Author Topic: Infected (Read 2361 times)

MarkJohnson · « **on:** May 21, 2015, 03:16:37 PM »

I scanned my father's system as he had a virus. Here's the logs requested from the sticky.

REDACTED · « **Reply #1 on:** May 21, 2015, 03:24:16 PM »

Hello,

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

MarkJohnson · « **Reply #2 on:** May 21, 2015, 04:23:52 PM »

Here's the log file for zoek.

REDACTED · « **Reply #3 on:** May 21, 2015, 05:36:01 PM »

Re-run zoek and run this script:

Code: [Select]

createsrpoint;
autoclean;
C:\Users\Ron Johnson\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
ipconfig /flushdns;b
bitsadmin /reset /allusers;b
chrdefaults;

Post its content into your next reply.

MarkJohnson · « **Reply #4 on:** May 21, 2015, 06:42:44 PM »

Okay, here's my new zoek log file.

REDACTED · « **Reply #5 on:** May 21, 2015, 06:46:13 PM »

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

MarkJohnson · « **Reply #6 on:** May 21, 2015, 06:59:27 PM »

Here are thee new farbar log files you requested.

REDACTED · « **Reply #7 on:** May 21, 2015, 07:06:31 PM »

Is everything ok now?

MarkJohnson · « **Reply #8 on:** May 21, 2015, 07:09:05 PM »

From what I can tell all is good now. Thanks for your help.

REDACTED · « **Reply #9 on:** May 21, 2015, 07:10:04 PM »

The following will implement some post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:

Remove disinfection tools
Purge system restore
Reset system settings

Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Author Topic: Infected (Read 2361 times)

MarkJohnson

Infected

REDACTED

Re: Infected

MarkJohnson

Re: Infected

REDACTED

Re: Infected

MarkJohnson

Re: Infected

REDACTED

Re: Infected

MarkJohnson

Re: Infected

REDACTED

Re: Infected

MarkJohnson

Re: Infected

REDACTED

Re: Infected