Malware attack

[samlemx]

Rogue Killer log.

Thanks,
Sam

[Valinorum]

Hi,
I have submitted my fix to an Expert here and will post here after his approval. Thank you for your patience.

[Valinorum]

Hi samlemx,

We have one more big fish to fry.

• Step #5 Fix with RogueKiller
  
  • Re-run RogueKiller. If you do not have it on your Desktop download it from the suitable link below.
    Download link for 32 bit system
    Download link for 64 bit system
    
    
  • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
    
  • Click on Delete;
    
  • Now again click on Scan and wait for the scan to finish;
    
  • Click on Report and a log file will open;
    
  • Attach the report in your next reply.

• Step #6 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
    
  • Copy and Paste the contents inside the code-box to your Notepad --
    

Code: [Select]

Start
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
C:\Windows\system32\fkzzesn.pqa
C:\Windows\system32\eclydv.own
C:\Windows\System32\ulwhr.cso
C:\Windows\System32\dxhceav.baq
C:\Users\Compouter\AppData\Local\Google\Desktop\Install
End

• Click on File > Save as...
  
  • Inside the File Name box type fixlist.txt
    
  • From the Save as type drop down list, choose All Files
• Save the file to your Desktop;
  
• Re-run FRST.exe and click Fix;
  
  • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
• After the completion, a log will be produced;
• Attach the log in your next reply.

• Required Log(s):
  
  • RogueKiller Report;
  • FRST Fix Log

Regards,
Valinorum

[samlemx]

Hi Valinorum,
I have attached the reports you requested. It looks like Rogue Killer cleaned up it's findings. Avast has been quiet too. I know an absence of symptoms doesn't mean it is in the clear, but it is certainly behaving better. Thank you again for your help. I have to ask, does it annoy you that this PC's name is "compouter"? It sure bugged me when I first started working on this. 

Thanks,
Sam

[Valinorum]

How is your system running? I have seen weird usernames.

[samlemx]

Compared to how it was when I started with it, it is running much smoother. I tried to create a folder 2 days ago to try and keep my logs organized and that took a couple of minutes after I right clicked just for the menu to come up. Now it takes a few seconds. I can also open and minimize IE without it being sluggish too. The last thing I want to do is give it a restart, since I left it on last night so I didn't lose that Rogue Killer website that came up about what it found. I kind of stole the computer for stuff I needed to do before restarting though

[Valinorum]

Hi,
We are almost done. I have submitted my fix for you to an expert for his approval and will post it here afterwards. Thank you for your patience.

[Valinorum]

Hi samlemx,

• Step #7 Scan with Malwarebytes' Anti-Malware
  
  • Download Malwarebytes' Anti-Malware from the suitable link below --
    
    • Download Link #1
      
    • Download Link #2
      
    • Download Link #3
  • Double-click mbam-setup.exe to install the application.
    
  • Before clicking Finish perform the following actions --
    
    • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      
    • Check the box beside Launch Malwarebytes Anti-Malware
  • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    
  • Click on Setting--
    
    • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
  • From the Dashboard click on Scan Now;
    
  • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    
  • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    
  • Attach the log in your next reply.

• Step #8 ESET Online Scanner
  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  
  • Go here from Internet Explorer and click on Run ESET Online Scanner.
    
    • Note: If you use any browser other than Internet Explorer, you will have to download and install esetsmartinstaller_enu.exe when prompt to run the scan.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
    
  • From the Computer Scan Setting --
    
    • Uncheck the box beside Remove Found Threats;
      
    • Check the box beside Scan archives
  • Click on Advanced Setting and check the following boxes--
    
    • Scan for potentially unwanted applications
      
    • Scan for potentially unsafe applications
      
    • Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
    
  • The online scan will begin automatically and can take several hours.
    
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
  • If no threats were found:
    
    • Put a checkmark in Uninstall application on close.
      
    • Close the program and report that nothing was found
  • If threats were found:
    
    • Navigate to the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      
    • Attach the log file in your next reply.
  Note: Enable your security programs afterwards.

• Required Log(s):
  
  • MBAM Log;
  • ESET Scan Log

Regards,
Valinorum

[samlemx]

Hi Valinorum,
That last scanner took quite awhile, 6 hours, and it found some more items. Doing this before work this time so I have to be quick Here are my logs. As always, thanks much!

Thanks,
Sam

[Valinorum]

Can you re-attach the ESET log? The log you have attached does not contain any data.

[samlemx]

uh oh! That was the log that was in my C Drive. Luckily, I kept that window open and it allows me to export the items it found, so try this one. Sorry about that.

Thanks,
Sam

[Valinorum]

Submitted my fix for an expert's approval. Thank you for your patience.

[Valinorum]

Hi samlemx,

Remove Windows.old by perusing this.

• Step #9 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
    
  • Copy and Paste the contents inside the code-box to your Notepad --
    

Code: [Select]

Start
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
C:\Users\Compouter\Downloads\ArcadeCandyGames.exe
End

• Click on File > Save as...
  
  • Inside the File Name box type fixlist.txt
    
  • From the Save as type drop down list, choose All Files
• Save the file to your Desktop;
  
• Re-run FRST.exe and click Fix;
  
  • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
• After the completion, a log will be produced;
• Attach the log in your next reply.

• Required Log(s):
  
  • FRST Fix Log

Regards,
Valinorum

[samlemx]

Hi Valinorum,
This is a long process when I only get to work on it between 4pm and 8pm every day  I have attached my FRST log, even verified it has data first. Let me know where to go from here.

Thanks,
Sam

[Valinorum]

How is your system running?