|
Post by edolan on May 27, 2017 10:55:50 GMT -8
This pesky malware is in deep, please help
FRST.txt (199.62 KB)
The addition.txt will not attach. I receive the error "Some data could not be parsed. Refresh and try again"
I will try running the FRST64 app again
|
|
|
Post by edolan on May 27, 2017 13:03:11 GMT -8
FRST.txt (44.91 KB)
Ran the FRST64 application again and tried to attach addition.txt to no avail.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 28, 2017 11:27:48 GMT -8
I do need both files to fully remove this threat. Please notice that you will have to use a file sharing site to send the second file. Please follow the steps in this thread ( I think I am infected. What do I do? ). Notice that you will need to use wikisend.com to supply me with the Addition.txt log; steps to do this are explained here . Once you have provided the logs required, I will assist you as best we can. Thank you.
|
|
|
Post by edolan on Jun 26, 2017 15:19:51 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jun 26, 2017 22:03:47 GMT -8
Thanks for the logs. I only see one or two signs of Kotver so we will start with a scanner that works on unseen objects also ==>> Please download Malwarebytes Anti-Rootkit from here- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt .
[/ul]
|
|
|
Post by edolan on Jul 13, 2017 17:18:35 GMT -8
Finished. No threats detected. Logs attached
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 13, 2017 19:31:06 GMT -8
You mean no threats after it cleaned Kotver off your system. What does Norton find now? Anything?
|
|
|
Post by edolan on Aug 2, 2017 14:06:10 GMT -8
Sad to say, but I ran the Malwarebytes again and it found malware. I have attached the most recent logs. Norton continues to find Trojan.Kover and requests a restart every time.
system-log.txt (306.08 KB) mbar-log-2017-08-01 09-18-48.txt (3.41 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 2, 2017 21:29:10 GMT -8
Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. If you do not have FRST64.exe on your desktop anymore, please download Farbar Recovery Scan Tool 64bit and save it to your Desktop. Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does). The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or pastebin.com to upload the file and then post the download link here in your reply post.
|
|