Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 17, 2014 11:05:29 GMT -8
Post by Quads on Aug 17, 2014 11:05:29 GMT -8
For Norton detection's, if other tools are have been used to remove what was detected instead
When Norton detects a object it can't deal with the detection gets placed in the Unresolved threats list and Norton will give the user the alert popup after every restart and every now and then while Windows is running. Due to the fact other programs have 0 be used with certain malware families to clean / cure or remove whatever is required, Norton still has the listing in the Unresolved Threats list (Qbackup folder). and stays there. Go into Norton's History , go into the Drop down list and choose the "Unresolved Threats" list and select the listings and click the "Clear Entries" Button to remove the listings On the Restart the listing should be cleared. Quads
|
|
|
viknok
Aug 19, 2014 8:30:21 GMT -8
Post by lemony on Aug 19, 2014 8:30:21 GMT -8
I've still been trying the delfix site but I still get the same message and can't access the site. Also I have just tried doing the Norton history clear from your last post but am unsure if I should clear it. One item comes up but I'm not sure if its the one we got rid of. It says its: W64.Viknok.B!inf Infected file: c:\windows\system32\sysprep\cryptbase.dll. It is dated 8\15 at 11AM.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 19, 2014 10:49:44 GMT -8
Post by Quads on Aug 19, 2014 10:49:44 GMT -8
Ok I will have to look into the file and then also find a backup like we did with rpcss.dll
doing some reading on what Zekos (Viknok) does with that file, on the fact it is not the actual cryptbase.dll but a zekos file named as the Windows file and replaces the Windows file.
Qoads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 20, 2014 9:52:38 GMT -8
Post by Quads on Aug 20, 2014 9:52:38 GMT -8
Lets get the file info for the detected version as it does not show in the FRST logs
Disable Norton Auto-Protect and SONAR for say 1 hour in the options and NOT "Until next system restart". This is because FRST may need to restart the system and due to the fact Norton detects the file and FRST we don't want Norton to interfere.
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
viknok
Aug 29, 2014 9:13:03 GMT -8
Post by Quads on Aug 29, 2014 9:13:03 GMT -8
Looks like this user has gone??
Quads
|
|