blackled.info, epictory,reddie.net or reduled

Hi all,

I have had many viruses over the years, and I have always managed to get rid of them, but now I am having problems, and I have been trying
now for 2 weeks without success.

Luckily avast blocks it every time, but I want to get rid of it.
The url that avast blocks is either blackled.info, epictory,reddie.net or reduled, and a couple of others.
This comes up even before I have opened any browser (I use firefox btw).

I tried the usual, which is booting up in safe mode and running malwarebytes, spyhunter and even avast, but none of them can even find the
virus. So it would be pointless showing any logs here.

I notice others on this forum have had the same virus, but it said in the other threads to make your own thread, so this is what I am doing.
I have also tried loading a restore point from a few months ago, but this did not solve the issue.

The only thing I have to show is a few screen grabs I made when avast pops up. Nothing else can even find this nasty virus.

I am at my wits end now.
I hope somebody can help me.

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Hi TwinHeadedEagle,

Thank you for your quick response.
I have attached both the Addition.txt and the FRST.txt

I hope it helps.

PS. How do you learn how to do this stuff?

I learn by setting in front of PC for hours :smiley:

You need to get rid of one antivirus, either Ad-Aware or Avast, you cannot have two.

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Hi TwinHeadedEagle,

You need to get rid of one antivirus, either Ad-Aware or Avast, you cannot have two.

Ad-Aware is installed as a secondary spyware system. It does not run all the time. However Avast is my main virus checker.
I understand that running two virus checkers at the same time is not good, but I find that sometimes one will find spyware that the other doesn’t.

I will follow your instructions and get back to you.

regards
Asimov

No matter how, you cannot have two antivirus products running simultaneously.

If you want to check your PC for malware, then much better choice is MalwareBytes.

Hi TwinHeadedEagle,

Strangely enough I don’t normally have adaware installed. It was an act of desperation after spending a lot of time trying to get rid of this beast of a virus.
Stupid thing is that it wouldn’t even download the virus definitions so it was a waste of time anyway.
I have had a look through the zoek logs. It seems to erase the caches of all the browsers installed, and I didn’t even know that chrome had sneaked on to my machine. Not sure what zoek does exactly but interestingly I found out it is a Dutch word meaning search.

I have attached the log.

The virus hasn’t popped up yet, so no telling if it has done anything yet. From experience I find that just when you think you got it, the thing pops up again.

Will keep you posted.

PS. Have now uninstalled adaware, and I always use malwarebytes, but unfortunately on this occasion it couldn’t find the virus. I don’t know why. Unless the virus was shielded from it somehow. I know sometimes they can hide in system restore where they can’t be touched.

regards
Asimov

Yes, PC should be clean now. Is everything okay?

Hi TwinHeadedEagle,

I didn’t get any popups from avast yesterday. Had something pop up today, but it was while downloading email, so I don’t know if it was something in one one of the emails or something else.

It usually pops up when I have either first booted up, or when I open my laptop.

So I will give it a few days to see if I get anything else comes up.

Thanks so much for your help.
I am usually pretty knowledgable about computers, but now I find I don’t know as much as I thought heh heh.

Anyway Thanks.

Hi TwinHeadedEagle,

It seems the virus has been killed. Thank you very much you are a genius.

If something like this ever came back, is it safe to run zoek with the same lines you gave me again.
I am guessing the virus must have been hiding in some tempory file and may have taken over the dns which you help solved the issue.

What I can’t understand though is why zoek was able to remove a virus that Avast or malwarebytes couldn’t even find.
I would like to know more about how malware works, because it can be very annoying to say the least. Is there any good websites for learning about this stuff.

I think Avast should pay you to add these features to avast.

I am not sure you can learn this at every corner :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Hi TwinHeaded,

Thanks that seemed to clean it up nice.

Yeh I understand that something like this is not easy to learn quickly.
It is like programming. No two scenarios are the same. I am self taught in various computer languages, like php, jquery,C++,C# and various other languages, so I pick things up quite quickly (and viruses apparently LOL).

I suppose you have to experience a lot of viruses before you know how to tackle them.

Thank you for your help anyway.

regards
Asimov

Hi asimov,

When you know your way around with scripts and want to study these cleansing routines enlist at one of the online bootcamps, like geekstogo. You are being taught until you can help under guidance and later you are able to help when you graduate as a qualified removal expert. We even have 2 teachers here (essexboy and oldman). During the time of your online studies you are not allowed to help with cleansing routines until you are qualified. Qualified Removal Expert is a status that is recognized everywhere and all over the Internet.
I am only helping these quys through support relevant knowledge as a volunteer website security analyst (cold reconnaissance third party scanning) and as a website error hunter. So I skim after outdated and exploitable scripts, server (mis)configurations, exploitable code, checking against regular expressions, obfuscating and de-obfuscating etc. etc.
after a decade of experience you can almost smell the ill code when going over some website source representation.
Hope you decide to fight for the benevolent forces and come to join us one day.

regards,

polonus

Where to start and become a certified and recognized malware remover.
http://uniteagainstmalware.com/

Thank you, Hernan, for that important link and resumé.

Damian