Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 2, 2014 9:16:41 GMT -8
OK
make sure you have download the fixlist correctly (not in htm(l) formatting) and then which to Safe Mode Minimal (not with Networking) so that at least for the fix you will not even have any networking either (but neither with all the malware.
Or try disconnecting from the internet before starting FRST and using the fix button (dllhost and Poweliks calms down with no internet connection giving us more system resource.
Quads
|
|
|
Post by katrina on Nov 2, 2014 9:31:22 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 2, 2014 9:43:26 GMT -8
Now with Poweliks, Tracur vawtrak and whatever else they are removed (including the block on AV's) your system should be acting better
Quads
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 2, 2014 9:58:30 GMT -8
Sorry for the trouble; did not think it was going to be that difficult to do. How is your system running now? Can you run in normal boot mode or are you having to stay in SMWN? Please get us a new scan with FRST to see what remains: Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by katrina on Nov 2, 2014 9:58:51 GMT -8
I posted that fixlog before I saw your instructions about disconnecting from the Internet. I do not know if it was clear (of if it matters) about the stuff disappearing. Hope this makes it clearer if you need it.
Session A Safe Mode - everything in place on desktop - I crash it and power on into:
Session B- Safe Mode - everything on desktop GONE except some game shortcuts. I copy/paste from a CD two files: frst.exe, and fixtxt.zip . Fixtxt.zip creates fixtxt.txt. Running the fix with FRST creates Fixlog.txt (Total four new files showing on desktop) - computer restarts itself (assumed FRST) into
Session C - Normal mode- everything in place on desktop (as in Session A) - Four Files placed during Session B are NOT visible - I force crash it into:
Session D- Safe mode - Desktop as at the end of Session B- (only the few game shortcuts and the four files ) I turn it off for good until next instructions arrive.
Also in Sessions B/D - it isn't just the desktop stuff that is missing, my taskbar and the start menu are missing all pins and many programs. It is like there is an on/off switch concerning what will show in each of the two modes.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 2, 2014 10:24:20 GMT -8
You have the instructions above
In Safe Mode it depends why account you are logging into that is the beauty of safe mode not as much settings, programs and drivers are loaded
Quads
|
|
|
Post by katrina on Nov 2, 2014 10:41:41 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 2, 2014 10:53:51 GMT -8
OK
The Good News Poweliks is gone
The Bad News It looks like something similar to racur has come back with a vengence, Started before the download of fixlist.zip and just carried on afterwards.
Also have fake Flash player update files
One of us is going to have to script again, it has loading points in tasks also and a file that goes all the way back to
2014-11-02 06:17 - 2014-11-02 06:17 - 00000000 ____D () C:\ProgramData\PucicEwosh
I think
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 2, 2014 11:15:14 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Note: The forum security does not like some of the characters in the script file and would not let me paste the file as a text file. please download this zip file to your desktop, double click to open it and extract (copy) the Fixlist.txt file to your desktop. Sorry for the inconvenience but this was the only way to get the file to you.
|
|
|
Post by katrina on Nov 2, 2014 11:50:17 GMT -8
|
|