Hello,
I am discovering several infected files during a ‘scan of all local drives’ as I am restarting my computer. I am afraid that I have allowed my boys a bit too much latitude in downloading some game stuff lately. Although I am typically involved, I am sensing they may be doing a bit more freelancing than I thought. Yep, my responsibility. Anywho, I am moving each flagged file to the chest as the scan is rolling and have several files so far (still scanning). I am asking what action I should take if/when the system finally loads? I am reading the general posts regarding running cleaning malware programs so I hope to better equipped to catch up, but am wondering who might help me try to resolve these issues. Thanks in advance.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
unfortunately, I only saw the first couple responses and have already deleted the files from teh chest and then attempted to restart my computer. Once again a serious hang during start up requiring hard close and restart… further advice please. Thanks
Seems it is time to move other users than yourself off any administrative account you may use. Change your admin password (write it down!) and then allocate one account to each of the other users but only as limited standard accounts. Why limited? Well, one cannot install a game or such unless they have the admin password, and you’ve changed it, so no new games can be installed without you knowing about it. Think of it as a way of protecting yourself from harm. (This should be done after cleansing your system.)
Don’t give users full system-wide rights to modify the entire system when they don’t know yet what they are doing.
Attach all four logs in your next reply. Logs are for diagnostic purposes only. Quarantine and remove, and attach resulting logs, only, with AdwCleaner and Malwarebytes. Attach logs only, for OTL and aswMBR.exe.
If not able to boot into normal or Safe Mode, let us know. If unable, a malware expert will be contacted. Otherwise, a certified malware expert removal expert will be contacted after you attach your logs and then he will come in to help you. He needs your logs to begin this process.
Sorry for the delay, but my work/kid schedule has made getting all this together a challenge. I am so very grateful for your help and have noted the chastisement regarding allowing my 7 and 11 year old, who have always asked and had me help download (as I thought) any programs. I will certainly upgrade and limit access. here are the logs to date. Thanks again for all you do for older-half-time-juggling-single-parents-nearing-fifty :-). I do appreciate it more than I can say…
Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that report.
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
I realized I should add that after using the first couple cleaners I attempted, as directed a re-start of my system only to have it ‘hang’ with a blinking cursor line (? an underscore?) staring at me. If I do a hard stop (holding for approx. 30 seconds and even unplugging once) and then start it loads OK, but a restart driven by any program, or me, results in this annoying black screen with upper left blinking cursor/line. - I also saw, at one point the other day, a windows alert that said there was no virus protection detected, but after one of ‘my restarts (hard close)’ it hasn’t appeared again. - also wondering what one of the scans meant by not recognizing a hard drive (so sorry I didn’t write the exact phrase)… after about five clicks on ‘retry’ it moved along… thanks again for all you do and your help…
I tried another Maleware run to see if anything remained after having to hard start, but it said things were clean. Unfortunately, in attempting another restart it hung again leaving the ugly blinking cursor on a black screen any pother advice? Thanks again…
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
1. Open notepad and copy/paste the text present inside the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
SearchScopes: HKCU - {0084CFC8-654D-4F8D-810B-0C90659B88E8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN11909118411663820&UM=2
FF Extension: No Name - C:\Users\MnKnZnR\AppData\Roaming\Mozilla\Firefox\Profiles\tx30brt4.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
cmd: ipconfig /flushdns
2. Save notepad as fixlist.txt to your Desktop. NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warned you about the outdated version please download and run the updated version.
[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
