Adware Virus

Status
Not open for further replies.
You did a great job of scanning but not to good at cleaning.

The MBAM says "No action taken" meaning you did not click the next and select Clean Delete.

So run it again after dong the extra configs
MalwareBytes extra config

After update and yes update again, but before running
Click settings and confirm all are Checked.

It will find them again this time remove them send log, then run it again to make sure it comes up clean.

Mike
 
it's weird the one I uploaded in the first post says no action taken, but the one on my computer says quarantined and deleted for everything.
 
You've already ran it with the changes I posted?

Did it ask to reboot and did you do it!

Mike
 
That is from the first time I ran it, and I rebooted for the superantispyware, which was after the mbam, so I believe it's been rebooted.
 
Open MBAM click Logs

Open and send me the last log.

Then proceed with the SAS and get me a log for that also!

Mike
 
Both the Logs are above, the SAS one in the original post, and Mbam one a few posts down. Or do you want me to rescan my whole computer with each again, because seriously it takes like 6 hours each and I need to use my computer.
 
Well you are infested bad. Not only in quantity but in severity.

You need to scan again with both but if you are scanning more than the boot drive (usually Drive c: ) then uncheck the other drives for both scans. This will speed it up some.

Seriously I know it takes a while but has to be done!

If you can use the computer and just have too knock something out. But with what you had and what you have left you are at risk if reinfection.

Your call!

Mike
 
Ok I will expect logs.

I am headed to a movie and dinner in a couple hours. If I don't see anything before I go I will check when I get back.

Mike
 
PC

It says in the log you posted "No action taken" you can't spend this amount of time scanning and not delete them.

Or is something else going on?

And 6hrs to scan means slow computer or slow HD or so infested it is dragging down the scan times.

You may have a huge amount of temp and useless files so lets clean them now. If you do have a huge amount of this junk and we clean it the scans will not be as long.

Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Then

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------
This is usually the last thing I would do but we need to clean and the SR is infected anyway.

The issues are in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "During cleanup at TechSpot".

Then

Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

We will need to clean this again and create a new Restore point after you are clean. Give these cleanups time because if you do have much it could take a while.

After you are finished with all the above then run MBAM again and this time click the next or continuse and delete them and sent new log!

Mike
 
I will do all that, but I don't understand why it says no action, if I go to mbam and look at the log, it says they were all deleted and quarantined, I'll re upload it I guess.
 
You are somehow sending the wrong logs.

But this one is the correct one.

Now do the entirety of my last post.

Start the scan when watching TV or sleeping or at work but mbam needs to be ran again because it found so many and so many really bad.

It needs to come up clean. Look at the log you send and you can see if any are left.

Do it any how you can. I will be here often to check on you.

Mike
 
Whups!!!

These 04s are suspicious and undocumented can't find in google & 20 is also and should not be there.

O4 - HKCU\..\Policies\Explorer\Run: [{B82BCDA7-0A65-1033-0815-050416200001}] "C:\Program Files\Common Files\{B82BCDA7-0A65-1033-0815-050416200001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Policies\Explorer\Run: [{B82BCDA7-0A64-1033-0815-050416200001}] "C:\Program Files\Common Files\{B82BCDA7-0A64-1033-0815-050416200001}\Update.exe" mc-110-12-0000272

O20 - AppInit_DLLs: hhfkxv.dll apxwmz.dll

Do not remove them with HJT yet do below.

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Copy and attach the Report.txt file to your next post.

Mike
 
I see several malware inviteriners Kaaza Warez.

Do this run SDFix again post new log.

Then the below

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Then new HJT log also.

Mike
 
Hi sorry, I went out of town for a few days for thanksgiving, probably should of said something, I'm back now and will do what you said.
 
there is a issue with sdFix, it works fine through the safe mode part, but when it restarts and finished on my normal comp. it freezes up and stays in the This may take a few minutes screen, for like 10 hours.
 
Status
Not open for further replies.
Back