hello, my computer is jacked. i can’t open any files (videos, office, pics, pdfs…) and the browser redirects to paytordm…
i’ve attached the logs from: https://forum.avast.com/index.php?topic=53253.0
hello, my computer is jacked. i can’t open any files (videos, office, pics, pdfs…) and the browser redirects to paytordm…
i’ve attached the logs from: https://forum.avast.com/index.php?topic=53253.0
Tis not take me any pride to tell you this.
i
I stand coorected
You also appear to be heavily infected with A backdoor, Trojan and POWELIKS.
I will notify someone
Hi at the end are some possible routes for getting your files back, there is no guarantee I am afraid
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-2216841729-3278897734-621018808-1005\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! SearchScopes: HKU\S-1-5-21-2216841729-3278897734-621018808-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2216841729-3278897734-621018808-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-2216841729-3278897734-621018808-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File 2014-11-02 21:47 - 2014-11-02 21:47 - 00000278 _____ () C:\Users\Public\INSTALL_TOR.URL 2014-11-02 21:41 - 2014-11-02 21:41 - 00000278 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL 2014-11-02 21:40 - 2014-11-02 21:40 - 00000278 _____ () C:\Users\kealai\INSTALL_TOR.URL 2014-11-02 21:18 - 2014-11-02 21:18 - 00000278 _____ () C:\Users\kealai\Downloads\INSTALL_TOR.URL 2014-11-02 21:11 - 2014-11-02 21:11 - 00000278 _____ () C:\Users\kealai\Documents\INSTALL_TOR.URL 2014-11-02 21:03 - 2014-11-02 21:03 - 00000278 _____ () C:\Users\kealai\AppData\Roaming\INSTALL_TOR.URL 2014-11-02 21:03 - 2014-11-02 21:03 - 00000278 _____ () C:\Users\kealai\AppData\INSTALL_TOR.URL 2014-11-02 20:59 - 2014-11-02 20:59 - 00000278 _____ () C:\Users\kealai\AppData\Local\INSTALL_TOR.URL 2014-11-02 20:49 - 2014-10-28 18:47 - 00000278 _____ () C:\ProgramData\INSTALL_TOR.URL 2014-11-02 20:14 - 2014-10-28 16:33 - 00001104 ____H () C:\ProgramData\@system2.att 2014-11-02 20:11 - 2014-10-28 16:36 - 00000000 ____D () C:\Users\kealai\AppData\Roaming\Uryqviol 2014-11-02 20:11 - 2014-10-28 16:36 - 00000000 ____D () C:\Users\kealai\AppData\Roaming\Pybibyoq C:\ProgramData\d24hfhdh24.exe EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
http://i.imgur.com/y3MMIrs.png
Previous Versions
[*]Right-click the file/folder and click Properties.
[*]Click Previous Versions.
[*]This tab will list all copies of the file and the date they were backed up.
[*]To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
[*]If you wish to restore the selected file and replace the existing one, click Restore
[*]If you wish to view the contents of the file before restoring, click Open.
http://i.imgur.com/MzmiIl9.gif
ShadowExplorer
[*]Please download ShadowExplorer and save the file to your Desktop
[*]Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
[*]Right-Click ShadowExplorer.exe and select
http://Run as administrator to run the programme.
[*]You will see a drop-down menu with the shadow copies of all partitions and disks present.
[*]Click C:\ from the drop-down menu.
[*]To the right, pick a date prior to the infection from the drop-down menu.
[*]To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
[img]http://i.imgur.com/J8xQM97.png
File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.
[]
http://i.imgur.com/fSA1TL4.png
R-Studio
[]
http://i.imgur.com/C08PZmH.png
Photorec
[*]
http://i.imgur.com/uc6sByo.png
Recuva
thanks for the responses…i’ll try this tonight with my fingers crossed.