I’m getting VERY frequent pop-up boxes reporting that a threat has been detected.
It is centred on the svchost.exe with ortiguard, any-Chicago
Attached are the basic scan log files, I will perform a Zoek scan now.
many thanks
Andy (UK)
I’m getting VERY frequent pop-up boxes reporting that a threat has been detected.
It is centred on the svchost.exe with ortiguard, any-Chicago
Attached are the basic scan log files, I will perform a Zoek scan now.
many thanks
Andy (UK)
Hello,
Please follow this topic and attach required reports
Logs attached
malware_log
FRST
Addition
aswMBR
Also I ran rhe zoek.exe programme.
I used one of your scripts, but changed the user to MYNAME
Attached is the log produced.
NB: the zoek.exe programme keeps restarting event though I close it,
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Here is the log file from zoek.exe
Appreciate your help to all members of this forum ;D
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Fix with ZOEK
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
chrdefaults;
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by andy on 13/06/2015 at 18:13:52.94.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\andy\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-06-12-201918.log 4862 bytes
C:\zoek-results2015-06-12-232357.log 24737 bytes
==== System Restore Info ======================
13/06/2015 18:18:22 Zoek.exe System Restore Point Created Successfully.
==== Deleting Files \ Folders ======================
“C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Preferences” deleted
==== Reset Google Chrome ======================
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\andy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3099 folders=519 759811266 bytes)
==== EOF on 13/06/2015 at 18:19:05.88 ======================
Very good. How is your PC behaving now?
The popup warnings have disappeared.
many thanks
Andy
Cheers
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.