Author Topic: Logs to assist in cleaning malware  (Read 575207 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35891
  • Dragons by Sasha
    • Malware fixes
Logs to assist in cleaning malware
« on: January 09, 2010, 05:27:45 PM »
This is an information only topic ~ Do not post logs or ask for help here
To get assistance create a  topic in the Virus and Worms forum 



If you wish help, here are some tools and logs that will speed up the process of getting you clean - Format courtesy of Geeks to Go.

All analysts below are volunteers and are not associated with Avast

Malware Analysts :
magna86
Argus
Essexboy
Oldman
Jeffce
Andrey,pro
TwinHeadedEagle
Machiavelli
Valinorum
Naathim

Website Analysts :
iDonovan
Polonus
Disclaimer:  All results received via third party scanning. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.

•   We will be working on your Malware issues this may or may not solve other issues you have with your machine.
•   The fixes are specific to your problem and should only be used for this issue on this machine.
•   If you don't know or understand something, please don't hesitate to ask.

•  Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
•  Please DO NOT run any other tools or scans whilst you are being helped.

•  It is important that you stay in your own  thread. Do not start a new topic.
•  Your security programs may give warnings for some of the tools you will be asked to use. Be assured, any links we give are safe.
•  Absence of symptoms does not mean that everything is clear.


To get assistance please create your own topic in the virus forum.  This will ensure that you get answered and helped as soon as possible and do not get overlooked in an old thread.  Thank you   ;D

If you are having problems still after MBAM has run then post in your thread in the Virus and Worms Forum, stating the problems you are experiencing with the  computer and the FRST log..

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:



1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here


THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.

  • It will produce two logs called FRST.txt and Additions.txt in the same directory the tool is run from. 
  • Please attach both FRST.tx and Additions.txt logs that are generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and attach in your next reply

Attaching logs

Whilst posting click the attachments and other options link
Then use the browse button to navigate to the log files
Select the log files
Use the more attachments link if required


SPECIFIC INFECTIONS LOGS


Additional programme to run and install if you have used an infected USB stick


Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and MCShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans


If you cannot  Boot the computer

Please print these instruction out so that you know what you are doing.  Applicable to 32bit systems.  If you have a 64bit system then create a thread and instructions for the recovery console download will be given

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :)
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Insert the flash drive with FRST on it
  • Locate the flash drive and run FSRT
  • The tool will start to run.

  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Edit :Amended MBAM instructions
« Last Edit: March 19, 2015, 07:06:05 PM by essexboy »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71414
  • No support PMs thanks
Re: Logs to assist in cleaning malware
« Reply #1 on: December 31, 2010, 03:41:45 PM »
Please don't start posting problems in this LOGS Advisory Topic

Use the information about getting and using the logs and start your own new topic in the viruses and worms forum, this topic isn't for problem resolution but to explain the tools (logs) to assist in cleaning.

- Go to this link, http://forum.avast.com/index.php?board=4.0.  Click the New Topic button (see image, click to expand) at the top of the list and post there.

Forum members - Please don't give advice or start trying to resolve problems in this topic
« Last Edit: October 04, 2011, 04:24:58 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71414
  • No support PMs thanks
Re: Logs to assist in cleaning malware
« Reply #2 on: August 25, 2011, 01:58:18 AM »
This topic has been cleaned out of unrelated posts.

Any Questions on either the Tools or Procedure or Problems, please post in a new topic


But it will be culled regularly to ensure it doesn't get cluttered.
The best advice is not to respond so it doesn't go beyond the clear notice not to post problems in this topic.
« Last Edit: September 28, 2011, 01:06:01 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security