Please help, cant remove Win32:Ransom-WH[Trj]. Infected file is Notepad.exe.
First it was in C:\Winsows, i ran boot time scan and remove it.
Now is in C:\Winsows\system32.
Updated windows, scaned with Malwarebytes under safe mode - didnt find enething.
But avast found it again.
Pls help get rid of it, OS is Windows 7 x64
Could not scan with AdwCleaner, once i press delete the progres bar start filing and the program stoped working.
Here are the other two logs, OTL saved only one. And MBAM say im clear.
And to mention, before i started to scan with these programs, the last two boot time scans didn detect any virus?
I tried AdwCleaner under save mode and it worked
but restared normaly and theres was no log.
Maybe if i run AdwCleaner in safe mode and restart it again in safe mode?
:OTL
IE - HKU\S-1-5-21-1117447876-4001363412-1104953183-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
O3 - HKU\S-1-5-21-1117447876-4001363412-1104953183-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Blood\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Blood\Desktop\desktop.ini:gs5sys
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Here is the new OTL log.
The computer run better, but will see. Ill run another full scan with avast and hope i wont see that damn file.
But sisnce i deleted the infected Notepad.exe now when i want to open .txt windows ask me with what to open the file.
Eny idea how to fix that :-\
I know you did not mean to cause an error like that. Intentions were good here.
If one of our malware experts were to recommend you perform this action, they would be banished from this forum forever.
Do no harm to a victim’s computer is our motto here.
Just wait for a malware expert to repair an infected file in the future. They all are fully certified and trained, and know how to fix and repair errors such as this one. The goal here is to fix, not damage, your system any further than it already is. We mean to repair it back to the way it was, before the infection, if possible.
All is clean. Scanin ot the system drive didnt show any infection, it showed some archives that it couldnt scan in Program Files\Adobe, but i dont thik its something to worry about.
All the infected notepad.exe (3 of them) are in the virus chest. And thank you for the comand, windows recovered the missing notepad,
which was my stupid mistake sorry.
First time here and damn this forum is awesome. Thank you very much for the help.