Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

citypage.today extension. bing redirecter


  • This topic is locked This topic is locked
16 replies to this topic

#1 jeonforever

jeonforever

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 08 March 2018 - 09:31 PM

Hi i have the citypage.today extension which redirects me to a bing search as well as a Windows Process Manager Problem.

 

Things I have:

Attached File  FRST.txt   45.35KB   5 downloads

Attached File  Addition.txt   66.32KB   1 downloads

 

I have ran several malware scans with several different scanning programs, things used here as well. I have checked chrome and internet explorer for suspicious extensions or add-ons mentioning citypage or anything else but i found nothing. in my task manager there are some weird things too that i dont haveaccess too, but i think that I found them in my local appdata folder, the files are named mbevski and svcumzl.

 

i also just downloaded the farbar recovery tool to a usb drive.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 08 March 2018 - 09:47 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

Let me review your logs and will post back with a fix.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 08 March 2018 - 10:05 PM

The computer is infected with a variant of the SmarService Rootkit. Very difficult to remove, but with the right protocol we may be able to do so.

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   796bytes   3 downloads and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.

 

Once in the Recovery Environment, on the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 08 March 2018 - 10:16 PM

umm.. is recovery mode also known as safe mode?



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 08 March 2018 - 10:32 PM

 No. It is just that. The Recovery Environment. It is a boot option where Windows will detach from the system, thereby allowing us to remove otherwise difficult items. Read the tutorial.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 08 March 2018 - 11:23 PM

 No. It is just that. The Recovery Environment. It is a boot option where Windows will detach from the system, thereby allowing us to remove otherwise difficult items. Read the tutorial.

 

Okay sorry.. I think im gonna have to continue this tomorrow because i am not completely sure how to get that menu to show up. I can do it on my other pc but not this one. The guide is sort of hard to understand bc my english isnt the best either..

 

I will reply to this thread some time later tomorrow and see if I was able to get to the recovery screen, but when I try on this PC it doesn't show me that - it just tells me to log on.. like normally



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 08 March 2018 - 11:25 PM

Very well. It is past midnight here. Will check on your progress later in the day.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 09 March 2018 - 12:40 AM

Ok so I actually couldnt sleep, figured id keep giving it a try. I downloaded a recovery drive to my usb file FROM MY UNINFECTED PC, and put it into my infected PC, changed the load order in my BIOS so that the USB loads first. At first it told me that it had a boot failure because it was rejected by the secure boot feature. i turned that feature off in BIOS and restarted, but it just shows me the regular login like usual... it doesnt ask me to pick a keyboard or an option. did i do something wrong here?...



#9 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 09 March 2018 - 12:56 AM

Sorry again. I got it. Right now, I am at the point where the Farbar Recovery Scan Tool loaded onto my command prompt in recovery tool, and is now scanning. I know it takes a while so I'm going to head off to bed now, thanks for the help so far.



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 09 March 2018 - 08:36 AM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 09 March 2018 - 04:19 PM

:thumbup2:

 

Okay I got my logs.

 

Recovery Mode:

 

Attached File  FRST.txt   28.8KB   4 downloads

 

Attached File  Fixlog.txt   2.15KB   2 downloads

 

 

Normal Mode:

Attached File  FRST.txt   45.03KB   2 downloads

 

Attached File  Addition.txt   65.58KB   1 downloads



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 09 March 2018 - 05:37 PM

Nice logs. Remove this program:
 
Amazon 1Button App

  • Highlight the entire content of the quote box below.

Start::  
Task: {305100C0-8EBD-42BA-B840-588A2A9BC452} - \IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d -> No File <==== ATTENTION
Task: {60604497-C62B-49CD-B507-E271ADFF8339} - \IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon -> No File <==== ATTENTION
Task: {8A22489D-708B-4A79-8AB2-20F02F564D29} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {A1EACBD5-6DC7-4F51-AD6F-EAA8BC241D04} - \Optimize Start Menu Cache Files-S-1-5-21-3404654695-1048813155-3783818636-500 -> No File <==== ATTENTION
Task: {E1CC2FD4-65C6-40AC-93CC-976A71F96916} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
ShortcutTarget: boller.lnk -> C:\Program Files (x86)\grice\portman.exe (No File)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
Shortcut: C:\Users\Ricks\Desktop\Games\F?rgott?n ?mpir?s.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual_efoa.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?he SimsT 3 High-End L?ft Stuff.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?he SimsT 3 ??ts.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?h? SimsT 3 Late Night.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?h? SimsT 3 Seasons.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
C:\Users\Ricks\AppData\Local\dsmbtlu
C:\Users\Ricks\AppData\Local\cwdhmnp
2018-03-08 22:54 - 2018-03-08 22:54 - 000000000 ____D C:\Users\Ricks\AppData\Local\aubocxp
2018-03-08 22:36 - 2018-03-08 22:36 - 000000000 ____D C:\Users\Ricks\AppData\Local\dsexgun
2018-03-08 21:56 - 2018-03-08 21:56 - 000000000 ____D C:\Users\Ricks\AppData\Local\iabunol
2018-03-08 21:48 - 2018-03-08 21:48 - 000000000 ____D C:\Users\Ricks\AppData\Local\lmdcetk
2018-03-08 21:33 - 2018-03-08 21:33 - 000000000 ____D C:\Users\Ricks\AppData\Local\svhgxot
C:\Users\Ricks\AppData\Local\spnzmut
2018-03-08 21:08 - 2018-03-08 21:08 - 000000000 ____D C:\Users\Ricks\AppData\Local\avaplmw
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Scan with AdwCleaner.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Scan with Malwarebytes Antimalware

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 

 

Scan with RogueKiller

 

  • Right-click on RogueKiller it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

I will need to seethe following reports:

 

Fixlog.txt

AdwCleaner

Malwarebytes Antimalware

RogueKiller


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 09 March 2018 - 10:06 PM

Nice logs. Remove this program:
 
Amazon 1Button App

  • Highlight the entire content of the quote box below.

Start::  
Task: {305100C0-8EBD-42BA-B840-588A2A9BC452} - \IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d -> No File <==== ATTENTION
Task: {60604497-C62B-49CD-B507-E271ADFF8339} - \IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon -> No File <==== ATTENTION
Task: {8A22489D-708B-4A79-8AB2-20F02F564D29} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {A1EACBD5-6DC7-4F51-AD6F-EAA8BC241D04} - \Optimize Start Menu Cache Files-S-1-5-21-3404654695-1048813155-3783818636-500 -> No File <==== ATTENTION
Task: {E1CC2FD4-65C6-40AC-93CC-976A71F96916} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
ShortcutTarget: boller.lnk -> C:\Program Files (x86)\grice\portman.exe (No File)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
Shortcut: C:\Users\Ricks\Desktop\Games\F?rgott?n ?mpir?s.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual_efoa.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?he SimsT 3 High-End L?ft Stuff.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?he SimsT 3 ??ts.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?h? SimsT 3 Late Night.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Ricks\Desktop\Games\?h? SimsT 3 Seasons.lnk -> C:\Users\Ricks\AppData\Roaming\Browsers\exe.rehcnual3smis.bat (No File) <==== Cyrillic
C:\Users\Ricks\AppData\Local\dsmbtlu
C:\Users\Ricks\AppData\Local\cwdhmnp
2018-03-08 22:54 - 2018-03-08 22:54 - 000000000 ____D C:\Users\Ricks\AppData\Local\aubocxp
2018-03-08 22:36 - 2018-03-08 22:36 - 000000000 ____D C:\Users\Ricks\AppData\Local\dsexgun
2018-03-08 21:56 - 2018-03-08 21:56 - 000000000 ____D C:\Users\Ricks\AppData\Local\iabunol
2018-03-08 21:48 - 2018-03-08 21:48 - 000000000 ____D C:\Users\Ricks\AppData\Local\lmdcetk
2018-03-08 21:33 - 2018-03-08 21:33 - 000000000 ____D C:\Users\Ricks\AppData\Local\svhgxot
C:\Users\Ricks\AppData\Local\spnzmut
2018-03-08 21:08 - 2018-03-08 21:08 - 000000000 ____D C:\Users\Ricks\AppData\Local\avaplmw
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Scan with AdwCleaner.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Scan with Malwarebytes Antimalware

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 

 

Scan with RogueKiller

 

  • Right-click on RogueKiller it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

 

I will need to seethe following reports:

 

Fixlog.txt

AdwCleaner

Malwarebytes Antimalware

RogueKiller

 

Okay done. I removed the Amazon App

 

Heres my logs

 

Attached File  Fixlog.txt   98.92KB   3 downloads

Attached File  RogueKiller.txt   2.61KB   2 downloads

Attached File  AdwCleanerS1.txt   1.11KB   2 downloads

Attached File  MalwareBytesLog.txt   1.19KB   2 downloads

 

 

EDIT: Also i just noticed the weird suspicious files are gone, and the Windows Process Manager thing taking up a lot of CPU is gone from task manager. Does this mean I'm all clear?


Edited by jeonforever, 09 March 2018 - 10:38 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:54 AM

Posted 09 March 2018 - 11:13 PM

Those logs are clear. Congratulations. :)

 

To remove tools used and quarantined items use this application:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Since there are no signs of infection anymore in your logs I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 jeonforever

jeonforever
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 09 March 2018 - 11:22 PM

Those logs are clear. Congratulations. :)

 

To remove tools used and quarantined items use this application:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

 

Since there are no signs of infection anymore in your logs I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 

 

Thank you sooo much for your help!!! I was trying so many things 2-3 days prior to creating this thread. Once again thank you so much.


Edited by jeonforever, 09 March 2018 - 11:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users