Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 23, 2014 17:51:15 GMT -8
You go to wikisend.com/ and upload the Qurantine.zip and then give me the link to Download, and then I go to the download link and download quarantine.zip to my PC. Quads |
|
|
|
Post by olemil on Apr 23, 2014 17:53:30 GMT -8
[REMOVED LINK]
|
|
|
|
Post by olemil on Apr 23, 2014 17:56:34 GMT -8
I will delete the .zip file and empty trash after you confirm you have the file ok.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 23, 2014 18:06:08 GMT -8
I have it, Now I have to update the FRST script so that it will remove it's quarantine files from the computer, before going on with the lesser worry of PUP's which Malwarebytes may have found items of.
Quads
|
|
|
|
Post by olemil on Apr 23, 2014 18:09:29 GMT -8
I deleted the zip file and emptied recycle bin. Auto-protect re-enabled.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 23, 2014 18:21:03 GMT -8
I see why your files are larger, it does looks more and more like Zekos (but rpcss.dll is legit) and not symptoms by the user like Squirrel, so maybe this change is faulty so that the malware did not work (fully infected the system). I have grabbed the files from you and Squirrel as to help Malware Removers like me and SSR etc. pick apart what is going on with mezit.
back with new script and post in a minute.
Quads
|
|
|
|
Post by olemil on Apr 23, 2014 18:26:45 GMT -8
ok, so you are saying that my system wasn't fully infected, I hope? Standing by for next fix file. I may have to end our session before too much longer if it will be safe/ok, bed time is calling me.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Apr 23, 2014 18:30:48 GMT -8
You may want to read carefully all of this message first before starting the steps.
After this Mezit should be gone from your system (wave goodbye), you still have PUP's and my step 4 but that is a lesser worry
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop
When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
|
Post by olemil on Apr 23, 2014 18:34:31 GMT -8
Fixed applied. Quarantine removed from FRST folder in C drive.
|
|
|
|
Post by olemil on Apr 23, 2014 18:36:33 GMT -8
Will my PC be safe for now if we have to wait until tomorrow to finish the session with the PUP's? I really hate to stop now after all you have done and I do REALLY appreciate it but I will need to end soon.
|
|
