mail.ru infected

[REDACTED]

Hi, I have been infected by mail.ru and it installed over 10 other programs.
I use Edge browser for the moment as it seems that only my Firefox browser is infected.(even if I dont use Firefox, it opens automaticly from times to times).

I ran Malwarebytes and FRST and saved the reports which are included below.

Thanks in advance,
Normand

[Eddy]

Run Mbam again and let it delete all it find.

The logs from Farbar are missing (FRST.txt and Addition.txt)

[REDACTED]

Hi,Hope they are included now.
.
Normand

[REDACTED]

Well, here is Addition.

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Amigo

? ?? (HKU\S-1-5-21-1337021717-4159591557-712480204-1001\...\MailRuUpdater) (Version:  - Mail.Ru)

Note:  The last program on the Program and Features listing should be Mail.Ru.  It will have a very strange mix of characters.

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is your system running now?

[REDACTED]

Hi dbrisendine. First, thanks for helping, I am really new at trying to fix a problem like this as it is the firs time it happens to me.

I was able to remove AMIGO easily.
Trying to remove Mail.ru (the last one at the bottom)is something else.
Left click, Uninstall and it opens a window (in Russian) with a YES box that include the blue and yellow shield and a NO box.
If I click YES, it says in English : Do you want to allow this app to make changes to your devise? So I click no.

What do I do with that?
Thanks

[Eddy]

You forgot to attach the fixlog.

[REDACTED]

Excuse me but ,how do I do that?
Is it the same as you asked me earlier  (mbam,frst and addition ?)

[Pondus]

Excuse me but ,how do I do that?
Is it the same as you asked me earlier  (mbam,frst and addition ?)

read the bottom part of @dbrisendine instructions > Fix with Farbar Recovery Scan Tool
He attached a fixlist for you to run, and when done you attach the log produced > fixlog.txt

[REDACTED]

OK, but please read post # 5 before as I was not able to delete MAIL.RU

thanks

[Eddy]

If you want help, follow dbrisendine's instructions and do nothing else.

[Pondus]

OK, but please read post # 5 before as I was not able to delete MAIL.RU

thanks

Then you move to next step ...

[REDACTED]

Here is the fixlog.

[dbrisendine]

How is the system running now?



FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this


On reboot (if one is needed) a log will be produced; please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt


Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

[REDACTED]

Hi,the system seems to run very smoothly now.

Thank you so much.

It is unbelievable there is some people out there to help others with very complicated problems like the one I had.

Have a wonderful day,Normand