Logs to assist in cleaning malware

This is an information topic only ~ Do NOT post logs or ask for help here
To get assistance create a topic in the Virus and Worms forum

If you wish help, here are some tools and logs that will speed up the process of getting you clean.
All analysts below are volunteers and are not associated with Avast

Malware Analysts :
helen1
Essexboy
magna86
Argus
SassDrake
Oldman
Jeffce
Andrey,pro
TwinHeadedEagle
Machiavelli
Valinorum
Naathim
dbrisendine

Website Analysts :
iDonovan
Polonus

Disclaimer: All results received via third party scanning. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.

• We will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• If you don’t know or understand something, please don’t hesitate to ask.

• Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc…)
• Please DO NOT run any other tools or scans whilst you are being helped.

It is important that you stay in your own thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools you will be asked to use. Be assured, any links we give are safe.
• The absence of symptoms does not mean that everything is clear.

To get assistance please create your own topic in the virus forum. This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread. Thank you ;D

If you are having problems still after MBAM has run then post in your thread in the Virus and Worms Forum, stating the problems you are experiencing with the computer and the FRST log…

1) FIRST

• Please download Malwarebytes, install it on your personal computer as a free program.
On the first installation-window choose Me or my family option. When the installation is complete, choose maybe later for premium if prompted.

• Before we start, please configure the scanner for deeper check, click on Settings icon on top right corner. Under Security tab, scroll and find Scan options and enable “Scan for rootkits”.
Now you may close options, press X

https://content.invisioncic.com/Mmalware/monthly_2019_11/916200549_MB4Dashboard.PNG.549b7f8ad6a1f4e04843432795efc3c9.PNG

• Please run the Scanner to search for malware. If malware is detected, allow MBAM to remove it.
MBAM shall perform update and scan your PC for any possible known malware. Upon malware removal, MBAM may prompt to system restart, please allow it

• Export the log to your Desktop and post the latest MBAM log_report in the thread.
When the scan is over, click on View report
(Scanner options > Reports > double-click to select latest Scan Report > select Advanced tab).
Under Advanced tab click Export button at the bottom, and then select the 'Export to TXT

In the Save File dialog box which appears, click on Desktop. In the File name: box type “mbam” (without quotes) for your scan log name and click Save.

  • A message box “Your file has been successfully exported” should appear, click Ok and close the windows.

• Please attach the exported/saved log named as mbam.txt to your next reply.

2) NEXT

http://www.mcshield.net/personal/magna86/Images/frstico.png

• Please download Farbar Recovery Scan Tool by Farbar and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

http://www.mcshield.net/personal/magna86/Images/FRSTGUI.PNG

[*]Double-click to run the FRST. When the tool opens click Yes to disclaimer.
[size=7pt]Please wait a moment while tool checks if there is a newer version. When the tool says “The tool is ready to use.” FRST is ready.

[*]Press [ Scan ] button.
[*]Tool will produce two logfile called FRST.txt and Additions.txt in the same directory the tool is run from.

http://www.mcshield.net/personal/magna86/Images/FRSTLogs.png

[*]Please attach both generated FRST.txt and Additions.txt logs.

Note: In the event that security software hinders FRST to work properly, please temporarily deactivate your security software (in most cases via right-click on the program icon in the system tray) and re-start the FRST

Attaching logs

Whilst posting click the attachments and other options link. Then use the browse button to navigate to the log files.
Select the log files. Use the more attachments link if required.

http://www.mcshield.net/personal/magna86/Images/avast_1.png

SPECIFIC INFECTIONS LOGS

Optional usage

If you have an infected USB stick, you may use additional program that shall attempt to remove malware only from USB memory devices.
Kindly note: The software may be old but engine heuristic is powerful enough to target even newer malware variant.

Please download installation for MCShield and save to your desktop and install the tool;
( installation is a classic “Next > Next > I Agree > …> Finish” way )
Please wait for a sec. it will initially run a scan and show the result as a toaster by the system clock;
Then in the control centre select scanner and tick Always unhide items on flash drives;

Plugin the drive and MCShield will start the malware scan …
Get the log which will be in Logs menu, AllScans.txt tab. Just click Save button and log will be located at your Desktop.

If you cannot Boot the computer

Instruction to run FRST on Windows 7, Windows 8 and Windows 10 in the Recovery Environment (RE)
The Microsoft Windows Recovery Environment (Windows RE) is a simplified, scaled-back version of the Windows operating system.
We may be able to fix malware activity or errors using Windows RE.

[*]On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to download the version compatible with your machine i.e. 32-bit or 64-bit.

Plug the flashdrive into the infected PC.
[*]Enter System Recovery Environment Command Prompt:

Instructions for Windows 10
Instructions for Windows 8
Instructions for Windows 7

[*]Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Please do NOT post logs or ask for help here.
To get assistance create a topic in the Viruses and Worms forum : https://forum.avast.com/index.php?board=4.0

Greetz, Red.