-
This is an information only topic ~ Do not post logs or ask for help here
To get assistance create a topic in the Virus and Worms forum
If you wish help, here are some tools and logs that will speed up the process of getting you clean - Format courtesy of Geeks to Go.
All analysts below are volunteers and are not associated with Avast
Malware Analysts :
magna86 (http://forum.avast.com/index.php?action=profile;u=135866)
Argus (http://forum.avast.com/index.php?action=profile;u=183516)
Essexboy (http://forum.avast.com/index.php?action=profile)
Oldman (http://forum.avast.com/index.php?action=profile;u=16171)
Jeffce (http://forum.avast.com/index.php?action=profile;u=275255)
Andrey,pro (http://forum.avast.com/index.php?action=profile;u=257867)
TwinHeadedEagle (http://forum.avast.com/index.php?action=profile;u=361890)
Machiavelli (http://forum.avast.com/index.php?action=profile;u=509832)
Valinorum (http://forum.avast.com/index.php?action=profile;u=475634)
Naathim (https://forum.avast.com/index.php?action=profile;u=532235)
dbrisendine (https://forum.avast.com/index.php?action=profile;u=29174)
Website Analysts :
iDonovan (http://forum.avast.com/index.php?action=profile;u=72314)
Polonus (http://forum.avast.com/index.php?action=profile;u=6802)
Disclaimer: All results received via third party scanning. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.
• We will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• If you don't know or understand something, please don't hesitate to ask.
• Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
• Please DO NOT run any other tools or scans whilst you are being helped.
• It is important that you stay in your own thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools you will be asked to use. Be assured, any links we give are safe.
• Absence of symptoms does not mean that everything is clear.
To get assistance please create your own topic in the virus forum. This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread. Thank you ;D
If you are having problems still after MBAM has run then post in your thread in the Virus and Worms Forum, stating the problems you are experiencing with the computer and the FRST log..
Please download Malwarebytes Anti-Malware (https://www.malwarebytes.org/getmbam) to your desktop
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
To access logs from Malwarebytes Anti-Malware 2.0:
(https://dl.dropboxusercontent.com/u/73555776/mbamlogs.JPG)
1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open
Scan Logs record detections from manual scans, including threats detected and the actions taken against them
To save a Scan Log:
1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
THEN
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- It will produce two logs called FRST.txt and Additions.txt in the same directory the tool is run from.
- Please attach both FRST.tx and Additions.txt logs that are generated.
THEN
Download aswMBR.exe (http://files.avast.com/files/rootkit-scanner/aswmbr.exe) ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
Click the "Scan" button to start scan
(https://dl.dropboxusercontent.com/u/73555776/AswMBR%20scan.JPG)
On completion of the scan click save log, save it to your desktop and attach in your next reply
Attaching logs
Whilst posting click the attachments and other options link
Then use the browse button to navigate to the log files
Select the log files
Use the more attachments link if required
(https://dl.dropboxusercontent.com/u/73555776/attach.JPG)
SPECIFIC INFECTIONS LOGS
Additional programme to run and install if you have used an infected USB stick
Download MCShield (http://www.mcshield.net/) to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
(https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG)
Plug in the drive and MCShield will start a scan
Then get the log which will be here :
Start > all programs > MCShield > logs > all scans
If you cannot Boot the computer
Please print these instruction out so that you know what you are doing. Applicable to 32bit systems. If you have a 64bit system then create a thread and instructions for the recovery console download will be given
- Download OTLPENet.exe (http://oldtimer.geekstogo.com/OTLPENet.exe) to your desktop
- Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to a flash drive.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
- Insert the flash drive with FRST on it
- Locate the flash drive and run FSRT
- The tool will start to run.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Edit :Amended MBAM instructions
-
Please don't start posting problems in this LOGS Advisory Topic
Use the information about getting and using the logs and start your own new topic in the viruses and worms forum, this topic isn't for problem resolution but to explain the tools (logs) to assist in cleaning.
- Go to this link, http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0). Click the New Topic button (see image, click to expand) at the top of the list and post there.
Forum members - Please don't give advice or start trying to resolve problems in this topic
-
This topic has been cleaned out of unrelated posts.
Any Questions on either the Tools or Procedure or Problems, please post in a new topic
But it will be culled regularly to ensure it doesn't get cluttered.
The best advice is not to respond so it doesn't go beyond the clear notice not to post problems in this topic.