Author Topic: Loosing battle :( (Read 11033 times)

REDACTED · « **Reply #15 on:** July 15, 2016, 11:31:20 PM »

Found 1 thing, although last software you told me to run found 16 0_0:

Emsisoft Emergency Kit - Version 11.0
Last update: 7/15/2016 5:25:11 PM
User account: Otomon\GM Otomon

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:   7/15/2016 5:25:53 PM
C:\Windows\acm32.exe    detected: Gen:Variant.Zusy.199385 (B)

Scanned   76281
Found   1

Scan end:   7/15/2016 5:29:10 PM
Scan time:   0:03:17

REDACTED · « **Reply #16 on:** July 16, 2016, 12:54:20 AM »

Went to settings and set it so its scan for everything, it reconized a bunch of files from AdwCleaner Quarantine....can files do anything when in Quarantine?:

Emsisoft Emergency Kit - Version 11.0
Last update: 7/15/2016 5:25:11 PM
User account: Otomon\GM Otomon

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: On

Advanced caching: On
Direct disk access: On

Scan start:   7/15/2016 5:32:26 PM
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1E0039C0-1468303538-5500-5DE5-C86000BBFF85\jnss81E6.tmp.vir    detected: Gen:Variant.Adware.Zusy.164798 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\1E0039C0-1468303538-5500-5DE5-C86000BBFF85\knso6B1C.tmpfs.vir    detected: Gen:Variant.Symmi.66586 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\sma.exe.vir    detected: Trojan.Peed.4330 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smi32.exe.vir    detected: Gen:Variant.Razy.71828 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smci32.dll.vir    detected: Adware.Generic.1661899 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smw.sys.vir    detected: Adware.Generic.1661682 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\SMUninstall.exe.vir    detected: Trojan.GenericKD.3398026 (B)
C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smu.exe.vir    detected: Trojan.Generic.17701569 (B)

Scanned   287886
Found   8

Scan end:   7/15/2016 6:52:12 PM
Scan time:   1:19:46

dbrisendine · « **Reply #17 on:** July 16, 2016, 03:38:15 AM »

Quarantined files are not active files; they have been rendered inactive by changing the file type (extension) or encrypting the file (so that only the malware removal program can deal with the file). So the files in AdwCleaner's Quarantine folder are safe and secured.

Did you have EEK delete / quarantine the 1st file found ( C:\Windows\acm32.exe detected: Gen:Variant.Zusy.199385 (B))?

REDACTED · « **Reply #18 on:** July 16, 2016, 03:46:02 PM »

Yes its sitting there now, what to do now?

Cant wait to get Chrome back.. IE is garbage ;_;

Pondus · « **Reply #19 on:** July 16, 2016, 06:30:30 PM »

Quote

Cant wait to get Chrome back.. IE is garbage ;_;

Tried Opera ?

REDACTED · « **Reply #20 on:** July 16, 2016, 06:56:37 PM »

Quote from: Pondus on July 16, 2016, 06:30:30 PM

Quote
Cant wait to get Chrome back.. IE is garbage ;_;
Tried Opera ?

I am aware that there are many other browsers out there, however Chrome has all my bookmarks etc etc, I also have an android so its synchs up with it, plus am I really going to let a virus bully me?

dbrisendine · « **Reply #21 on:** July 16, 2016, 07:50:19 PM »

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

REDACTED · « **Reply #22 on:** July 17, 2016, 03:07:03 AM »

I ran JRT as you requested, it found nothing..however I obviously still have a virus, as no matter what browser I use, it will select another hidden browser on close....

dbrisendine · « **Reply #23 on:** July 17, 2016, 03:16:00 AM »

Please download Autologger.zip from here .
Double click the file and extract the file (Autologger.exe) to a folder of your choice (I would suggest you name it AutoLogger for ease of location later).
Double click on Autologger.exe to let it run and follow the prompts.
When finished, it will produce a file named CollectionLog-yyyy.mm.dd.zip [with the date of the logs] in the folder with AutoLogger.exe. Please attach that here.

Note: Open the Log.zip file and attach the four .log / .txt files here. Thanks. (Avast forum will not allow the .zip file to be uploaded.)

REDACTED · « **Reply #24 on:** July 17, 2016, 04:13:50 AM »

Here ya go as requested.....there was also a 5th file on the archive called "virusinfo_syscheck" not sure if you need that....

dbrisendine · « **Reply #25 on:** July 17, 2016, 10:07:36 AM »

Quote from: Otomon on July 17, 2016, 03:07:03 AM

...however I obviously still have a virus, as no matter what browser I use, it will select another hidden browser on close....

Can you describe this in detail please. What actions / steps in detail please.

REDACTED · « **Reply #26 on:** July 17, 2016, 03:33:02 PM »

Quote from: dbrisendine on July 17, 2016, 10:07:36 AM

Quote from: Otomon on July 17, 2016, 03:07:03 AM
...however I obviously still have a virus, as no matter what browser I use, it will select another hidden browser on close....

Can you describe this in detail please. What actions / steps in detail please.

Basically, when I close and open my browser, it always asks me if I want to set it as my default browser, which means something is changing my default browser every time I close it....also I ran ESET Online Scanner before as you asked, and it found 16 infections but it crashes right at the end of the scan.

dbrisendine · « **Reply #27 on:** July 17, 2016, 10:36:09 PM »

The 16 infections are most likely the quarantined files from the other scanners. To test this out, start AdwCleaner and click on the Uninstall button. You can confirm the dialog that shows and it will remove AdwCleaner from your system and empty / delete the AdwCleaner Quarantine folder. After that, rerun the ESET scanner and see what it finds.

When you are ready, we will work on the default browser setting.

REDACTED · « **Reply #28 on:** July 18, 2016, 03:04:21 AM »

Okay, ran the scanner, found 8 infections then crashed as usual....

dbrisendine · « **Reply #29 on:** July 18, 2016, 04:41:48 AM »

That actually says that 8 of the "infections" were in AdwCleaner's Quarantine folder. I don't know what is crashing the ESET scanner; I've seen this on more systems lately so it must be something Microsoft changed (or ESET, but we will let them work on that end).

Let us see what Panda finds (again, a good scanner that's free and will only run on demand).

Download Panda Cloud Cleaner from here. Double click on the file and it will direct you from there.

Author Topic: Loosing battle :( (Read 11033 times)

REDACTED

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

Pondus

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(

REDACTED

Re: Loosing battle :(

dbrisendine

Re: Loosing battle :(