Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mega-Virus-Removal?!? Can't even download Malwarebytes!!


  • Please log in to reply
85 replies to this topic

#1 rmihaly

rmihaly

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 05:13 PM

My desktop is apparently rather infected. Right-clicked menus don't function properly, When I try to download Malwarebytes I get an error message that the following url is blocking the download:

 

http://dw.cbsi.com/redir?ttag=download_now_button_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http%3A%2F%2Fdownload.cnet.com%2FMalwarebytes%2F3001-8022_4-10804572.html&onid=8022&oid=3000-8022_4-10804572&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=security%2Fantispyware&topicbrcrm=&pid=15996836&mfgid=6290020&merid=6290020&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=7986f0eda6d959ec81df0b081249521c&devicetype=desktop&pguid=756e75cc1b9fafb8edb56690&viewguid=owUeT4Sz91GMxCkZ1HR7M4hKNnUlazHwbFwB

 

I found virus removal instructions at:

 

https://www.bleepingcomputer.com/forums/t/453087/i-have-a-virus-preventing-me-from-installing-antivirus-software/

 

But when I try to do the first step-- "Download Security Check from HERE, and save it to your Desktop." it takes me to http://screen317.spywareinfoforum.org/ and then I get an error message that

"Not Found

The requested URL /SecurityCheck.exe was not found on this server."

 

Any idea how to clean my machine or where to get instructions to begin to follow?

 

 

Moved from Windows 8

NickAu


Edited by NickAu, 12 December 2017 - 05:57 PM.


BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 08:35 PM

Hi,

 

I checked that link and it's not functioning.

 

I'll grab a few things and be back with you shortly.

 

In the meantime, try downloading Security Check:  HERE

 

Please post back the log file when done.

 

Thanks,

 

 

Kilt :thumbup2: 


Edited by Unworn_Kilt, 12 December 2017 - 08:36 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 08:53 PM

Hello again,

 

 

I don't reckon that link is responsible for blocking your download. When I say "that link" I mean the one you've pasted into the first message.

 

I just scanned it on VirusTotal.

 

You can see the results at This Link: https://www.virustotal.com/en/url/c275e650fd901fa6f4697afc4df1761a9208a89f1a822dc620314b2bfefddc33/analysis/1513129499/

 

I'd like you to see how you go accessing the above link & downloading and running Security Check.

 

Please remember to post the log from Security Check in your reply.

 

 

We'll take it from there.

 

 

 

Kilt. :thumbup2: 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 09:26 PM

Hello Again,

 

 

  • I just read the Removal Instructions you were using.
  • They date back to 2012. That's one of the reasons the links aren't working.
  • The instructions supplied there may not hold true to Your Specific Situation.
  • Those instructions are tailored for a specific user on a specific machine.
  • Following such instructions may Cause Serious Harm to your computer. It's unlikely, but better you get your own.
  • The Advisor who was issuing the instructions, Broni, is an Highly Respected Advisor at Bleeping Computer.

 

 

Here is a link to download Malwarebytes from Bleeping Computer.

 

This link is currently functional.

 

Malwarebytes Download (Version: 3.3.1.2183)

 

I was preparing something for you when I noticed the details I've pointed out.

 

Please Download Malwarebytes to your Desktop & Run the installer.

 

Once you've posted the Security Check logs we'll continue.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 09:32 PM

Here's the whole security check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player     28.0.0.126  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Comodo Firewall cmdagent.exe
 Sculptor Downloads REMOVING VIRUSES SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 09:35 PM

Was your computer Idle or was an Antivirus "Cleaning" or "Scanning" when you ran Security Check please?


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 09:37 PM

i7 -3820 cpu @3.60 GHz 60gb RAM, 64 bit operating system, x 64-based processor

I notice in the log it said, " Java version 32-bit out of Date!"



#8 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 09:38 PM

I assume my computer was idle. It's not openly running antivirus.



#9 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 09:43 PM

Ok. I'm not familiar with the line:  Sculptor Downloads REMOVING VIRUSES SecurityCheck.exe

 

I reckon we should give you a quick checkup.

 

Please standby for a short while whilst I get some information........


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#10 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 09:45 PM

It's okay, I think "Sculptor" is computer name, then the folder is  "Downloads," then the sub-folder, actual folder I saved to, is called "REMOVING VIRUSES"

 

Sculptor-computer name

Downloads- folder

REMOVING VIRUSES- subfolder I created in 'Downloads' folder



#11 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 09:48 PM

Thanks. That clarifies that issue.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#12 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 10:13 PM

Let's start relatively simply.

 

 

Download and run the ESET Free Online Virus Scanner from:  HERE

 

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory, Autostart locations and drive(s) C:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • Push the DO NOT CLEAN button.
  • Click Back, then Finish to exit ESET Online Scanner.

Let me know if you encounter any problems.


Edited by Unworn_Kilt, 12 December 2017 - 10:15 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#13 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 12 December 2017 - 10:25 PM

here is the FSS log. Is this a good place to post it?

 

Farbar Service Scanner Version: 27-01-2016
Ran by Sculptor (administrator) on 12-12-2017 at 22:19:40
Running from "C:\Users\Sculptor\Downloads\REMOVING VIRUSES"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#14 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 10:34 PM

G'day,

 

It's as good a place as any for now. 

 

Please don't run scripts though for now. I'd like to see what ESET finds first, if anything.

 

Your Windows Updates are set to Manual. Suggest you switch to Automatic unless you're worried about Data Usage.

Keeping Windows Updated helps to keep it Secure.

 

Cheers!


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#15 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:11 AM

Posted 12 December 2017 - 10:40 PM

When we're done here you may want to consider installing:

 

 

Secunia Personal Software Inspector (PSI)

 

Secunia PSI is a tool that can be used to monitor your installed applications for new updates.  When started, Secunia PSI will scan your computer for applications and install any updates that are available for them. This allows your computer to remain secure from possible vulnerabilities in your installed programs.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users