Page 6 of 11 FirstFirst ... 45678 ... LastLast
  1.    05 May 2017 #51
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    Hi and thanks for the guide.

    However, there are two problems with this thought. First of all AdwCleaner has been blocked by a administrator (i am the only one). The other problem is that roguekiller does not aloud to change these settings in their free version. Malwarebytes can neither run.
    No problem. Please uninstall WinZip Registry Optimizer. Then, go ahead and run RogueKiller again. This time I'd like you to delete everything it finds. The only possibly legit program it's flagging is WinZip Registry Optimizer, and you really shouldn't be using that anyway (it will cause more problems than it will help). However, if this program was a torrent, then it is suspect. Everything torrented is suspect. Torrents are nothing but problems nowadays.

    Quote Originally Posted by Vikdal View Post
    Hi!, yes I have tried renaming both applications. Also here is the logs from the programs I was able to run.Attachment 133582 Attachment 133583 Attachment 133584

    EDIT: And to run Chameleon I would need a internet connection, and as far as I have seen this would let the trojan download more viruses/adwares.

    And if Chameleon does not help, I would then have all the adwares that the trojan downloaded still on the PC :/
    Quote Originally Posted by Vikdal View Post
    I followed the guide from word to word untill I got to ADwcleaner.

    EDIT: I almost forgot, the MCafee app and no IOBits were on the system. Sorry for forgetting this.
    Okay thanks.

    Chrome is completely gone, right?
    Did you find ESEADriver2 in Device Manager or no?
    Were you able to run FIX in the FRST tool?

    What I'm seeing are browser hijackers/redirectors, a trojan and rootkit. Nothing that warrants a clean install at this point, as long as we can get control over the system. Malwarebytes will get rid of most of this - that's why it's being prevented from running. So, we're going to run it outside the operating system:

    Go to a clean PC and download Kyhi's custom rescue environment.
    Windows 10 Recovery Tools - Bootable Rescue Disk - - Windows 10 Forums
    Save the ISO to the desktop of the clean PC. Right-click the ISO and select MOUNT or OPEN WITH WINDOWS EXPLORER. This will mount the ISO and assign a drive letter to it.
    Copy all the files inside the ISO over to a clean flash drive.

    Boot the infected system to the flash drive.
    Use the included network connection utility to get it online, if necessary.
    (no worries going online with this, as your OS is dormant at this point.)

    Open up Malwarebytes, update the definitions, select full scan of OS drive, and select to scan for rootkits.
    Open the scan log and post it here on the thread before you leave the rescue environment.
      My ComputerSystem Spec
  2.    05 May 2017 #52

    I uninstalled WinZip? :/, Also that EseaDriver was not found. I searched around could not find it. Google was completely uninstalled, but there was an error in the middle of removing it. Not sure what it is, but after 10min Chrome was gone. The one log in the FRST shows the "fix" and yes, i was able to run it.the ISO right now.
      My ComputerSystem Spec
  3.    05 May 2017 #53
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    I uninstalled WinZip? :/, Also that EseaDriver was not found. I searched around could not find it. Google was completely uninstalled, but there was an error in the middle of removing it. Not sure what it is, but after 10min Chrome was gone. The one log in the FRST shows the "fix" and yes, i was able to run it.the ISO right now.
    Okay thank you.
      My ComputerSystem Spec
  4.    05 May 2017 #54

    So there is no problem using the internet connection while still booting that Rescue?

    Also, You want me to not leave the recovery while you're checking the logs?
      My ComputerSystem Spec
  5.    05 May 2017 #55
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    So there is no problem using the internet connection while still booting that Rescue?
    Nope, no problem using internet while in the rescue environment. Your OS (Operating System) is not running, so the infections are dormant and can be removed.
      My ComputerSystem Spec
  6.    05 May 2017 #56

    Okay Going to boot it up now
      My ComputerSystem Spec
  7.    05 May 2017 #57
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    So there is no problem using the internet connection while still booting that Rescue?

    Also, You want me to not leave the recovery while you're checking the logs?
    That's not necessary, but you may want to run a second Malwarebytes scan after the first; only because sometimes, some things need to be removed so others can be found.

    You may want to run Ccleaner on your browsers and remove everything (not sure how well this works in the rescue environment, as I've never tried that one personally).

    But I think you can go ahead and leave the rescue environment when you are finished, and then go back to my instructions post and try to run the scans again, in the order I suggested.

    You can find all the programs here, in X:, when you've booted to the rescue environment:

    Click image for larger version. 

Name:	image.png 
Views:	2 
Size:	250.2 KB 
ID:	133604
      My ComputerSystem Spec
  8.    05 May 2017 #58
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    Okay Going to boot it up now
    Just to be clear, I only suggested you post the Malwarebytes log while in the recovery environment, because you will lose it after leaving the recovery environment. It's also possible to create a folder on the flash drive and save it there.
      My ComputerSystem Spec
  9.    05 May 2017 #59

    It seems like it is not letting me boot into the drive. I boot the Flash Drive on the PC, but nothing special happens. It just runs Windows as usual and all files starts and loads in as usual? Is it supposed to do this?
      My ComputerSystem Spec
  10.    05 May 2017 #60
    Join Date : Apr 2015
    Posts : 12,830
    W10Prox64

    Quote Originally Posted by Vikdal View Post
    It seems like it is not letting me boot into the drive. I boot the Flash Drive on the PC, but nothing special happens. It just runs Windows as usual and all files starts and loads in as usual? Is it supposed to do this?
    Usually there is a special key you can press as soon as you turn the system on (like F12, or Esc - it depends on the system manufacturer), and it will pause the boot process and give you a menu to select what media you want to boot from. For instance, for some Dell and HP models, you can press Esc (Escape key), and the boot menu comes up before Windows loads. There you have a selection of Windows Boot Manager (which is your normal OS), USB drive, optical drive, network, etc... Sometimes you have to start tapping this key as soon as you turn the system on, and keep tapping it until the one-time-boot-menu appears.

    Kyhi's rescue environment is like a mini-W10, but you'll see the desktop looks different.
      My ComputerSystem Spec

 
Page 6 of 11 FirstFirst ... 45678 ... LastLast


Similar Threads
Thread Forum
Solved Trojan or not ?
Hi all, Not quite sure when this started but roughly somewhere around July I noticed a file called NTUSER.rhk that resides in "Users\My username". Googling for the .rhk file extension gave me a bit of a scare as most sites suggest this is...
AntiVirus, Firewalls and System Security
Solved Do I Have A Trojan?
Hello, First post here :) Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac) It only shows up after a full 3 hour search and not in the fast search A full search with Malwarebytes, Adware and Hitman...
AntiVirus, Firewalls and System Security
.ecc Extension: Trojan ? Can't Seem To Delete Them ? Help please
Hello, I received an eMail from a friend who said that any file with an .ecc extension is one of those Crypto ransom ware trojans. True ? My old PC7 PC was wiped out, literally, a few months ago, so I am literally paranoid about this.
AntiVirus, Firewalls and System Security
Solved Trojan Detected in OneDrive
The odd thing is I don't even use OneDrive except to automatically upload photos from my Android phone to my desktop; nothing has been detected on the phone. I've run another full scan with Bitdefender and Malwarebytes Anti-Malware (free) without...
AntiVirus, Firewalls and System Security
Trojan in My Registry
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 11:53.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums