|
Post by foxman on Nov 13, 2016 5:46:07 GMT -8
The Norton started to identify the infection about a week ago. I does not appear to slow my machine down but Norton continually identifies the malware and tell me to reboot the computer to fix. This does not happen on booting, but occurs sometime after, sometime minutes and sometime hours. Norton identifies the infected files as txt file such as 00023752.txt. For some reason I cannot attached the addition.txt files. When I try it says it is forbidden. log FRST.txt (122.56 KB) Here is a download link for addition.txt wikisend.com/download/953584/Addition.txt
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 13, 2016 17:30:47 GMT -8
Did you know that System Restore is disabled? If you did not do this intentionally, please check the following: Go to Start and type System in the search box. Click on System (under Control Panel or Settings) and then on System Protection. Click on Configure and then select Turn on system protection. Click Apply and then OK. In the System Protection screen, is Protection now On for the drive? We need to have Restore Point made as part of the fix (just in case anything goes wrong), so I do need to know if this is not working before you continue the next steps. If System Restore is ON and working, then please proceed with the next steps. FIRST >>>>Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. SECOND >>>>Please download Malwarebytes Anti-Rootkit from here- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt .
[/ul] LAST >>>>INFO TO REPLY WITH:How is your system running now? The Fixlog.txt text file (you should be able to attach this file; no need for wikisend.com usually). The logs from MBAR - mbar-log.txt and the system-log.txt files please. Any questions?
|
|
|
Post by foxman on Nov 14, 2016 3:51:23 GMT -8
I back up my system with Acronis True Image to a separate external drive, which I will perform before the fix.
|
|
|
Post by foxman on Nov 14, 2016 4:22:14 GMT -8
Sorry, is this acceptable
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 15, 2016 0:18:11 GMT -8
If the "backup" is an image then that is fine with me. I just wanted there to be a way to restore your OS / system IN CASE SOMETHING happens. That's all. If your backups were recent and current then they could be infected also; when was the last back up done?
|
|
|
Post by foxman on Nov 15, 2016 3:46:04 GMT -8
It is an image and it was backuped four days ago.
|
|
|
Post by foxman on Nov 15, 2016 7:06:33 GMT -8
Fixlog.txt (76.82 KB) mbar-log-2016-11-15 07-02-50.txt (6.98 KB) mbar-log-2016-11-15 07-35-31.txt (2.08 KB) The fix appears to have worked. Here is what I plan to do. Defrag this drive with Ultimate Defrag. Delete the last image backup from my external drive. Defrag the external drive. Create a new backup on the external drive. Rename the save directory of the backup so that the next backup does not overwrite this image. Would it be correct to assume that this backup is of a completely secure system and could be used to clean the system in the future? In addition, would you recommend a daily use of your Malwarebytes Anti-Rootkit. Thank you for your help.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 15, 2016 23:50:15 GMT -8
Using MBAR on a daily basis could be a bit risky as it is a developmental tool and is updated to fight different malware at different times. The possibility of a False Positive is likely however I know that in case of Kotver and the related malware, MBAR was tweaked heavily to make sure there were no FPs on these files.
How is your system running now?
|
|
|
Post by foxman on Nov 16, 2016 3:04:47 GMT -8
Great
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 16, 2016 9:41:03 GMT -8
Good; then let's clean the tools and get you on your way!!! We need to remove the tools we've used during the cleaning of your machine. [/a] Ensure the following is ticked: - Remove disinfection tools
- Create registry backup
- Purge system restore
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final words from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time. === options ====Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed. CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here. Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week. Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view. You may also find some information and tips at this thread: How did I get infected in the first place?and COMPUTER SECURITY - a short quide to staying safer online
I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
|
|