Author Topic: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install  (Read 45363 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #15 on: January 20, 2014, 04:30:33 PM »
Already uninstall and run from desktop the not found any combofix.txt only still got combofix at c: and the adware still runinng...and 1 problem i found is when open google chroome to this forum and want click reply it download index.php ..suddenly weird  :-[ :-[ :-[

The index.php happens to me aswell. and I am malware free. It's an issue with the forums not you
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #16 on: January 20, 2014, 05:35:21 PM »
Thanks god...make me worry :)...so where that combofix.txt?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #17 on: January 20, 2014, 07:00:25 PM »
Is the log at C:\combofix.txt ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #18 on: January 21, 2014, 10:00:59 AM »
No see any Combofix.txt at C: only have icon like this picture only

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #19 on: January 21, 2014, 03:44:17 PM »
Could you explain exactly when and where these ads appear ?  Is it in Chrome, Internet explorer or on the desktop

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #20 on: January 21, 2014, 11:24:05 PM »
The ads just appear suddenly...when you not open anything or you open anything like chroome internet explorer or my computer...sometime the ads show small like the picture...sometime big in center of desktop

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #21 on: January 22, 2014, 03:24:46 PM »
OK could you reboot to safe mode and run Combofix from there please

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #22 on: January 22, 2014, 06:55:33 PM »
And no running anything the program install back like the picture.. now i try back to run combofix from safe mode hope it works

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #23 on: January 22, 2014, 10:20:28 PM »
At last me sucess get combofix.txt in combofix folder after run in safe mode this the log..coz when i run in normal mode now after 50 goes to deleting files computer suddenly shut down and restart... now at desktop got 1 icon Internet Explorer but not shortcut file.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #24 on: January 22, 2014, 11:16:29 PM »
OK still some more to get

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

Folder::
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\gssoft
C:\Documents and Settings\Seven By Four\Application Data\gssoft
C:\Program Files\gssoft
C:\Documents and Settings\Seven By Four\Application Data\Wandoujia2

File::
C:\Program Files\mozilla firefox\components\scbypassv64.dll

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #25 on: January 23, 2014, 10:42:48 AM »
When i run in normal mode after 50 then goes to word delection computer suddenly black then restart...only can make in safe mode that thing...after finish and reboot back and combofix.txt log was created then computer suddenly restart back is that normal?..so here the log you need

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #26 on: January 23, 2014, 03:16:59 PM »
Could you run the same Combofix script from safe mode please as the gssoft folders do not appear to have been selected for deletion

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #27 on: January 23, 2014, 03:47:55 PM »
I run the same script like that at safe mode and that what i get ...is that script correct?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #28 on: January 23, 2014, 03:49:59 PM »
Here it is again

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

Folder::
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\gssoft
C:\Documents and Settings\Seven By Four\Application Data\gssoft
C:\Program Files\gssoft
C:\Documents and Settings\Seven By Four\Application Data\Wandoujia2

File::
C:\Program Files\mozilla firefox\components\scbypassv64.dll
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\gssoft
C:\Documents and Settings\Seven By Four\Application Data\gssoft
C:\Program Files\gssoft
C:\Documents and Settings\Seven By Four\Application Data\Wandoujia2

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #29 on: January 23, 2014, 05:23:43 PM »
Here the log and combofix.txt