Hey there. I have a Windows 8.1 PC. I have run a full scan of MBAM, avast!, RogueKiller, AdwCleaner, and BitDefender and I still have the virus and/or malware on my PC. The object was called “Friends Checker”, it used to underline words in my web browser, but is no longer there. I know it’s still on my system, however. When I turn my PC on, 3 new objects are ALWAYS created on my PC, “This PC, Homegroup”, and a folder with my name on it showing an avatar of a faceless man. No matter what I scan with (even a Boot-time scan with avast!), I can’t get rid of it! I believe I got this virus/malware via the installation of DaemonTools lite. Can I please get some help with this!?
Hi, Attach all the logs from RKill, ADWcleaner, MBAM.
Go Here and download OTL and aswMBR. Then I can get someone to help you.
Here’s MBAM, RK, ADWCleaner, OTL, next will be Extras.txt and asw
I heard aswMBR is incompatible with Windows 8. So sorry if no data is provided.
Remover notified.
Thanks for posting the logs.
Also, correct. I forgot the warning about Win 8. Sorry about that. aswMBR and Win 8 are not yet compatible.
Thanks
Hi,
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Here you go.
Here is a log for Spybot - Search and Destroy
Hi,
First of all you’re running two antivirus products. Uninstall one of them, it is not recommened to keep two of them simultaneously.
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
autoclean;
emptyclsid;
emptyalltemp;
[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Still have the infection.
I have also removed the other antiviruses on my PC. I now just have Malwarebytes and avast!
That looks very strange. Can you post the screenshot how it looks like when your turn on you PC.
For some reason the website wouldn’t let me upload the pictures. I was getting “413 Request Entity Too Large”. Here’s links to the images.
http://imgur.com/6HOmxyM
http://imgur.com/IJlaQ3y
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Friends Checker;a
Friends Checker;z
friendschecker;a
friendschecker;z
[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I got this virus removed. It was under: “C:\Program Data\MovieMode”
I submitted the files to you guys via virus lab.
Here is the website where this was found from:
http://moviemodeapp.com/
Thanks for letting us know
Thanks for your help!
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.