|
Post by markburrows on Aug 23, 2014 3:28:33 GMT -8
Hi Quads, Have to say i was very nervous about doing this as i am a novice but put faith in your expertise and instructions and went for it ! Managed ok i think, please find the log below Attachment Deletedthanks for your continued support and help Mark
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 23, 2014 14:12:23 GMT -8
Parts of the Isafe with the company name "Elex do Brasil Participações Ltda" are detected by different AV's but no AV is complete is the detections of all of the items
Interesting is that Dr Web detects part of it as an Trojan.AVKill (seeing as you are having problems with installing or running Norton)
Adwcleaner also finds some of it, breaking and removing it may be a different matter
***** [ Services ] *****
Service Found : iSafeKrnl Service Found : iSafeNetFilter Service Found : iSafeService
***** [ Files / Folders ] *****
Folder Found : C:\Program Files\iSafe Folder Found : C:\Users\[USER]\AppData\Roaming\iSafe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\Software\iSafe Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive, so that fixlist.txt is next to FRST64.exe on the Flash Drive, DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Do Like previously to start FRST without Windows loading like we did when we first used FRST on the Flash Drive. (there is a difference stated further down)
In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe or e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer. (If it still gives the disclaimer) Press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) Please attach the log in your reply back, Or with this forum you can paste the log into a message as some logs are already for bb code Hopefully that breaks the services of Isafe
Quads
|
|
|
Post by markburrows on Aug 24, 2014 5:02:41 GMT -8
Hi Quads Another excellent piece of help and instruction, please see the attached log Attachment Deletedthanks Mark
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 24, 2014 10:07:57 GMT -8
Back to the Windows booting normally to the Desktop like we do originally Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
|
Post by markburrows on Aug 25, 2014 8:26:55 GMT -8
|
|
|
Post by markburrows on Aug 25, 2014 8:29:19 GMT -8
Hi Quads, In addition while the Adwcleaner scan was running the hd started whirring again and the whole system went really slow...... i left it alone and it finished on its own .... operating ok again now
thanks Mark
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 25, 2014 9:52:38 GMT -8
Just some left over pieces of isafe and some items belonging to PUP's, but Isafe did get broken by FRST The HDD working hard at some stages of scans, could be that there are errors on the drive that the scanners get to and struggle though, or at worse the HDD is slowllly dying. I have just replaced a HDD is a Notebook where the old drive was working so hard (light always going) Windows would not load and even by boot CD's struggled to do anything and I was waiting a while for each step, like looking at the partition structure for trying HDD recovery software (which failed). That HDD would be majorly worse than yours, it was stuffed. When I installed the new HDD and installed a fresh Windows from the Microsoft download using the COA sticker on that notebook etc. next to no stressing by the HDD and it runs fast and smooth. Just slowly downloading all the drivers and apps from Acer for that Notebook, to install, it is actually a gaming Notebook. Just saying a couple of reasons for a working HDD that is all, if it is minor chkdsk is available for it a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
|
Post by markburrows on Aug 26, 2014 8:05:00 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Aug 26, 2014 10:43:20 GMT -8
We will check just to make sure there is no Cidox variant, which can make the HDD work, and is not detected by FRST in logs (neither is Harbinger or Whistler) Please read carefully and follow these steps. Go to support.kaspersky.com/viruses/common/5350 Click on 1. How to disinfect a compromised system to expand the question then click on the TDSSkiller.exe green link to download and transfer the download to your desktop. Double click on TDSSKiller.exe that is on the Desktop to run the application, Open the Change Parameters option and select the detect TDL File system Click OK
Then on Start Scan. After the scan a report will be created the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back, or paste back in a message.
Quads
|
|
|
Post by markburrows on Aug 27, 2014 7:47:25 GMT -8
Hi Quads, all done, nothing found, please see attached log Attachment Deletedthanks for the great support so far Mark
|
|