dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 16, 2015 11:28:34 GMT -8
The files that were running via the dllhost.exe show that there is nothing malicious about them or has ever been in the last two years. (Thank you for the VirusTotal scans.) Let's see what else is lurking on the system, however .... Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a LogFile button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks.
|
|
|
Post by terryc on May 17, 2015 8:12:37 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 17, 2015 18:50:23 GMT -8
FIRSTPlease run AdwCleaner again (if you don't have it running from the last scan) and a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done). b) Make sure in your case all the items under each TAB are ticked / checked then. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted. d) It should create a new log afterwards (with S0 in the name). e) Please attach or copy the log into your reply here. SECONDMalwarebytes' Anti-MalwarePlease download the latest version of Malwarebytes' Anti-Malware from Here. The version you have installed is older and this will update it to the latest released version. Double Click on the mbam-setup.exe file to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select " Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. Please click on the Save results > link in the bottom right hand corner and select the Text file(*.txt) from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop). After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that. Please attach the report file to a post here; I will review the file and script what needs to be removed.
|
|
|
Post by terryc on May 19, 2015 8:25:54 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 19, 2015 19:53:46 GMT -8
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET Online Scanner << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checkedNow click on: StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks.
|
|
|
Post by terryc on May 20, 2015 16:09:14 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 20, 2015 23:05:26 GMT -8
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
|
|
|
Post by terryc on May 21, 2015 10:25:43 GMT -8
I might have a more immediate problem now. The Farbar Recovery Scan Tool says it is creating a restore point but I fear it is hung up. When I first opened it to run as administrator, it said it would look for updates. What seemed simultaneously I got two messages, one saying updates had been made and the other saying the version I downloaded not many days ago now is old enough that I should probably download another. I'm not sure what I clicked, but soon enough the tool was up on the screen and ready for me to click "fix." I clicked it. It said it was creating a restore point and shortly after a green progress bar was running horizontally to indicate it was processing. But soon afterward, the image hazed over and in parenthesis at the top bar of the tool it said "not responding." I thought to disable Norton antivirus. I did and not long after that the tool seemed available and ready again. I clicked fix. And now for about 25 minutes it has said "Creating Restore Point. This can take a few minutes wait....." Does that sound OK? How long might it take? I know it can take a day or so to get a response here and because this is my work PC I might have try something else sooner, e.g. power down the machine and reboot.
|
|
|
Post by terryc on May 22, 2015 6:32:10 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 23, 2015 11:18:25 GMT -8
Hmmm... FRST might be getting targeted by malware now and AV vendors are noticing. You did fine with the Fixlist; looks like it did get hung on deleting some files but the last run got them all.
If you did not do so at the end of its scan, please uninstall ESET Online Scanner at this time. You can use the Control Panel 'Add / Remove Programs' or 'Programs and Features' utility to uninstall it. Next, we need to remove the tools we've used during cleaning your machine. [/a] Ensure the following is ticked: - Activate UAC
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Reset system settings
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final word from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time.
|
|