mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 27, 2015 10:29:02 GMT -8
I am using Windows 8.1 64 bit My laptop was appparently infected with Trojan.Ransomlock.G today. Symptoms are much like those described by the other posters of today and yesterday. I keep getting Norton warnings every 20 s. Norton internet security and Norton Power Erase tool do not recognize the source of the message. Windows update does not seem to work anymore. Any help would be greatly appreciated.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 13:47:49 GMT -8
Do Not use any tools or any programs for cleaning used until being asked / instructed to do so!!!!!.
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system. This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Take longer to read if your language is not English, so that hopefully it is understood.
Reply stating you have read the post fully.
I also if it is busy (have a lot of systems at once to deal with) like being in a supermarket checkout line, waiting their turn, I use the forum like a checkout line.
And the Forum is VERY BUSY at the moment for just 2 Removers, so Please be patient as no one would want us to do a script wrong and hurt someones Computer / System It is better that Windows is able to load and stay as is than to hurt Windows and be in a bigger hole
|
|
mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 27, 2015 14:01:22 GMT -8
Hello Quads, Thanks for your reply. I have fully read the post. As stated above, I run Windows 8.2 64-bit.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 19:46:32 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.Place FRST64.exe onto your desktop from where ever it downloaded to. Start FRST64 that is on your DesktopThe tool will start to run.When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make a logs ( FRST.txt and addition.txt) on your Desktop Please attach the log in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. IF ADDITION.txt does not want to upload go to Wikisend wikisend.com/ OR go to pastebin.com and upload the addition.txt there, then post the download link back in a message Quads
|
|
mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 27, 2015 21:59:51 GMT -8
Hi Quads, Thanks for the reply. I ran FRST64. The first time it blocked while "extra checking". After prolonged waiting I decided to stop it using task manager and run it again. Apparently, the only difference in the FRST.txt files is the "end of log" line. I cannot upload the FRST files as attachments for some reason, so I will try and upload the otherwise.
Attachments:Addition.txt (376 B)
|
|
mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 27, 2015 22:03:46 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 22:04:39 GMT -8
Disable SONAR in Norton's settings before running a scan as the addition.txt barely got started Delete your copy of addition.txt first
You also went against the Forum Guidelines running something twice
Quads
|
|
mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 27, 2015 22:42:17 GMT -8
Sorry about that. I disabled SONAR (for 15 minutes, would that be long enough?) and ran FRST again. It seems to be stalling on the "extra check" again, but I will leave it running for a couple of hours. How long would be reasonable?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 23:35:00 GMT -8
hmmm maybe the old FRST problem is back
You can just close FRST
Quads
|
|
mc74
New Helpee
Posts: 26
|
Post by mc74 on Jan 28, 2015 0:07:40 GMT -8
OK thanks. Should I upload the latest FRST.txt and addition.txt or can you work with the versions I uploaded earlier (I reckon they're the same as the previous ones)? I can upload the latest version only after about 9 hrs from now (work), but I'm in no hurry. By the way, yesterday (before even posting here) I stopped 4 versions of rundll.32 using taskmanager to get rid of the continuing Norton alerts. Could this be harmful to any part of the process? If so, please let me know what I can/should do. Appreciate your help!
|
|