Author Topic: Logs to assist in cleaning malware  (Read 414110 times)

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Logs to assist in cleaning malware
« on: January 09, 2010, 03:27:45 PM »
This is an information only topic ~ Do not post logs or ask for help here
To get assistance create a new topic in the Virus and Worms forum 



If you wish help, here are some tools and logs that will speed up the process of getting you clean - Format courtesy of Geeks to Go.

All analysts below are volunteers and are not associated with Avast

Malware Analysts :
magna86
Argus
Essexboy
Oldman
Jeffce
Andrey,pro
g3n-h@ckm@n   Probationary
TwinHeadedEagle
Machiavelli Student under training monitored by Essexboy
Valinorum Student under training monitored by Essexboy

Website Analysts :
iDonovan
Polonus
Disclaimer:  All results received via third party scanning. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.

•   We will be working on your Malware issues this may or may not solve other issues you have with your machine.
•   The fixes are specific to your problem and should only be used for this issue on this machine.
•   If you don't know or understand something, please don't hesitate to ask.

•  Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
•  Please DO NOT run any other tools or scans whilst you are being helped.

•  It is important that you stay in your own  thread. Do not start a new topic.
•  Your security programs may give warnings for some of the tools you will be asked to use. Be assured, any links we give are safe.
•  Absence of symptoms does not mean that everything is clear.


To get assistance please create your own topic in the virus forum.  This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread.  Thank you   ;D

If you are having problems still after MBAM has run then create a new topic in the Virus and Worms Forum, stating the problems you are experiencing with the  computer and the OTL log..

Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot)  select View Detailed Log
Select   Export >  Select text file and save to the desktop
Attach/Post that log

THEN

Download OTL  to your Desktop
Secondary link www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs
NOW

To attach : Within the post select :
Attachments and other options
Browse
Locate the OTL log
Select the OTL log




THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 

NOTE :  Not yet compatible with Windows 8




On completion of the scan click save log, save it to your desktop and post in your next reply

SPECIFIC INFECTIONS LOGS


Additional programme to run and install if you have used an infected USB stick


Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and MCShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans


If you have the hard drive infection and are no longer able to see your files/folders/start menu then do not run any temporary file cleaners but download and run the following programme:
 
  • Download RogueKiller  and save it on your desktop.
     
    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix   

  • The report has been created on the desktop.
Please attach:    All RKreport.txt text files located on your desktop.

If you cannot  Boot the computer

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :)
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.

  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Edit :Updated MBAM instructions
« Last Edit: April 10, 2014, 05:00:00 PM by essexboy »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Logs to assist in cleaning malware
« Reply #1 on: December 31, 2010, 01:41:45 PM »
Please don't start posting problems in this LOGS Advisory Topic

Use the information about getting and using the logs and start your own new topic in the viruses and worms forum, this topic isn't for problem resolution but to explain the tools (logs) to assist in cleaning.

- Go to this link, http://forum.avast.com/index.php?board=4.0.  Click the New Topic button (see image, click to expand) at the top of the list and post there.

Forum members - Please don't give advice or start trying to resolve problems in this topic
« Last Edit: October 04, 2011, 02:24:58 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Logs to assist in cleaning malware
« Reply #2 on: August 24, 2011, 11:58:18 PM »
This topic has been cleaned out of unrelated posts.

Any Questions on either the Tools or Procedure or Problems, please post in a new topic


But it will be culled regularly to ensure it doesn't get cluttered.
The best advice is not to respond so it doesn't go beyond the clear notice not to post problems in this topic.
« Last Edit: September 28, 2011, 11:06:01 AM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now