Author Topic: Computer infected. Please help out  (Read 4327 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Computer infected. Please help out
« on: April 12, 2016, 08:56:39 PM »
Hello!
Would appreciate it if you guys could guide me through the process for cleaning my infected computer. Ive went through the process before but i forgot what i have to download and post on the forum.
Please help out thank you!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Computer infected. Please help out
« Reply #1 on: April 12, 2016, 08:58:58 PM »
If you can also give a brief outline of what is happening.

Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and start attach the logs here, not in the LOGS topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Computer infected. Please help out
« Reply #2 on: April 14, 2016, 02:36:41 AM »
Hello!
Here are the required attachments.
Thank you very much!

REDACTED

  • Guest
Re: Computer infected. Please help out
« Reply #3 on: April 14, 2016, 02:38:54 AM »
What is happening:
An app called Chromium was automatically downloaded onto my computer without my permission as well as Bytefence Anti-Malware.
The Bytefence Anti-Malware program pops up randomly at times saying that it blocked something because it is infectious.
Thank you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Computer infected. Please help out
« Reply #4 on: April 14, 2016, 12:00:48 PM »
A malware removal specialist has been informed of your topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Computer infected. Please help out
« Reply #5 on: April 14, 2016, 04:02:02 PM »
First could you uninstall ByteFence Anti-Malware 

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-04-12] ()
2016-04-13 03:10 - 2016-04-13 03:10 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-04-12 15:01 - 2016-04-12 15:01 - 00000000 ____D C:\ProgramData\ByteFence
2016-04-12 14:51 - 2016-04-12 14:51 - 00003478 _____ C:\Windows\System32\Tasks\ByteFence Scan
2016-04-12 14:51 - 2016-04-12 14:51 - 00003376 _____ C:\Windows\System32\Tasks\ByteFence
2016-04-12 14:51 - 2016-04-12 14:51 - 00002266 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-04-12 14:51 - 2016-04-12 14:51 - 00002258 _____ C:\Users\john\Desktop\Chromium.lnk
2016-04-12 14:51 - 2016-04-12 14:51 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-04-12 14:50 - 2016-04-13 19:44 - 00000000 ____D C:\Program Files\ByteFence
2016-04-12 14:50 - 2016-04-12 14:51 - 00000000 ____D C:\Users\john\AppData\Local\{2220147C-0688-78C4-6B10-5D2C4F78A1B4}
2016-04-12 14:50 - 2016-04-12 14:50 - 01212136 _____ (DotNes ) C:\Users\john\Downloads\mike_tysons_punch_out [1].exe
Task: {2160B34A-D92D-4183-9B34-4F4007657ED7} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Task: {A2A8DE97-6EA4-40AE-A33B-D715EB6E6B01} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED

  • Guest
Re: Computer infected. Please help out
« Reply #6 on: April 14, 2016, 09:45:39 PM »
Here are the final logs.
Thank you!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Computer infected. Please help out
« Reply #7 on: April 14, 2016, 09:46:33 PM »
How is the computer now ?