Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Virus/malware help

In Progress 
4K views 56 replies 2 participants last post by  anderskd1 
#1 · (Edited by Moderator)
Ecoregion World Map Gadget Output device
Rectangle Font Display device Gas Tints and shades
Rectangle Font Parallel Pattern Terrestrial plant
Hi there! :)

I am new to this forum, but I have a huge problem.

I was stupid enough to download, extract and install the file from this link: < removed for safety reasons >

I pressed "decline" when the installer asked me to download some different programs, which I knew were fake.
It then completed the installation and left me with a bunch of fake pop-ups saying: "Your PC is out of date" etc., and it installed several programs (see the attached picture), PC Speed Up, MPC Cleaner, Auto Time, SpaceSoundPro.

It kept restarting my PC, but I got a hold of it by opening the job list (which I couldn't do before) as soon as I saw the desktop.

It opens Internet Explorer and goes to different sites, as: land.pckeeper.software.com, xmediaserve.com, adrunnr.com etc.

It also made the screen black and white, which kept me from opening other windows (and the job list). I placed the cursor over the Internet Explorer icon and saw that there were two windows open. One of them was the "Your PC is out of date"-window, and the other one was named "Fade.(something)" (I don't remember if it was .exe or something else). But the "Fade"-window was probably the one which made the screen black and white.

The virus/malware also made some advertisement appear in the lower right corner of the screen (see picture).

Windows Defender spotted a couple of adwares, which I have deleted, and it is still scanning the entire cumputer.

One Internet Explore page opened, and after I had closed it, I got a message saying: "File 720p.Streaming.pdf, Rate: (5 stars), It successfully managed to generate the link!" (See picture)

I really need some help with getting rid of this virus/malware, because I don't think that Windows Defender is able to help me this time... :/

Thanks in advance!
 
See less See more
3
#2 ·
step 1
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

 
#4 ·
Hi again!

I could not get the browser to open, but I made Windows Defender clean the computer and it has already found an element called: HackTool:MSIL/wizus.A

So I am waiting so see if Windows Defender will do the job.
Yesterday I pressed "Full Scan" instead of "Clean computer", so lets see if this helps.

When and if I am going to be able to open my browser, I will download the ADW Cleaner :)
 
#5 ·
I successfully used the ADW Cleaner, and have received the log file, but I can't open my browsers. The Mozilla and IE icons are replaced with a blank page icon, and the MPC Cleaner still seems to be installed...

Other than that, I got rid of all the ad pop-ups, so thank you very much for your help! :)

When I am able to open my browser, I will post the log file.
 
#6 ·
It probably hasn't done everything, so transfer the log file to your other computer ( the one you are using to post here) and post it
then
lease download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 64 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
#12 ·
Download attached fixlist.txt file and save it to your desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

I am pretty sure there will still be more to do afterwards
 

Attachments

#18 ·
I have started the scan.

The problems I currently have are that IE won't open, "blank page"-icons instead of browser icons, Firefox works but it opens the site: search.safefinder.com.
I still believe that there are other malicious software on my PC, but lets see what the scan says. :)

And again, I am really thankful for your help!

PS.: the scan has found 24 infected files so far.
 
#22 ·
don't know that one. If ESET keeps freezing or crashing then leave it for now
please run FRST again
before you press run or scan please select "addition.txt" and "shortcuts.txt " in the additional options section & post those 3 logs back here
It will take me some time to look over the 3 logs, so I might not be able to post the fix until later tonight or sometime tomorrow ( I am in UK so 1 hour behind you )
 
#26 ·
delete any existing fixlist.txt

Download attached fixlist.txt file and save it to your desktop or the same location that you have FRST.exe in ( looks like E:/ ) .

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Status
Not open for further replies.
You have insufficient privileges to reply here.
Top