessary to perform a Simple Scan.
Once it has started, Malwarebytes may Update. If it does, allow it to complete the process.
You should now be at the "Dashboard."
- Click Settings, then Application:
Enable the Following available Options if Not Enabled:(Note that Trial Mode/License is Required for Some Options) A Simple Scan doesn't need a license.
- Automatically download and install application updates (Trial or License Only)
- Notify me when full version updates are available (Trial or License Only)
- Show Malwarebytes notifications in the Windows System Tray
- Show Notifications when Real Time Protection settings are turned off (Trial or License Only)
- Set Manual Scans have high priority (May Require Trial or License)
- Configure Proxy Server if you use one. (If you don't know what this means you likely don't. If in doubt, CHECK!)
Now switch to the Protection Tab and where possible Enable:
- Web Protection (Trial or License Only)
- Exploit Protection (Trial or License Only)
- Malware Protection (Real-time - Trial or License Only)
- Ransomware Protection (Trial or License Only)
- Scan for Rootkits. (May Require Trial or License)
- Scan within Archives.
- Use Signature-Less anomaly detection for increased protection (If available)
- Always detect PUPs
- Always detect PUMs
- Automatically check for updates (Select Check every 15 Mins.) (Trial or License Only)
- Notify if time since last update exceeds 24 hours (Trial or License Only)
- Start Malwarebytes at Windows Startup (Trial or License Only)
- Enable Self Protection Module (May Require Trial or License)
- Enable Self Protection Early Start (May Require Trial or License)
- Automatically quarantine detected Malware (May Require Trial or License)
Now Return to Dashboard.
(See Note Below BEFORE CLICKING.) Click Scan. Malwarebytes may update again prior to starting the scan.
The scan may take some time.
*If you've activated Trial or have a License, and, you have more than one accessible drive partition (i.e. C: & D: etc.,) consider using Threat Scan, Select All Drives and ensure scanning for Rootkits is enabled. (The Rootkit option MAY not be available to you if you haven't activated Trial, or, don't have a license. I don't recall.) Threat Scan should be available anyhow, but, a Rootkit Scan would be helpful but is not mandatory at this point.
Once the Scan is complete, please ensure you select any Threats found and Remove Them.
Please obtain a copy of your Scan Report from the Reports section and Paste in to your Next Reply.
Note: If you're not running the Updated Program Via Trial or License, you may need to Obtain your Scan Log by going to History, then Application Logs.
Please Download Sophos Virus Removal Tool: HERE
Please save this to your Desktop.
Right Click the Installer Icon to commence the Installation Process.
- Click Next
- Accept the Terms and Conditions if you agree. (If not things sort of grind to a halt for a while You'll need to Post here again.)
- Click Next
- Click Install
- Click Finish to end the Installation process.
Once the Install is complete you should be the proud "Licensee" of a copy of Sophos Virus Removal Tool, complete with Shiny New Desktop Launch Icon and Start Menu Additions!!
- Right Click on the Sophos VRT Icon and Select "Run as Administrator."
- The SVRT should now launch and Update.(Make sure you're connected to the 'Net if possible.)
- The SVRT will announce that it is Up to Date.
- Click Start Scanning.
- The SVRT should start scanning accordingly.
- Allow the scan to complete.
- Dispose of any located Threats, ensuring that you Copy and Paste the Log File into your Next Reply!
And......... There endeth today's effort.
One last thought. Please search your android contacts list for the word "global" and let me know if anything turns up.
It's going to take me a little while to go over your logs and conduct any necessary research.
Once I've completed that and grabbed a few winks of sleep, I'll post back with any Results.
It may take me a little while, but I know you can do without the "grief" you mentioned, so, I'll be as quick as I can.
By the way, you can keep the SVRT on your computer and Update it to Scan Regularly.
Please don't assume that if Sophos finds something all is well. We need to check the logs too.
If it was as simple as just SVRT, I would have jumped straight there. Fingers crossed.
Watch your email.
Once we're done with Cleaning your computer, we'll get rid of any excess tools.
Take some downtime and get some rest yourself.
Cheers for now!
Edited by Unworn_Kilt, 01 December 2017 - 06:01 PM.