|
Post by meryle on Apr 1, 2017 16:28:04 GMT -8
I have Windows 10 Home and received notices from Norton to "restart due to security risk"--continually. Ran scan; saw where Trojan.Kotver!gm2 quarantined and supposedly cleaned. Every time Norton does a scan I get message to "restart". Ran Norton Eraser, but still getting the "restart" notices and statement of "Norton Eraser may need to be run". I ran the scan that was instructed and have provided it here. FRST.txt (149.41 KB) I would greatly appreciate any help you can provide to rid my computer of this Trojan.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Apr 1, 2017 21:35:04 GMT -8
I must have the Addition.txt file as well. You will have to use wikisend.com to upload and then provide a link to the file. Notice that you will need to use wikisend.com to supply me with the Addition.txt log; steps to do this are explained here . Once you have provided the logs required, I will assist you as best we can. Thank you.
|
|
|
Post by meryle on Apr 2, 2017 4:13:20 GMT -8
Addition.txtIs this what you are needing? I tried to attach but it said it was forbidden. Thanks
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Apr 2, 2017 11:36:28 GMT -8
Yes, that is the correct file. Thank you. FIRST >>>>Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed): Yahoo Search SetTo do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software. SECOND >>>>Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. THIRD >>>>Please download Malwarebytes Anti-Rootkit from here- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt .
[/ul] LAST >>>>INFO TO REPLY WITH:How is your system running now? How did the uninstall(s) go? Any problems? The Fixlog.txt text file (you should be able to attach this file; no need for wikisend.com usually). The logs from MBAR - mbar-log.txt and the system-log.txt files please. Any questions?
|
|
|
Post by meryle on Apr 2, 2017 12:36:19 GMT -8
Fixlog.txt (52.87 KB) Fixlog.txt (52.87 KB) Here is the Fixlog.txt. Will provide the logs for Malwarebytes when it completes the scan. Thanks!
|
|
|
Post by meryle on Apr 2, 2017 14:26:12 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Apr 2, 2017 20:15:33 GMT -8
I see that you ran the Fixlist.txt script twice; not a real problem with that but I would like to see the original Fixlog from the first run if possible. Please see if there is a C:\FRST\Logs directory on your system. There should be two Fixlog_02-04-2017_time stamp.txt files there. Please post the earlier one (before 16-16-17 time stamp). It may not be there but it should have tried to make something of a file even if FRST hung in the middle of the script. Thanks.
|
|
|
Post by meryle on Apr 3, 2017 1:02:20 GMT -8
I could only find the one. I did run twice, but the first time it froze so I ran it again. If there is somewhere else that I should look for it please let me know and I will look when I get off work. Thanks
|
|
|
Post by meryle on Apr 3, 2017 13:51:11 GMT -8
I only have the one fixlog. When I tried to look it up this is the response I received: No Results found for 'C:\FRST\Logs directory'. The first time I ran it became unresponsive, had to use task manager to get it to stop, then ran it the second time without problem. Thanks
|
|
|
Post by meryle on Apr 3, 2017 16:06:04 GMT -8
First day in months that I could run Norton and didn't find anything or have to reboot!!! I am giving it a few days, but it sure does look like it worked. I am soooo excited!
|
|