Worm.Rontok

[REDACTED]

I need help. After I scanned with Malwarebytes it found thousands of detected files with type of .tmp or something. It is described as Worm.Rontok in MBAM and they take up alot of space. Just this week, I found my harddrive :c to be 72 mb. Also, trying to scan with malwarebytes is not working. after time, it will crash and the laptop will suddenly shut down. I paused 1/4 of the scan just to get 100000 files cleaned.. So in these circumstances, I wasn't able to produce txt logs with malwarebytes but here are the others.

[Eddy]

Trajce,
you are not allowed to help with things like this.
Only the listed malware removers are.
https://forum.avast.com/index.php?topic=53253.0

Zayday,
let Mbam finish and than create new logs with Farbar.
Attach the Mbam log and the  new Farbar logs to your next post here.

[Pondus]

Did you recive this after opening a mail or using a usb stick ?

Your adressbook may be compromised now

[Michael (alan1998)]

Did you recive this after opening a mail or using a usb stick ?

Your adressbook may be compromised now

Guessing email, he has MCShield which should have picked a worm up.

[REDACTED]

Here are the logs. Thank you!!!

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

QuickTime 7
Free YouTube Downloader Converter
Social2Search
SweetIM for Messenger 3.3
SweetIM Toolbar for Internet Explorer 3.9
SyQic Yoonic Engine - PLDT Watchpad
Yahoo! Messenger
Yahoo! Search Protection

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Also, tell us how your system is running now.  Thanks.

[REDACTED]

I can't seem to uninstall these programs:

Free YouTube Downloader Converter (Keeps saying that file is not an application or something)
Social2Search (No response after clicking uninstall)
SweetIM for Messenger 3.3 (msi file missing)
SweetIM Toolbar for Internet Explorer 3.9 (account already existing(?) it opens the IE for no reason)

Should I proceed with the fix?

[dbrisendine]

Yes; if the uninstalls don't function properly, move on to the rest of the fix / cleaning.

[REDACTED]

The system restarted fine, it asked me to do a disk check up but I postponed it. It runs fine and no problems so far. Frequent lags (which i think is normal because the system is a bit old) and the disk space in drive :C increased a little. From the free space of 61 gb somethiong, it decreased, 58 gb.

[dbrisendine]

I would recommend you run the disk check scan.  Also, let's check for any other adware before moving on....



AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this

• On reboot a log will be produced; please attach that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt
  
  Optional:
  
  NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

[REDACTED]

After clicking the clean, adwcleaner soon stopped responding. Should I just wait for it?

[dbrisendine]

AdwCleaner should have made a log file in the C:\AdwCleaner directory (depending on where in the process it encountered the hang)..  It would be AdwCleaner[S#].txt for the scan, whereas AdwCleaner[C#].txt would be the cleaning log.  Can you see if there is a log of either one there and post it (both would be nice also)?