Solved Malware Help!

J

jjbrathcer0726

New Member
Thread author
Feb 13, 2015
9
I have ran all 7 tools in the help section of the forums. I was able to remove some and others found not threats. I ran the ESET scan and found the following threats.

I think i have to be doing something wrong. I think we got the malware by downloading a free video converter software. I just want to make sure the PC is clean.

Here is the log from ESET

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.02.2015_16.16.03\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Owner\Downloads\gimp-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Owner\Downloads\IObit-Malware-Fighter-Setup.exe Win32/MyPCBackup.C potentially unwanted application deleted - quarantined
C:\Users\Owner\Downloads\winzip19-dl (1).exe a variant of Win32/InstallCore.TS potentially unwanted application deleted - quarantined
C:\Users\Owner\Downloads\winzip19-dl.exe a variant of Win32/InstallCore.TS potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files (x86)\Coupon Companion Plugin\ButtonUtil.dll a variant of Win32/Toolbar.CrossRider.G potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe a variant of Win32/Toolbar.CrossRider.H potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.exe a variant of Win32/Toolbar.CrossRider.H potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files (x86)\Coupon Companion Plugin\Coupon Companion PluginGui.exe a variant of Win32/Toolbar.CrossRider.F potentially unwanted application deleted - quarantined
C:\Windows.old\Program Files (x86)\Coupon Companion Plugin\Uninstall.exe Win32/Packed.ScrambleWrapper.A potentially unwanted application deleted - quarantined
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.


Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
We will delete all used tools.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
J

jjbrathcer0726

New Member
Thread author
Feb 13, 2015
9
Thanks I just ran that and it removed several tools. Thanks again for your help! I will be buying you a beer here in just a few!
:)
 

Similar threads

mojaveron
    • Like
    • Wow
Advice Request KerishDoctor.A potentially unwanted application
Replies
40
Views
6,225
ESET
roger_m
R
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,973
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,936
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top