|
Post by mysticman on Jan 27, 2015 20:51:02 GMT -8
Hi Quads,
I can open Action Center (I have Windows 7) - is there anything specific I should try to do with it?
The only funny thing I can see is a "Solve A Problem With Kitten Cannon" message:
Solve a problem with Kitten Cannon Kitten Cannon has stopped working properly.
A newer version of this software is available for download that solves this problem. SpiralOrbit recommends updating to take advantage of security and stability improvements.
Now I never knowingly downloaded Kitten Cannon so I assume it was a malware install.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 21:34:21 GMT -8
It was a test to see as with the Ransomlock variant part of Windows has its image path changed to the ransomlock and not to what Windows needs it to be, as a result the likes of the security center, System Restore etc don't work, FRST should have fixed that but by you being able to open the Security Center it means that it was fully successful in the repair of Windows.
Quads
|
|
|
Post by mysticman on Jan 28, 2015 8:26:18 GMT -8
Thank you so much, Quads!
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 28, 2015 21:23:15 GMT -8
On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|
|
Post by mysticman on Jan 29, 2015 10:33:36 GMT -8
Hi Quads,
Contents of eset logfile:
----------------------------------------------- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Users\Alex\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\Windows\Installer\5b0a257.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application -----------------------------------------------
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 29, 2015 16:47:00 GMT -8
Tools and Quarantines we used to be removed Please download DelFix by Xplode to your Desktop. toolslib.net/downloads/viewdownload/2-delfix/Double-click to run the program; Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure the Remove Disinfection tools is ticked / selected in the list Click RunA log will be opened after the operation is finished Copy and Paste it in your next reply Quads
|
|
|
Post by mysticman on Jan 29, 2015 17:35:02 GMT -8
Hi Quads,
Here's the delfix log:
# DelFix v10.8 - Logfile created 29/01/2015 at 20:34:21 # Updated 29/07/2014 by Xplode # Username : Alex - ALEX-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\Users\Alex\Desktop\Addition.txt Deleted : C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe Deleted : C:\Users\Alex\Desktop\Fixlog.txt Deleted : C:\Users\Alex\Desktop\FRST.txt Deleted : C:\Users\Alex\Desktop\FRST64.exe
########## - EOF - ##########
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 29, 2015 17:36:01 GMT -8
You are free to go on your merry way. You are now fixed / Solved.
Quads
|
|
|
Post by mysticman on Jan 29, 2015 18:12:19 GMT -8
Thank you so much, Quads! All the best to you.
|
|