Hi dear friends, it seems I may need your help one more time
My PC seems to have, maybe, gotten a virus. It started when I clicked on an update from Malwarebytes, when I clicked on it a few popups came up saying Malwarebytes stopped a malicious site. After that, I am unable to download anything on my computer, not even malwarebytes, which I can not open to run it. I tried also downloading ADWCleaner but can not downloaded it, and my Google browser is not working either, it was the browser I was using when this happened. I can open IE , but I can not download it seems, like nothing.
I run an Avast full scan but it got stuck at 19%, it run for 3 hours, but stuck at 19%. I started the full scan again and it is stuck now at 19% again.
Can you please help me? Since I can not download anything on that computer, I can not follow your recommendations and I do not know what to do. I do have this laptop and an iPad that are OK.
The computer infected is a Dell, Windows Vista, has ( or I should say had at the time of possible infection ) Malwarebytes Premium and Avast Premier 2015. Google Crome not working at the moment and IE is working so farā¦
Thank you so much!
I do have this laptop and an iPad that are OK.good .....
first install MCShield on your lappy http://www.mcshield.net
then see instructions here https://forum.avast.com/index.php?topic=53253.0
download Farbar Recovery Scan Tool on your lappy, then move it over with a USB stick, run as instructed, move the two logs back to the lappy and attach here
Thanks Pondus! Should I also install mcshield on my infected PC too?
Do I need it in my laptop if I have malwarebytes premium too?
It is recomended to have on all computers. This is a special scanner that protect against malware that use removable drives to spread
it is a install on forget tool, it use no recours except for when you plug in a USB device and it scan for a few seconds
lots of info / reviews on MCShield website
Hi Pondus, I plugged in the USB on my PC, but it wonāt open. I can not either open anything on the Start menu, I can not even shut down or use Sleep on it, It wonāt respond.
Should I just turn off the PC by pressing the power button and see what happens? and then once restarted try again or shutting it down will make it worse?
I am thinking that maybe Vista is frozen , but I can open some stuff like IE, Avast ( even thou the scanning stops at 19%, it wonāt go further) also Windows update opens up, but if click on the USB or Start menu, there is no response, can not open Google eitherā¦
Avast safe Zone does not open eitherā¦
I just tried running a quick scan with Avast, the screen went black, then all white and it says Avast is not resppndingā¦ all the screen is white with light blue borders around it
What version of windows do you have and is it 32 or 64 bit ?
Hi Essexboy! The computer infected is a Dell, Windows Vista, had at the time of possible infection Malwarebytes Premium and Avast Premier 2015. I can not remeber if is 32 0r 64 and at the moment I can not check that as the screen continues to be for the last 2 hours all white with light blue border and the mousse symbol is circling continuoslyā¦
Should I turn it off and on manually by pressing the Power button? it has been on since yesterdayā¦
Yes turn it off I will give links for both 32 and 64 bit, but try 32 bit first. Links sent by PM
Download the following three programmes to your desktop :
For 64bit systems
2. Windows Vista 64bit RC
3. Farbar Recovery Scan Tool x64
For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool
Insert the USB stick Then run Rufus
https://dl.dropbox.com/u/73555776/rufus.JPG
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
https://dl.dropbox.com/u/73555776/RufusISO.JPG
Then copy FRST to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
Windows 7 and Vista screenshots
When you reboot you will see this.
Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select āComputerā and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Thanks! I will do that. Is it safe to reinsert the USB I have already inserted on my contminated PC, on my laptop again or should I get a new one?
No need for a fresh one as Rufus will wipe the drive before it copies the boot data to it
OK! should I use:
Rufus 2.1 (788 KB) or
Rufus 2.1 Portable (788 KB)
when I inseted the USB on my laptop, MCShield run and said it was infected, but stopped it. This is what the note pad showed in case it helps:
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
v 3.0.5.28 / DB: 2015.3.23.1 / Windows 7 <<<
3/26/2015 3:10:30 PM > Drive E: - scan started (KINGSTON ~15262 MB, FAT32 flash drive )ā¦
E:\autorun.inf > Legitimate file.
Resetting attributes: E:\urDrive < Successful.
=> Hidden folders : 1/1 unhidden.
::::: Scan duration: 15sec :::::::::::::::::
I used the Rufus Portable, as the other did not workā¦
Hi, I used the Rufus portable download and pressed start and this is what showed up - attached file for Rufus screen shot and warning screenshot. Even thou I made sure it looks like the screnn shot you sent meā¦
Should I uncheck : Create a bootable diskā¦
and press start again?
I am confusedā¦
I do not see : Select the ISO file on the desktop via the ISO icon.
As I do not see any ISO on my desktopā¦ where will it beā¦?
So I guess I am stuck on the warning showed in attachment Rufus 5, as I have no idea of what to do nextā¦
So sorry that I am so inexperienced with this stuffā¦ it is probably simple. butā¦
Insert the USB stick Then run Rufus
https://dl.dropboxusercontent.com/u/73555776/RufusISO.JPG
Select the ISO file on the desktop via the ISO icon.
Click the ISO image button and select the Vista RC that you downloaded to your desktop then press burn
Hi!
Hi Essexboy!
here is the log
Thanks fo ryour helpā¦
Nothing really jumps out at me there, so I will remove a few entries that are possible causes and reset the network
Download the attached Fixlist.txt to the same location as FRST (USB)
Start FRST as before and press fix
Once it has completed reboot to normal windows and try a download again
Hi Essexboy, I followed your instructions and the computer is now working great! Better than in a very long time ;D
I am very grateful once more for your helpā¦
I will like to ask you a favor, if you could please look at the attached log from my laptop after running the Farbar Recovery Tool program, as this laptop is not working very well and stalling a lot for a while now. I have tried other tools but nothing seems to help. I was wondering in the Frst tool will show something I can improve it.
I am sorry if it is too much to ask after how busy you must beā¦
Thank you so much for all the help you give to all of us hereā¦
Wishing you the best to you and your familyā¦
Glad the main computer is now OK
Let me know if this helps the laptop
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-1442282352-1916392805-3601698020-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1442282352-1916392805-3601698020-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File 2015-03-03 14:44 - 2015-03-03 14:44 - 00000000 __SHD () C:\Users\Anjana\AppData\Local\EmieBrowserModeList 2011-06-21 15:03 - 2011-06-21 15:03 - 0000000 _____ () C:\Users\Anjana\AppData\Local\{1D3BE3F2-AAFE-4F6E-A363-7778C8B0B62D} 2011-07-06 21:23 - 2011-07-06 21:23 - 0000000 _____ () C:\Users\Anjana\AppData\Local\{B9D37718-0FD9-47E0-8C12-943635DCCFEF} Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that