Ok first off I have to say I have no clue what to do when it comes to this…
I have a quick scan set to run every day. Yesterday it found this thing. I tried to do the normal and move it to the chest.
It won’t, it just says Error: The process cannot access the file because it is being used by another process(32)
Also, I keep getting this popup on my screen that says MALICIOUS URL BLOCKED except its like 15 of them, all with different “objects”. ???
I am so lost, please anyone help. I would greatly appreciate it.
Thank you in advance.
[*]Disable any script blocking protection
[*]Right-click and Run as Administrator dds to run the tool.
[*]When done, two DDS.txt’s will open.
[*]Save both reports to your desktop.
Please attach the contents of the following in your next reply:
DDS.txt
Attach.txt
ComboFix
Download Combofix from the link below, and save it to your desktop. Link
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
Ok so like I said in my first post I’m completely ignorant when it comes to this stuff but, who exactly am I replying to? Are ya’ll avast help people or just someone out there thinking they will do something bad to my computer? I mean no disrespect at all if your ligit, but I’m extremely paranoid about this kinda stuff… Please don’t get mad I’m just making sure for my own peace of mind.
OMG I just did the dds thing and it told me who yall are. I am so so sorry. Please forgive my rudeness, I’m just paranoid. I’m truly sorry. And thank you so much. :-[
OMG I just did the dds thing and it told me who yall are. I am so so sorry. Please forgive my rudeness, I'm just paranoid. I'm truly sorry. And thank you so much.
No worries at all. :) I have been in your shoes and that is how I got started helping people. I know how scary a messed up computer can be.
[*]Right-click and Run as Administrator SystemLook.exe to run it.
[*]Copy the content within the following codebox into the main textfield:
:dir
c:\users\Nay and Joshie\AppData\Roaming\GoR8O2t0cmI /s
[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
Um I’m not sure if this is important but I did a boot time scan and it found the two rootkit things and moved them to the chest. Then I did two different full system scans and they came up clean.
I will do as you advised anyways until I here from you.
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix may request an update; please allow it.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Attach the ComboFix log and let me know how your system is running now.
Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.
C:\Downloads\Software\frostwire-4.20.5.windows.exe multiple threats
C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\Mediabar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.dll.vir Win32/Toolbar.CrossRider application
C:\Users\Nay and Joshie\Documents\frostwire-4.21.8.windows.exe multiple threats
C:\Users\Nay and Joshie\Downloads\frostwire-4.20.5.windows.exe multiple threats
C:\Users\Nay and Joshie\Downloads\frostwire-4.21.8.windows.exe multiple threats
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the box below:
ClearJavaCache::
File::
C:\Downloads\Software\frostwire-4.20.5.windows.exe
C:\Users\Nay and Joshie\Documents\frostwire-4.21.8.windows.exe
C:\Users\Nay and Joshie\Downloads\frostwire-4.20.5.windows.exe
C:\Users\Nay and Joshie\Downloads\frostwire-4.21.8.windows.exe
Folder::
C:\Program Files\BearShare Applications
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix may request an update; please allow it.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Post the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Attach the new ComboFix log and let me know what malware related problems you are still having.