GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionComputer Infected and Tough Getting It Cleaned EmptyComputer Infected and Tough Getting It Cleaned

more_horiz
Im here because my friend FreeBooter told me its the best place to find help for getting rid of a virus. Anyone?

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Hello there, welcome to GeekPolice. Thanks for posting.

Right away, I will say I do not spot anything immediately alarming, except for the use of uTorrent and keygens. Therefore, even if we do assist you, if you become infected again, it will be because of the keygens/use of uTorrent.

I can verify a few things first... Let's see:


  • Please download MBRScan and save it to your desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Windows 7+ Users, right click on MBRScan and then click on run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your desktop and post its content in your next reply.



Computer Infected and Tough Getting It Cleaned Z7YgZ8dTDSSKiller

  • Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
  • Right-click on tdsskiller.exe and select Computer Infected and Tough Getting It Cleaned SpcusrhRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the End User License Agreement (EULA) and the KSN Statement;
  • Once the application is done initializing, click on the Change parameters button;
  • In addition to the current checked boxes, check these two as well:

    • Verify file digital signature;
    • Detect TDLFS file system;


  • Once done, click on Ok then click on Start scan;
  • After the scan is complete, click on the Report button, in the top right corner;
  • A report window will open with the scan log. Copy and paste it in your next reply;

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Ok, i appreciate the help. I understand the risks of files from the internet and especially malicious code. Here are my 2 scans

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7+ users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.





Please download GMER from one of the following locations and save it to your desktop: Main Mirror which will download a randomly named file Zipped Mirror - Unzip the file to its own folder such as C:\gmer Disconnect from the Internet and close all running programs Temporarily disable any real-time active protection It is very important you do not use your computer while GMER is running Double-click on the randomly named GMER icon GMER will open to the Rootkit/Malware tab and perform an automatic quick scan If you receive a warning about rootkit activity and are asked to fully scan your system click NO Please check in the Quick scan box Please uncheck the following: IAT/EAT Show All <<< Important : Click Scan If you see a rootkit warning window click OK When the scan is finished, Save the results to your desktop as gmer.log Click Copy then paste the results in your reply Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled Note: If you encounter any problems, try running GMER in Safe Mode If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Ok i did what you told me, the second one i was confused... Do I check Show All  because it was already unchecked and while scanning the computer crashed with this information:

Code:

Stop code: DRIVER_IRQL_NOT_LESS_OR_EQUAL
What failed: ffliyfod.sys


And I attached the file from the first scan!

PS: I will try the scan again in safe mode after some sleep, I need to get some rest.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Try this first and then try GMER again please.

To disable CD Emulation programs using DeFogger please perform these steps:
  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



Note about GMER before running it again:

  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
I got the same error message with a crash again after doing the last steps.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Attempt in safe mode with networking and let me know what happens please

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
This time doing it in safe mode found 2 things it out in red that it said might be rootkits it asked for full scan and I clicked no so I could uncheck that one thing you said and it scanned and crashed on the same line again, same crash error. Want me to go back to safe mode and run it again just to copy down the 2 things it said were warnings before I clicked scan?

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
I'm sure it would be useful, so yes please.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Hi Jay,

One of the keygen was a virus its now deleted.


https://www.virustotal.com/en/file/bc93e316a99b3904d9a8c5b40b3bdeae0529c1cbb01e2b5b8dde9a2bd46229e0/analysis/1509246788/

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Neshta.A

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Hey, the virus came back, it’s so aggressive also. Currently running Avg Netsh tool to try to remove it since for the most part we Figured out the name of the virus

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
That is one old infection, and what's weird is that it creates itself using very old programming schemes back from Windows XP days. This would be a Windows XP exploit... Why it's causing issues on a W10 PC is beyond me, but it's not like it can do all that much damage as long as Windows is patched.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code:


    :filefind
    directx.sys
    svchost.com
    popen


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt




Please also download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Ok System Look gave me:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:41 on 29/10/2017 by lee
Administrator - Elevation successful
========== filefind ==========
Searching for "directx.sys"
No files found.
Searching for "svchost.com"
No files found.
Searching for "popen"
No files found.
-= EOF =-


And CKScanner gave:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe after effects cc 2018\support files\presets\toonitv2 presets\roto toon\roto toon crackle problem.ffx
c:\program files\adobe\adobe after effects cc 2018\support files\scripts\iexpressions precracked v1_051\._mylibrary.xml
c:\program files\adobe\adobe after effects cc 2018\support files\scripts\iexpressions precracked v1_051\iexpressions.jsxbin
c:\program files\adobe\adobe after effects cc 2018\support files\scripts\iexpressions precracked v1_051\iexpressions1_11.jsxbin
c:\program files\adobe\adobe after effects cc 2018\support files\scripts\iexpressions precracked v1_051\mylibrary.xml
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe media encoder cc 2018\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2018\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files\boris fx, inc\bcc presets 10\styles\material styles\stone_wood_leather\cracked peeling.mtl
c:\program files\boris fx, inc\bcc presets 10 ofx\styles\material styles\stone_wood_leather\cracked peeling.mtl
c:\program files\common files\native instruments\battery 4\presets\lofi\crackle.nbfx
c:\program files\common files\native instruments\kontakt 5\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
c:\program files\cycling '74\max 7\resources\media\jitter\materials\pavement.cracks.jitmtl
c:\program files\presonus\studio one 3\presets\presonus\fat channel\drum\snare crackalak.dsppreset
c:\program files\red giant\rgfx\plugins\universe_stylize_texturize\resources\presets\grunge\cracked wall.preset
c:\program files\red giant\rgfx\turbulence\voronoi\chebychev\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\length\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\length2\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\manhattan\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\minkowski4\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\minkowski5\crackle.shader
c:\program files\red giant\rgfx\turbulence\voronoi\quadratic\crackle.shader
c:\program files (x86)\common files\native instruments\fm8\sounds\fm7 legacy\beam cracker bass.nfm8
c:\program files (x86)\common files\native instruments\fm8\sounds\fm7 legacy\cracklephone.nfm8
c:\program files (x86)\common files\native instruments\massive\sounds\massive factory\crackle carl.nmsv
c:\program files (x86)\common files\native instruments\massive\sounds\massive factory\digitoy crackle.nmsv
c:\program files (x86)\common files\native instruments\shared content\sounds\fm8\fm7 factory\beam cracker bass.ksd
c:\program files (x86)\common files\native instruments\shared content\sounds\fm8\fm7 factory\cracklephone.ksd
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files (x86)\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\claps\ma firecracker clap.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\hi hats\ma firecracker chat.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\kicks\ma firecracker kick.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\snares\ma firecracker snare.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\toxic biohazard\presets\basses\crack.tbio
c:\program files (x86)\presonus\studio one 3\presets\presonus\fat channel\drum\snare crackalak.dsppreset
c:\_torrents\_torrentfiles\completed\native.instruments.battery.4.v4.1.6.incl.patched.and.keygen-r2r.torrent
c:\_torrents\_torrentfiles\completed\native.instruments.maschine.2.v2.6.5.update.incl.patched.and.keygen-r2r.torrent
scanner sequence 3.ZZ.11.GCNAVZ
 ----- EOF -----

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Open SystemLook and type/copy & paste the following in just as last time:

Code:

:dir
c:\_torrents
c:\_torrents\_torrentfiles
c:\_torrents\_torrentfiles\completed

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
This is what I got:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:55 on 29/10/2017 by lee
Administrator - Elevation successful

========== dir ==========

c:\_torrents - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 169 bytes [11:17 26/10/2017] [06:13 14/01/2017]

---Folders---
Completed dr----- [11:17 26/10/2017]
Downloading dr----- [11:17 26/10/2017]
_TorrentFiles dr----- [11:18 26/10/2017]

c:\_torrents\_torrentfiles - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 169 bytes [11:18 26/10/2017] [06:13 14/01/2017]

---Folders---
Completed dr----- [11:18 26/10/2017]
Downloading dr----- [11:18 26/10/2017]

c:\_torrents\_torrentfiles\completed - Parameters: "(none)"

---Files---
desktop.ini --ahs-- 123 bytes [11:18 26/10/2017] [18:05 25/01/2017]

---Folders---
None found.

-= EOF =-

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Malwarebytes' scanner

If this program is already installed: Skip the installation and run only the scan! If you have an old version called "Malwarebytes' Anti-Malware" then you need to completely upgrade it to version 3. Please ensure to update according to instructions below.

Download and install: Please download Malwarebytes' scanner to your desktop.

  • Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  • Click Finish.
  • On the Dashboard, click the 'Check for Updates' button.
  • After the update completes, click the 'Scan Now' button.
  • A Threat Scan will begin. Please allow it to progress through the scanning process.
  • When the scan is complete, if there have been detections, click Quarantine Selected button to allow the program to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open Malwarebytes once more.
  • Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Find the log on your Desktop and Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)




ESET online/downloaded scanner

If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.


  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

    Computer Infected and Tough Getting It Cleaned Ii1p6C2
  • After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
    Computer Infected and Tough Getting It Cleaned Pbl6QoP
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
    Computer Infected and Tough Getting It Cleaned IYk249p
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
    Computer Infected and Tough Getting It Cleaned SQWS5b1
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
    Computer Infected and Tough Getting It Cleaned OkgGDKc
  • Once you're done, click on the Back button;
  • Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;





ZOEK scanner

Please download ZOEK by Smeenk and save it to your desktop
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on Computer Infected and Tough Getting It Cleaned 51a612a8b27e2-Zoek icon and select Computer Infected and Tough Getting It Cleaned RunAsAdmin Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    Code:

    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


    Tip
Please ensure the Malwarebytes' scanner, ESET scanner, and ZOEK logs are posted in your next reply, as long as they ran fine. If one or more did not run well, please let me know.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
How's this going?

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Hey im sorry, i haven't gotten back earlier. I got it to a point where malwarbytes doesn't detect any threats and after that I have been playing catch up spending all day in Photoshop the last 2 days working on backed up work. As soon as I get to catch up point later tonight Im going to back track and do the last 2 posts i seen you posted for me, thanks.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Okay, thanks for the update. Don't hurry.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Sorry, wanted to get back to you that I finally kicked this virus' ass. Im still finding it in random places though. I just have so many files through 5 internal hard drives and 2 external. Thank you for your help through this!

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
Do you require further assistance then or is this solved?

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
I’d say it’s solved & thank you again for your help!

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
You're welcome. Thanks for the update. Topic marked as solved.

descriptionComputer Infected and Tough Getting It Cleaned EmptyRe: Computer Infected and Tough Getting It Cleaned

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum