Virus Help

[rnally]

I have been fighting vuruses for a couple of days now, I am not able to install or update anything that requires a internet connection. It is now to the point that I can't even boot my computer unless I do so in safe mode, I get memory write errors and the system just freezes up.

 

[mflynn]

Hi rnally

You are lucky you got this MalwareBytes scan.

So it shows it cleaned some so run it again and again until it comes up clean post log each run.

When it comes up clean go here The TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

and do all except MWBAM and then get us an SAS log and HJT log last.

Mike

 

[rnally]

The problem is that I can only boot is safe mode so when I reboot it does not execute the process to remove the items that could not be removed, it also will not update because all of the connections are hijacked. Any advise would be helpful and please dont tell me to reinstall windows

 

[mflynn]

Hi mally

Do the below in full mode. If it will run but not update run without update.


All you need to do is rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.

So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking. Then do the same for MalwareBytes.

After loading but before clicking Scan do the below config changes

SuperAntispyware config

UPDATE!

Then

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.

In MalwareBytes after update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and post their logs then a new HJT log HJT always last.

After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!

Do this correctly and we will make a short job of this!

Mike

 

[rnally]

logs

here is the next set of logs, does not seem to have improved, I am getting errors data execution prevention errors on startup as well as svchost errors

 

[mflynn]

No doubt you are having these issues after looking at your log.

If you are now running SAS post its log when finished and run again if it is not clean and post another log for each run.

Then run mbam again same way until clear posting the log each time.

Post another HJT log LAST, after all above is finished.

Mike

 

[rnally]

Will McCafee virus scan work or do i need to use SAS?

 

[mflynn]

You had McAfee all along, only run it again when you have finished the chore here!

Perhaps in the 8 steps you skipped the part about turning of things.

Turn off other protections and likely you will not get there isues while scanning.

You need to get thou these 2 programs until they say clean..

Try to short cut it at your peril.

Mike

 

[rnally]

More logs

getting better now, here are the next round of logs, still getting the DEP error

 

[mflynn]

Did you do this, don't look like it!

SuperAntispyware config

UPDATE!

Then

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.

In MalwareBytes after update but before running
Click settings and confirm all are Checked.

Do it and run both until they are clean! You still have a couple of real bad boys.

Mike

 

[rnally]

yes i did all of that several times but there is still one that cantt be removed.

 

[mflynn]

Good morning Mally

Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Then

D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

The issue found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then

Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

Now check rerun SAS and MBAM and you should find it and the tracking cookies gone.

And we should be finished!

Mike