Help in cleaning malware needed

I followed all the steps in “logs to assist in cleaning malware”. I attached these logs with this post. What should i do next?
Edit: I kept getting the popup for JS:Agent-EDB [Trj] before i did all the steps.

Now you’ve to wait for one of the malware experts…

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
HKU\S-1-5-21-1089142947-2339947531-804550469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.domaincentar.com
FF Homepage: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com
FF NewTab: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com

  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

FRST is telling me that the fixlist.txt should be in the same folder/directory the tool is created. So should i move the fixlist.txt file to the Logs folder?

FRST.exe and fixlist must be at the sampe place when run, if not FRST will not find it

if you have FRST.exe on your desktop (recomended) then you place fixlist on desktop
if FRST.exe is in your download folder then fixlist must be in your download folder

Thanks for clearing that up Pondus. The fixlog.txt is attached now.

Sass Drake will check it when he is back online …

What is the system status now?

By that u mean is it working fine? It still keeps going to domaincentar.com or usa.bravo but it got blocked.

Can you make screenshot of that? Does redirection to those sites happens everywhere or only on certain websites?

The redirections happen with firefox only, first when i open it and when i push the home button.The first screenshot is when firefox is first started. Home button redirects to the one shown in screenshot2. The chrome and edge open normally and their home button doesn’t redirect somewhere.

And now the popup started appearing again. Screenshot attached.

Please post, new FRST. txt and Addition.txt logs.

Here they are.

Here we go again.

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Startup.lnk [2017-07-07]
ShortcutTarget: Windows Startup.lnk -> C:\Windows\Windows_startup.bat ()
Tcpip\..\Interfaces\{d10abc88-f10c-49ed-a057-175822b0e656}: [DhcpNameServer] 85.253.0.130 85.253.0.2
HKU\S-1-5-21-1089142947-2339947531-804550469-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.domaincentar.com
FF Homepage: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com
FF NewTab: Mozilla\Firefox\Profiles\08b4usov.default -> hxxp://search.domaincentar.com
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Done

What is now status?

No redirections anymore. The popup stopped too for now.

Good to hear.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thanks for the help! :slight_smile: