Other > Viruses and worms
PC with .bat kapersky internet security 2017 malware
REDACTED:
Dear All,
Need assistance here
I have my working Laptop cleared the above virus last week. here is my desktop, meant for gaming (mainly) which i observed also infected by the same virus earlier.
I am attaching all the required info (based on earlier thread ). my MS shield will be on the next post.
Thank you in advance. DO let me know if anything further that i need to do
REDACTED:
>>> MCShield AllScans.txt <<<
-----------------------------
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<
14/12/2017 4:39:51 PM > Drive C: - scan started (no label ~98 GB, NTFS HDD )...
=> The drive is clean.
14/12/2017 4:39:51 PM > Drive D: - scan started (no label ~135 GB, NTFS HDD )...
=> The drive is clean.
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<
14/12/2017 4:42:32 PM > Drive F: - scan started (MAXXTEC 4GB ~3856 MB, FAT32 flash drive )...
=> The drive is clean.
Sass Drake:
* Open Notepad (click Start button -> type notepad.exe -> press Enter)
* Copy text from code block below and paste it into Notepad
--- Code: ---Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorers.lnk [2017-12-14]
ShortcutTarget: explorers.lnk -> C:\Users\user\AppData\Roaming\Kaspersky Internet Security 2017\explorers.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.lnk [2017-11-28]
ShortcutTarget: spoolsvc.lnk -> C:\Users\user\AppData\Roaming\Kaspersky Internet Security 2017\spoolsvc.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.lnk [2017-12-14]
ShortcutTarget: svhost.lnk -> C:\Users\user\AppData\Roaming\Kaspersky Internet Security 2017\svhost.exe (No File)
HKU\S-1-5-21-1693882959-51571087-3292842602-1000\...\MountPoints2: {9dd7f51f-e1e9-11e6-8626-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-21-1693882959-51571087-3292842602-1000\...\MountPoints2: {a9ecb3fc-701a-11e7-8bb6-025f65373537} - V:\setup.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bkfajajhmehapdgmgjejilcbjmhmebkl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1693882959-51571087-3292842602-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bkfajajhmehapdgmgjejilcbjmhmebkl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bkfajajhmehapdgmgjejilcbjmhmebkl] - hxxps://clients2.google.com/service/update2/crx
2017-07-19 21:53 - 2017-07-19 21:53 - 000057584 _____ () C:\Users\user\AppData\Roaming\DMGR_0A1Q2W1F1C1I1Q0D0L0MtJ1V0A0V0A0S0T.txt
2017-12-03 14:49 - 2017-12-03 15:00 - 000000046 _____ () C:\Users\user\AppData\Roaming\MCVi2UserDetail.ini
2017-09-15 18:37 - 2017-09-15 18:37 - 000586752 _____ () C:\Users\user\AppData\Roaming\Mehari.exe
2017-07-31 07:22 - 2017-12-10 17:03 - 000000309 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2017-12-13 16:50 - 2017-12-13 16:50 - 000000052 _____ () C:\Users\user\AppData\Local\HvpjdXLztn
C:\Windows\Tasks\{3855BD4D-4B69-8F16-7222-7D5DCE82C2D8}.job
C:\Windows\Tasks\{514DEFDF-9272-5F5C-B8CC-24FBB766E55D}.job
Task: {69150B8F-AFDF-46FF-8424-D16A05146AD9} - \ByteFence -> No File <==== ATTENTION
Task: {92922A99-583E-4A10-AB89-F88AA1866302} - System32\Tasks\Secured Yahoo Powered coris => C:\Windows\system32\wscript.exe "C:\ProgramData\{87C842AB-0D8A-C86D-8B4C-562F110EDDE1}\lofa.txt" "68747470733a2f2f6464756b6d716c2e636f6d" "433a5c50726f6772616d446174615c7b38374338343241422d304438412d433836442d384234432d3536324631313045444445317d5c64696c697361" "433a5c50726f6772616d446174615c7b38374338343241422d304438412d433836442d (the data entry has 84 more characters). <==== ATTENTION
Task: {B5691D2D-42BF-465D-99E7-71B30CF06346} - System32\Tasks\{514DEFDF-9272-5F5C-B8CC-24FBB766E55D} => C:\Program Files (x86)\Common Files\brick\synctask.exe [2013-04-22] () <==== ATTENTION
Task: C:\Windows\Tasks\{3855BD4D-4B69-8F16-7222-7D5DCE82C2D8}.job => C:\Users\user\AppData\Local\MANGAN~1\updtask.exe <==== ATTENTION
Task: C:\Windows\Tasks\{514DEFDF-9272-5F5C-B8CC-24FBB766E55D}.job => C:\PROGRA~2\COMMON~1\brick\synctask.exe <==== ATTENTION
VirusTotal: C:\ProgramData\{87C842AB-0D8A-C86D-8B4C-562F110EDDE1}\lofa.txt;C:\Program Files (x86)\Common Files\brick\synctask.exe;C:\Users\user\AppData\Local\MANGAN~1\updtask.exe;C:\Users\user\AppData\Roaming\Mehari.exe
C:\Users\user\AppData\Roaming\Kaspersky Internet Security 2017
C:\ProgramData\{87C842AB-0D8A-C86D-8B4C-562F110EDDE1}
C:\Program Files (x86)\Common Files\brick
C:\Users\user\AppData\Local\MANGAN~1
EmptyTemp:
--- End code ---
* Go to File -> Save As
* Make sure that UTF-8 is selected as Encoding (left side of Save button)
* Save it as fixlist.txt on Desktop
* Open again FRST and click on button Fix
* Wait until FRST finishes
* fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
REDACTED:
Sass Drake,
Done as instructed.
here goes
Sass Drake:
What is now system status?
Navigation
[0] Message Index
[#] Next page
Go to full version