Solved Malware Detection On System Registry

[hakah]

Usually trojans were found in System Volume Information Files. Everytime after Threat Scanning by MBAM, action was applied and removal of such files via System Reboot. Thereafter, through similar scanning of MBAM again, same detection is found again with similar files which means that those troajns cannot be actually removed.
Please check and advise what remedy actions I have to undertake in order to avoid such similar re-occurrence of infection to my Registry Files. Required scan files are attached for your reference and checking.
Many thanks for your kind assistance!

 

[TwinHeadedEagle]

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[hakah]

zoek-results.log is enclosed for your reference and checking.
Please advise of any remedy action and thanks for your kind assistance!

 

[TwinHeadedEagle]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

createsrpoint;
emptyfolderscheck;delete
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b

 

[hakah]

zoek-results.log2 is enclosed for your reference and checking.
Please advise of any remedy action and thanks for your kind assistance!

 

[TwinHeadedEagle]

How is computer now?

 

[hakah]

This afternoon my AVG discovered 3 System Volume Information Files with Crack,BQV warning which I then followed their advice to have them removed. That's what I wonder how such trojans cannot be removed /cleaned up and still existed within those files.

 

[hakah]

Sorry I am afraid that those trojans may be come from some keygens or patches enclosed with the software downloaded from some Forum Sites. Hope you can re-start once again to clean up those System Registry Files again and will make sure to work out later downloaded softwares in sandboxie in order to keep System Registry clean and not being affected anymore.
Thanks again!

 

[TwinHeadedEagle]

System Volume Information is protected environment and viruses are not active here.



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[hakah]

DelFix.txt is now enclosed for your checking and any follow-up recommended.
I will temorary stop installing any software in this computer until all is cleaned up and ready for use again!

 

[hakah]

Days ago, there were malware of AdPlugin.KA found as well .

 

[hakah]

Still waiting for reply on malware removal solution!!

 

[TwinHeadedEagle]

Run FRST once more, check Addition.txt, press Scan and attach both reports.

 

[hakah]

Sorry, I have deleted FRST tool and hope you can provide me with the download link first prior to the scan.
Thanks!

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[hakah]

FRST.txt and Addition.txt are now enclosed for your checking and advice!

 

[TwinHeadedEagle]

PC seems clean to me, no active malware.

 

[hakah]

Thanks a lot for the assistance so far. This morning I run my MBAM and still discovered trojans within the Registry Files. Though I have performed numerous actions and still they exist. Can they be removed permanently or just left them there. Malware report of MBAM is then enclosed for your checking and advice on remedy action if preferrable.
Thanks for the help!

 

[TwinHeadedEagle]

Did you removed files one the end of the scan?

 

[hakah]

Yes, I have removed them after that scan. Have I done anything wrong or should just leave it as it is. Extremely sorry for that as not being awared of it. What should I do then and hope you can make some amendments or backup to my Registry Files again! Very very sorry fo that!