jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 10, 2014 21:08:04 GMT -8
Thanks! I will wait patiently.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 16, 2014 19:28:52 GMT -8
I have tested by infecting my system with Poweliks
The Symantec Removal tool for Poweliks, which only targets Poweliks does work successfully at dealing with the Registry key
It only targets Poweliks in the registry, so if your system has Tracur, Cidox, Zeroaccess or a Ransomcrypt (like Cryptowall), it will not target any of those
Windows 64 Bit tool Download here.Windows 32 bit tool Download here I will allow users that turn up aor are already here to use it to break Poweliks, so their system settles down, the FRST logs just looks different with the possible <=== ATTENTION for the parent keyQuads
|
|
jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 17, 2014 5:33:51 GMT -8
Quads,
I downloaded the 64 bit tool from the link above, copied to my desktop and ran it. It produced the file "FixPoweliks64.log" The log file just says:
"Failed to find infected registry key"
I will wait for further instructions. Thanks for your help!
Jonathan
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 21, 2014 17:53:18 GMT -8
Delete your copy of addition.txt that is on the Desktop, then
Start FRST and run a new scan, creating 2 new logs to post back here.
Quads
|
|
jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 22, 2014 5:23:37 GMT -8
Quads,
I did as you instructed: deleted Addition.txt from Desktop, and ran a new scan using FRST64 on the desktop**.
The scan overwrote the existing FRST.TXT which is attached.
But it did not produce an new ADDITION.TXT.
** Note, when I ran FRST64 on the desktop, the program warned me that the version was 11 days old, and asked if I didn't want to get the latest version.
I wanted to ask you first before doing that, so I ran the old version.
Please let me know how to proceed.
Thanks,
Jonathan
|
|
jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 22, 2014 17:00:58 GMT -8
Quads, Oops, my bad. I ran the FRST64 again, and this time it did produce both logs. I think I may have inadvertently un-checked the "Addition.txt" checkbox the first time. Attaching FRST.TXT wikisend for Addition.txt wikisend.com/download/482612/Addition.txtSorry for the confusion, and thanks again for your help. Jonathan
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 22, 2014 19:34:48 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 22, 2014 20:07:01 GMT -8
Here is the fixlog.txt attached.
Thanks!
Jonathan
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 22, 2014 20:24:22 GMT -8
Now with that done, your system should be acting more normally, with dllhost not being so over active??
Quads
|
|
jpoor
New Helpee
Posts: 19
|
Post by jpoor on Nov 22, 2014 20:43:15 GMT -8
Yes, I hooked back up to the internet, and things look quite stable.
PC boots up quicker, and programs are loading much quicker. Thanks!
A question, should I let Windows Security Essentials resume nightly scans?
Thanks again,
JOnathan
|
|