« previous next »
Pages: [1]   Go Down

Author Topic: Fix for marc.moran84  (Read 2064 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Fix for marc.moran84
« on: June 09, 2015, 02:03:45 PM »
Hi there, you have been attacked by a file encryptor and you have five antivirus programmes running :

Avast Free Antivirus
AVG 2015
COMODO Internet Security
Symantec
Ad-Aware Antivirus

You will need to uninstall four of these.  Let me know which ones and I will give you the links for the removal tools

This will be a quick and dirty fix to get things running again, I will need a fresh FRST scan to see what the major problems are

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
U5 BFE;  <===== ATTENTION Locked Service
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: Fix for marc.moran84
« Reply #1 on: June 09, 2015, 02:06:10 PM »
Quote
you have five antivirus programmes running
wow ... is that a record   :D

Logged

REDACTED

  • Guest
Re: Fix for marc.moran84
« Reply #2 on: June 09, 2015, 02:24:40 PM »
Quote from: Pondus on June 09, 2015, 02:06:10 PM
Quote
you have five antivirus programmes running
wow ... is that a record   :D


Maybe. My highest found were four. :P
Logged
Pages: [1]   Go Up
« previous next »