I have read preliminary instr. re malware and have run Malwarebytes, crated OTL logs. Thanks for the help.
malware experts are notified…
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait for the tool to start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;
[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I am attaching two more logs, thanks
Re-run Zoek again with the script below:
emptyfolderscheck;delete
C:\Program Files\Optimizer Pro;fs
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b
Found a websteroids exe file in windows/prefetch file, no action. Have attached the second log. Thanks
Re-run Zoek one more time
Websteroids;z
Found numerous entries in the registry as well, no action. Attached is the third log. Thanks
You can manually delete Websteroids file in Prefetch folder? How is the situation now?
websteroids entry gone from prefetch folder; at least six entries in registry re websteroids remain, no action. Thanks
Let’s make the final check:
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
[i]For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file (
http://www.mcshield.net/personal/magna86/Images/mbar.png
) and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see ‘Success: Database was successfully updated’ click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
- ‘Could not load protection driver’. Click ‘OK’.
- ‘Could not load DDA driver’. Click ‘Yes’ to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution …
- When you see “press any key to exit” fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
- mbar-log-year-month-day (hour-minute-second).txt
- system-log.txt
Please post both logs in your next reply.
So no malware found after root kit scan; guess those entries in the registry are innocuous. Attached are the two logs you requested. My 2013/14NIS did not catch this bug. Would the Avast product catch it early on? Do you recommend installing the Malwarebytes product (not the root kit beta)?
Have no idea where this came from. Looks like the initial Malware scan showed something arrived July 2013?
Thank you so much for all of your help!
PC seems clean. You should keep MalwareBytes for occasional scan.
I can recommend you this software to avoid Adware in the future:
Read here how it works → http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
All done; I will monitor the Unchecky software. When you suggested an occasional scan with MalwareBytes were you referring to MBAM or MBAR? Attatched is the log from delfix. Again Thank You so much!
MBAM → MalwareBytes Anti-malware
MBAR → MalwareBytes Anti-rootkit
You can scan with both products, difference is minor…
Ok, Thanks for everything. Do I need to do something to close this thread or does it expire with inactivity?