fff5EE virus

[Grumman99]

I am receiving warnings from MWBytes regarding blocking fff5ee and sysWOW64\dllhost. When I see those I also not multiple instances of wriweaz.exe and/or iexplore.exe 32 in my process log in Windows Task Manager.

 

[Grumman99]

forgot to add that I also ran Hitman Pro and cleared 40 items. Still have issue

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Grumman99]

I ran FRST and am uploading the Fixlog file

 

[Grumman99]

I just received 6-7 notices (I lost count) from MalwreBytes that it blocked various exe files trying to access fff5ee.com

 

[argus]

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

[Grumman99]

Ran ComboFix. Attaching log

 

[argus]

How is the situation now?

 

[Grumman99]

I am not seeing any blocked site messages from Malwarebytes. I presume we have a fix.

 

[Grumman99]

Also, I checked my task manager and it appears to be clear of any duplicate files (like wriweaz.exe ....not sure what that was). No additional noticifications

 

[argus]

It is WinFast



Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Grumman99]

ok. Looks like that did the trick. Thanks!
Months of pecking at it and you got it done in a couple minutes. I really appreciate it.