Hi,
Recently i downloaded an ADB tool but it contained malware. I thought i got it off my computer but today it came back. Can you guys help me fix my computer?
Thank you in advance!
Kind regards,
Tom
Hi,
Recently i downloaded an ADB tool but it contained malware. I thought i got it off my computer but today it came back. Can you guys help me fix my computer?
Thank you in advance!
Kind regards,
Tom
I thought i got it off my computer but today it came back.What came back? details / malware name if detected
Malware expert is notified, he may not be online before tomorrow
I got Avira anti virus and the same day the warnings were gone in Avira, malwarebytes and adwcleaner. So i thought i got rid of it. But today, out of the blue i got a warning again from Avira. I did the scan and i noticed the malware warnings again. I added what Avira detected
you have to copy paste Avira log, it looks like chinese when attached (a forum issue with some logs)
7/03/2017, 16:12:16 [Real-Time Protection] Registry blocked
In accordance with security guidelines, the Administrator has blocked access to the registry.
7/03/2017, 15:56:04 [Real-Time Protection] Malware found
The pattern of ‘TR/Sefnit.ozzee [trojan]’
detected in file 'C:\Windows\Installer\MSIFBE3.tmp.
Action performed: Move file to quarantine
28/02/2017, 13:15:50 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/ELEX.kfbgf [adware]’
detected in file 'C:$Recycle.Bin\S-1-5-21-977616174-3466324736-1256606776-1001$RU6NSGZ\CrashReport.dll.
Action performed: Move file to quarantine
28/02/2017, 9:53:20 [System Scanner] Malware found
The file ‘C:$Recycle.Bin\S-1-5-21-977616174-3466324736-1256606776-1001$RU6NSGZ\CrashReport.dll’
contained the pattern of ‘Adware/ELEX.kfbgf’ [adware]
Action(s) taken:
The file was ignored.
28/02/2017, 9:53:20 [System Scanner] Malware found
The file ‘C:\Users\Tom\Downloads\ADB_Drivers_Updated.rar’
contained the pattern of ‘ADWARE/ICLoader.Gen7’ [adware]
Action(s) taken:
The file was ignored.
28/02/2017, 7:08:37 [Real-Time Protection] Registry blocked
In accordance with security guidelines, the Administrator has blocked access to the registry.
27/02/2017, 21:43:48 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/Adware.Gen7 [adware]’
detected in file 'C:\Windows\Installer\MSI2E58.tmp.
Action performed: Move file to quarantine
27/02/2017, 20:59:10 [Real-Time Protection] Registry blocked
In accordance with security guidelines, the Administrator has blocked access to the registry.
27/02/2017, 20:55:35 [Real-Time Protection] Malware found
The pattern of ‘TR/Trash.Gen [trojan]’
detected in file 'C:\Program Files (x86)\Hubishrwoy\Gritise.VIR.
Action performed: Move file to quarantine
27/02/2017, 20:55:03 [Real-Time Protection] Malware found
The pattern of ‘TR/Trash.Gen [trojan]’
detected in file 'C:\Program Files (x86)\Shwaarawutain Core\local64spl.dll.
Action performed: Move file to quarantine
27/02/2017, 20:54:00 [Real-Time Protection] Malware found
The pattern of ‘TR/Trash.Gen [trojan]’
detected in file 'C:\ProgramData\56R446h600i455\56R446h600i455.dll.
Action performed: Move file to quarantine
27/02/2017, 20:49:34 [Real-Time Protection] Registry blocked
In accordance with security guidelines, the Administrator has blocked access to the registry.
27/02/2017, 20:47:25 [Real-Time Protection] Malware found
The pattern of ‘TR/ATRAPS.853e3f (Cloud) [TR/ATRAPS.853e3f]’
detected in file 'C:\Users\Tom\AppData\Local\Temp\g687D.tmp.
Action performed: Move file to quarantine
27/02/2017, 20:44:23 [Real-Time Protection] Malware found
The pattern of ‘TR/Wdfload.sttxe [trojan]’
detected in file 'C:\Users\Tom\AppData\Local\Temp\g48AF.tmp.exe.
Action performed: Move file to quarantine
27/02/2017, 20:44:20 [Real-Time Protection] Malware found
The pattern of ‘TR/Wdfload.sttxe [trojan]’
detected in file 'C:\Users\Tom\AppData\Local\Temp\g48AF.tmp.exe.
Action performed: Move file to quarantine
27/02/2017, 20:44:07 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/OxyPumper.qbmip [adware]’
detected in file 'C:\Users\Tom\AppData\Roaming\Adobe\Manager.exe.
Action performed: Move file to quarantine
27/02/2017, 20:44:05 [Real-Time Protection] Malware found
The pattern of ‘Adware/ELEX.9d72e0 (Cloud) [Adware/ELEX.9d72e0]’
detected in file 'C:\Program Files (x86)\Hubishrwoy\Gritise.dll.
Action performed: Move file to quarantine
27/02/2017, 20:44:05 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/OxyPumper.qbmip [adware]’
detected in file 'C:\Users\Tom\AppData\Roaming\Adobe\Manager.exe.
Action performed: Move file to quarantine
27/02/2017, 20:44:03 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/OxyPumper.qbmip [adware]’
detected in file 'C:\Users\Tom\AppData\Local\Microsoft\Windows\INetCache\IE\G6F1VJG4\Manager[1].exe.
Action performed: Move file to quarantine
27/02/2017, 20:43:24 [Real-Time Protection] Real-Time Protection is in snooze mode
Real-Time Protection has been set to snooze mode
27/02/2017, 20:43:12 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/ICLoader.Gen7 [adware]’
detected in file 'C:\Users\Tom\AppData\Local\Temp\Rar$EXa0.518\ADB_Drivers_Updated.exe.
Action performed: Move file to quarantine
27/02/2017, 17:17:12 [Real-Time Protection] Real-Time Protection is in snooze mode
Real-Time Protection has been set to snooze mode
27/02/2017, 17:09:26 [Real-Time Protection] Malware found
The pattern of ‘ADWARE/ICLoader.Gen7 [adware]’
detected in file 'C:\Users\Tom\AppData\Local\Temp\Rar$EXa0.873\AndroidSDKSlim.exe.
Action performed: Move file to quarantine
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
BikaQ Rss
WinSnare
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Hi
I could only uninstall winsnare. BikaQ wasnt listed. Thank you for your help!
Tom
Is Avira still finding malware?
Avira isn’t detecting any malware. It just gives general warnings but no detections.
Thank you for your help!
What type of “general warnings” (from Avira)?
Does Malwarebytes find anything now?
It doesnt let me post a reply with an attachment, weird.
did you see this info?
Allowed file types: jpg, png, txt, log, gif
Restrictions: 4 per post, maximum total size 1024KB, maximum individual size 1024KB
Yeah, just realised. The report is 16mb. The warnings are about files it couldn’t open.I just found out that another pc is infected. Should i open a new post of just put the necessary info in here? Thanks again for all your help!
you can attach a screenshot so we can see what it is about
Here are some screenshots.
Those screenshots show that the scanner could not access a protected file (usually because the file is in use by a different process) and that your system does not have VSS service running (not certain the Win10 Educational has VSS available).
Have you tried the official support for Avira here?
I haven’t tried it yet because you guys offer such great help. I’m doing another scan atm and i’ll go with it to the Avira website.
Thanks for your help!
Understood and thanks. Let us know how things turn out for you.
Are the warnings in the scanner reports dangerous?
The warnings in the scanner log usually refer to files, which were being accessed by other programs and thus could not be checked for malware by Avira software.
In general, this has nothing to do with virus suspicions. In order to reduce the number of warnings, close all applications before starting the scan.
This is what Avira wrote on their support page on their website
That was what I suspected but it is best to always check with the software vendor.