I have contracted a Virus that shows many Ads

Page 3 of 17 FirstFirst 1234513 ... LastLast

  1. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #21

    For simrick: Nov. 16 at 2:00 pm


    I'm posting what I have done so far.

    I don't know if the LogFile Attachments remained attached because the only way I could conclude the attachment process was to click on the X, and there is no indication in my post that there are attachments.

    What does BP mean?

    1/ I created a System Restore Point: Begin Cleaning

    2/ I ran RKill (I attached the LogFile with Attachment.)

    3/ Before I could run TDSS Killer, Malwarebytes posted a Notification: it said that threats were detected and that I should run a scan. I ran the scan, and 406 threats were listed, some as potential threats, and 9 as definite threats. I list the 9 definite threats here:
    1. NowUSeeIt Player
    2. RootKit.Komodia.pup
    3. Trojan.Agent
    4. RootKit.Agent.A
    5. Trojan.Symmi
    6. Adware.PennyBee.WnskRST
    7. Trojan.Downloader
    8. Adware.SilentInstaller
    9. Adware.Imali

    After I did the Malwarebytes Remove, NowUSeeIt Player was still listed under programs and it still resists being uninstalled.
    After I did the Malwarebytes, "Healer Console" did not appear at booting-up.
    Also: www-searching.com still appears as the browser when I click on Microsoft Edge. The ************ (r e i m a g e.com) ad still appears in the middle of the screen and when I click on "No," the full-screen ad for some Windows 10 repair software appears.

    4/ I then ran TDSS Killer. (I attached the LogFile with Attachment; it's 60 kb long.) The result was that no threats were detected.

    I'll start working on the remaining items in the list you sent me.
      My Computer


  2. Posts : 16,325
    W10Prox64
       #22

    Writer said:
    I'm posting what I have done so far.

    I don't know if the LogFile Attachments remained attached because the only way I could conclude the attachment process was to click on the X, and there is no indication in my post that there are attachments.

    Nothing is attached. Please see instructions here:
    Screenshots and Files - Upload and Post in Ten Forums - Windows 10 Forums


    Writer said:
    What does BP mean?
    Bleeping Computer (Meant to write BC)

    Writer said:
    1/ I created a System Restore Point: Begin Cleaning

    2/ I ran RKill (I attached the LogFile with Attachment.)

    3/ Before I could run TDSS Killer, Malwarebytes posted a Notification: it said that threats were detected and that I should run a scan. I ran the scan, and 406 threats were listed, some as potential threats, and 9 as definite threats. I list the 9 definite threats here:
    1. NowUSeeIt Player
    2. RootKit.Komodia.pup
    3. Trojan.Agent
    4. RootKit.Agent.A
    5. Trojan.Symmi
    6. Adware.PennyBee.WnskRST
    7. Trojan.Downloader
    8. Adware.SilentInstaller
    9. Adware.Imali

    After I did the Malwarebytes Remove, NowUSeeIt Player was still listed under programs and it still resists being uninstalled.
    After I did the Malwarebytes, "Healer Console" did not appear at booting-up.
    Also: www-searching.com still appears as the browser when I click on Microsoft Edge. The ************ (r e i m a g e.com) ad still appears in the middle of the screen and when I click on "No," the full-screen ad for some Windows 10 repair software appears.

    4/ I then ran TDSS Killer. (I attached the LogFile with Attachment; it's 60 kb long.) The result was that no threats were detected.

    I'll start working on the remaining items in the list you sent me.
    Yes,please upload all those logs so I can evaluate. Thanks ;-)
      My Computer


  3. Posts : 16,325
    W10Prox64
       #23

    @Writer Was MBAM (Malwarebytes) able to successfully remove everything it found or did you get an error?
    Did it have you reboot? If so, did you run RKILL once again (everything RKILL does is undone upon reboot).
      My Computer


  4. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #24

    For simrick Nov. 16, 3:45 pm


    I'll try to attach the LogFiles:
    Rkill 2 11-16-2015.docx
    TDSS Killer 11-16-2015.docx
    I hope that did it; let me know.

    Malwarebytes was able to delete "Healer Console," which was listed only as a "potential threat."
    Malwarebytes was not able to delete "NowUSeeIt Player," which was listed as a definite threat.
    Malwarebytes did not list www-searching.com as a threat, and it still comes up as the browser.

    I did not get an error response from Malwarebytes; it said that it had removed all of the threats. I was not able to see all of the threats it had listed; I only knew about "Healer Console" and "NowUSeeIt."

    I did reboot after Malwarebytes was finished. I'll post this first, then I'll run RKill again.

    I started the scan for "Junk Removal Tool." It ran for about 45 minutes, but was not showing any progress. Does it take that long? The only message I got from the Administrator was the two short lines below:

    Checking for Update
    An Update was found...Please wait

    I'll wait till I hear from you before I start to run Junk Removal Tool again.
      My Computer


  5. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #25

    For simrick


    Here is the latest LogFile for RKill done at 4:10 pm on November 16, 2015

    RKill 3 11-16-2015 4.10 pm.docx

    Here is the latest LogFile for AdwCleaner done at 4:45 pm on November 16, 2015

    AdwCleaner v1 C4.docx

    After the AdwCleaner Scan, it performed a "Reboot."
    Last edited by Writer; 16 Nov 2015 at 16:50.
      My Computer


  6. Posts : 16,325
    W10Prox64
       #26

    Thank you. I will need some time to review the logs. In the meantime, please run Junkware Removal Tool again, and wait a while. It can take some time, depending on your system.

    EDIT: Make sure you have first run RKILL and that your A/V is shut off.
    Also, please go into MBAM>History>Application Logs>and select SCAN LOG for today's date. Click on it, and select EXPORT in the bottom-left and attach that here as well.
    Thanks.
      My Computer


  7. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #27

    For simrick


    You would like that I run the "ESET" Online Scan: Where is this, and what does ESET mean?

    Concerning shutting down anti-virus software: This must mean Microsoft Defender; how do I find it?
    Is Malwarebytes Anti-Malware also considered to be part of my anti-virus software?

    I'll start running Junkware Removal Tool again.
      My Computer


  8. Posts : 16,325
    W10Prox64
       #28

    Writer said:
    You would like that I run the "ESET" Online Scan: Where is this, and what does ESET mean?

    Concerning shutting down anti-virus software: This must mean Microsoft Defender; how do I find it?
    Is Malwarebytes Anti-Malware also considered to be part of my anti-virus software?

    I'll start running Junkware Removal Tool again.
    ESET instructions begin at the bottom of this post, and continue in my next following post.

    Windows Defender: Type Defender in the search box at the bottom left>select Windows Defender Desktop App>click on settings in the top-right; a new window opens called update & security. See "Real-time protection" tick the dot to turn it off. Leave this box open so you can turn it back on when finished.

    If JRT doesn't do anything again, after another 30 minutes, just cancel it. The update is probably being blocked by the malware.
      My Computer


  9. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #29

    For simrick


    Junkware Removal Tool ran fast this time: it finished in 6 minutes. The LogFile is below:

    Junkware Removal Tool 11-16-2015 5.08 pm.docx

    I'll start working on ESET shortly.
      My Computer


  10. Posts : 16,325
    W10Prox64
       #30

    Your first RKILL log

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus and Anti-Malware Software
    Program started at: 11/16/2015 11:51:52 AM in x86 mode.
    Windows Version: Windows 10 Home
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001


    Your 2nd RKILL Log

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus and Anti-Malware Software
    Program started at: 11/16/2015 04:08:35 PM in x86 mode.
    Windows Version: Windows 10 Home
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:
    * b06bdrv [Missing Service]
    * ebdrv [Missing Service]
    * iaLPSSi_GPIO [Missing Service]
    * iaLPSSi_I2C [Missing Service]
    * ibbus [Missing Service]
    * ksthunk [Missing Service]
    * mlx4_bus [Missing Service]
    * ndfltr [Missing Service]
    * PerfHost [Missing Service]
    * vpci [Missing Service]
    * WinMad [Missing Service]
    * WinVerbs [Missing Service]

    (I believe these are a glitch in the RKILL program - nothing to worry about)


    * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_a4832450a7024d49\CompositeBus.s ys [Incorrect ImagePath]
    * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
    * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]
    * swenum => \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_x86_b6707c73599dd1b6\swenum.sys [Incorrect ImagePath]

    * PrintNotify => C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.

    Program finished at: 11/16/2015 04:10:03 PM
    Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)

    Your TDSSKiller log

    13:29:25.0610 0x0c90 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )

    Your ADWCleaner log

    # AdwCleaner v5.021 - Logfile created 16/11/2015 at 16:41:40
    # Updated 14/11/2015 by Xplode
    # Database : 2015-11-13.3 [Server]
    # Operating system : Windows 10 Home (x86)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib
    ***** [ Services ] *****

    ***** [ Folders ] *****

    ***** [ Files ] *****

    ***** [ DLLs ] *****

    ***** [ Shortcuts ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Registry ] *****
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9563BC59-9556-4805-8CD4-886781779D8D}

    So, let's see how it goes with yout JRT and ESET scans.
    We may need to run Malwarebytes AntiRootkit next after them.

    (I'm sorry, but you were terribly infected - once one thing got on the system, it started bringing all kinds of other stuff in. I will be interested to see your MBAM logfile.)

    Instructions from BC:

    Download Malwarebytes Anti-Rootkit to your desktop.

    • Double-click "mbar.exe" to start the tool.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Click in the introduction screen "next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"


      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:00.
Find Us




Windows 10 Forums