Page 5 of 11 FirstFirst ... 34567 ... LastLast
  1.    04 May 2017 #41

    Yes, I have 3 computers to do so.
      My ComputerSystem Spec
  2.    04 May 2017 #42
    Join Date : Oct 2014
    Posts : 2,456
    W10 Pro + W10 Preview

    A nice clean installation....
      My ComputersSystem Spec
  3.    04 May 2017 #43
    Join Date : Apr 2015
    Posts : 12,819
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    Yes, I have 3 computers to do so.
    Okay good. And all your important data is backed up, right?
    Quote Originally Posted by dencal View Post
    A nice clean installation....
    If we can't clean it, or if the FRST logs show it's not worth cleaning, that's the next step.

    I will be back in a while; please be patient with me.
      My ComputerSystem Spec
  4.    04 May 2017 #44
    Join Date : Apr 2015
    Posts : 12,819
    W10Prox64

    Please "show hidden files, folders and drives" in Control Panel>File Explorer Options, "View" tab.
    -----
    Please uninstall the following applications:

    Chrome
    Export your bookmarks in Chrome to an HTML file (you can import them later).
    Uninstall Chrome using the instructions here:
    Uninstall Google Chrome - Computer - Google Chrome Help
    Be sure to delete all profile information and clear browsing history - we want nothing left on the system (except your bookmarks).
    If you sync your Chrome Browser data, delete it (use Edge or IE to do this):
    Quick Tip: How To Delete Your Google Chrome Browser Sync Data

    Java 8 Update 121
    LogMeIn
    McAfee Security Scan Plus
    Yahoo Search Set
    -----
    Whatever is on the system by IObit company, please remove it. (SmartDefrag?)
    -----
    Please change the DNS settings on your NIC
    From: 130.67.15.198 & 193.213.112.4
    To: 208.67.222.222 & 208.67.220.220
    -----
    Open an admin command prompt or admin powershell and enter:
    ipconfig /flushdns
    -----

    Please copy the following exactly and paste it into Notepad. Save the file as fixlist.txt in the same folder where the Farbar (FRST) tool is running from (C:\Users\Janisin\Downloads). Run FRST and click FIX only once and wait. When it's finished it will create a log (Fixlog.txt). Please post that log.

    Code:
    Start
    
    CreateRestorePoint
    EmptyTemp:
    CloseProcesses:
    
    Task: {33C02C52-CCB7-4FB7-9F2B-3E13439D75AC} - \SystemHealer Monitor -> No File <==== ATTENTION
    Task: {42AB3ED1-EDCA-4781-B9D9-994414E8141D} - System32\Tasks\SMW_UpdateTask_Time_333536383237363034362d50372d5a456c37325a347841 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {5715A91F-9CEF-4E3B-A2E7-A4A86D8CFFC6} - \{78080447-0A0E-087F-0A11-7F7A7F0D110F} -> No File <==== ATTENTION
    Task: {908AE32D-C2C7-4FC6-8F3C-6056146FB457} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE  <==== ATTENTION
    Task: {A9094CB4-F599-4768-A5C0-93356813225B} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-04] () <==== ATTENTION
    Task: {CC5EE9C6-9C52-4411-87EC-7E310E536686} - \SystemHealer Run Delay -> No File <==== ATTENTION
    Task: {D2527136-A109-402E-AC24-ADD29340F413} - System32\Tasks\IBUpd2 => C:\Users\Janisin\AppData\Local\BrowserAir\48.0.0.0\updater.exe  <==== ATTENTION
    Task: {E03EDFBB-11A3-41F1-B67D-AFE5EA703A33} - System32\Tasks\IBUpd => C:\Users\Janisin\AppData\Local\BrowserAir\48.0.0.0\updater.exe  <==== ATTENTION
    Task: {F311310D-62D2-4E86-8C31-44E8AA2AAF89} - \oqnrzQS454 -> No File <==== ATTENTION
    Task: {F51D35EB-97ED-4E1C-9033-29B40EFE0129} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe  <==== ATTENTION
    HKU\S-1-5-21-1197232350-3408337513-1167496310-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
    GroupPolicy: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    CHR Profile: C:\Users\Janisin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-30] <==== ATTENTION
    CHR Extension: (AntiCaptcha automatic captcha solver) - C:\Users\Janisin\AppData\Local\Google\Chrome\User Data\DEFAULT\Extensions\neodgnejhhhlcdoglifbmioajmagpeci [2017-04-28] [UpdateUrl: hxxps://antcpt.com/downloads/firefox/update_manifest.json] <==== ATTENTION
    R3 cpuz138; C:\Users\Janisin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2017-05-02] (CPUID) <==== ATTENTION
    R1 ESEADriver2; C:\Users\Janisin\AppData\Local\Temp\ESEADriver2.sys [316552 2016-12-08] () <==== ATTENTION
    Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
    
    End

    Note: this is a unique fixlist - do not use this on another computer.

    -----
    Permanently remove the following manually (if they exist):
    C:\END
    C:\Users\Janisin\AppData\Roaming\.pgbiasfx
    -----
    Open Device Manager
    View>Show Hidden Devices
    Expand "Non-Plug and Play Drivers"
    Look for ESEADriver2
    If found, right click "ESEADriver2" and select Uninstall
    (we need to get rid of this, as they apparently were using user's systems for bitcoin mining, and have full admin rights in this driver.)
    -----
    Download the following to a flash drive (or CD) on a clean system:
    RKILL
    RKill Download
    Download the iExplore.exe version
    JRT
    Junkware Removal Tool Download
    RogueKiller
    RogueKiller Download
    ADWCleaner
    Downloads - AdwCleaner - ToolsLib

    Copy all the tools over to the "desktop" of the infected system.
    Run the tools in this order on the infected system (note: all tools are free/have free versions):

    1. RKILL

    2. ADWCleaner (it will reboot)

    3. RKILL (again)

    4. RogueKiller (select all boxes including "PUP and PUM is malware") Delete everything in RED.

    5. JRT

    6. Malwarebytes Antimalware (already on system, go online, update virus definitions, run a full scan of system drive, and be sure to check the box to scan for rootkits) You may have to re-download and re-install to get it working now(?)

    The system can stay online at this point.

    Please post all logs from these tools for evaluation.
    -----
    Completely reset all browsers left on the system.
    How to Reset Your Web Browser To Its Default Settings

    Reset Microsoft Edge to Default in Windows 10 - Windows 10 Browsers Email Tutorials
    -----
    Will watch for your logs. Please remember you are 6 hours ahead of me.
    Last edited by simrick; 04 May 2017 at 22:26.
      My ComputerSystem Spec
  5.    05 May 2017 #45

    Trojan, Trojan.Generic?


    Hi and thanks for the guide.

    However, there are two problems with this thought. First of all AdwCleaner has been blocked by a administrator (i am the only one). The other problem is that roguekiller does not aloud to change these settings in their free version. Malwarebytes can neither run.
    Last edited by Vikdal; 05 May 2017 at 08:14.
      My ComputerSystem Spec
  6.    05 May 2017 #46
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,921
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    Quote Originally Posted by Vikdal View Post
    Hi and thanks for the guide.

    However, there are two problems with this thought. First of all AdwCleaner has been blocked by a administrator (i am the only one). The other problem is that roguekiller does not aloud to change these settings in their free version. Malwarebytes can neither run.
    Have you tried renaming AdwCleaner & Malwarebytes to something different, such as iexplore.exe (or another random name) . Sometimes renaming scanning tools is sufficient action to allow the cleaners to run when they are blocked by malware.

    If malwarebytes has installed on your system but can not run, it has a program called Chameleon that attempts to override the malware block. Instructions are here:

    https://support.malwarebytes.com/cus...tem-?b_id=6447

    Also there is a stand alone version that can help get it installed:

    Malwarebytes | Chameleon - Free Malware Removal Tool

    Malwarebytes Chameleon technologies get Malwarebytes 3 installed and running when blocked by malicious programs.
      My ComputerSystem Spec
  7.    05 May 2017 #47

    Hi!, yes I have tried renaming both applications. Also here is the logs from the programs I was able to run.Fixlog.txt LOG ROGUEKILLER.tmp.txt Rkill2.txt

    EDIT: And to run Chameleon I would need a internet connection, and as far as I have seen this would let the trojan download more viruses/adwares.

    And if Chameleon does not help, I would then have all the adwares that the trojan downloaded still on the PC :/
      My ComputerSystem Spec
  8.    05 May 2017 #48
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,890
    Windows 10 (Pro and Insider Pro)

    Quote Originally Posted by Vikdal View Post
    Hi!, yes I have tried renaming both applications. Also here is the logs from the programs I was able to run.Fixlog.txt LOG ROGUEKILLER.tmp.txt Rkill2.txt

    EDIT: And to run Chameleon I would need a internet connection, and as far as I have seen this would let the trojan download more viruses/adwares.

    And if Chameleon does not help, I would then have all the adwares that the trojan downloaded still on the PC :/
    Did you follow the guide simrick has posted? Follow it exactly. After you uninstall listed apps and run FRST with fixit.txt other programs should be able to run.
      My ComputerSystem Spec
  9.    05 May 2017 #49

    I followed the guide from word to word untill I got to ADwcleaner.

    EDIT: I almost forgot, the MCafee app and no IOBits were on the system. Sorry for forgetting this.
      My ComputerSystem Spec
  10.    05 May 2017 #50
    Join Date : Apr 2015
    Posts : 12,819
    W10Prox64

    Thanks. Looking at the logs now.
      My ComputerSystem Spec

 
Page 5 of 11 FirstFirst ... 34567 ... LastLast


Similar Threads
Thread Forum
Solved Trojan or not ?
Hi all, Not quite sure when this started but roughly somewhere around July I noticed a file called NTUSER.rhk that resides in "Users\My username". Googling for the .rhk file extension gave me a bit of a scare as most sites suggest this is...
AntiVirus, Firewalls and System Security
Solved Do I Have A Trojan?
Hello, First post here :) Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac) It only shows up after a full 3 hour search and not in the fast search A full search with Malwarebytes, Adware and Hitman...
AntiVirus, Firewalls and System Security
.ecc Extension: Trojan ? Can't Seem To Delete Them ? Help please
Hello, I received an eMail from a friend who said that any file with an .ecc extension is one of those Crypto ransom ware trojans. True ? My old PC7 PC was wiped out, literally, a few months ago, so I am literally paranoid about this.
AntiVirus, Firewalls and System Security
Solved Trojan Detected in OneDrive
The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone. I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without...
AntiVirus, Firewalls and System Security
Trojan in My Registry
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:41.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums