Solved Malware problem

[Ivan Kitov]

Please help me with my malware problem!

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Ivan Kitov]

Here we go !

 

[argus]

Is everything ok now?

 

[Ivan Kitov]

No, it is still the same!

 

[argus]

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

[Ivan Kitov]

Here are the files!

 

[argus]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  emptyfolderscheck;delete
  emptyrecycle.bin;
  FFdefaults;
  chrdefaults;
  iedefaults;
  emptyalltemp;
  autoclean;
  emptyclsid;
  ipconfig /flushdns >> %temp%\log.txt;b
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Ivan Kitov]

Here are the results

 

[argus]

How is the situation now?

 

[Ivan Kitov]

Well, still reimage appears and hitman finds results after restart.
Here is the result of scan

 

[Ivan Kitov]

All appears to be coming from Roaming and Mozilla

 

[argus]

C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:advertising.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:at.atwola.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:casalemedia.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:clickbank.net
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:doubleclick.net
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:media6degrees.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlitehilips.112.2o7.net
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:ru4.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:serving-sys.com
C:\Users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\sf5rrt88.default\cookies.sqlite:smartadserver.com



This is not malware.


Download CCleaner
http://download.cnet.com/CCleaner/3001-18512_4-10315544.html?hasJs=n&hlndr=1&part=dl-

Close all browser
Run and install. Click Run Cleaner.

 

[Ivan Kitov]

Already did !

 

[Ivan Kitov]

Well, then it seems that nothing finds this thing!

 

[argus]

Is everything ok now?

 

[Ivan Kitov]

still some pop ups

 

[argus]

Attach here screenshot

 

[Ivan Kitov]

I think that now is considerably better!

 

[Ivan Kitov]

I was misled by a sporadic pop up of a game but it is typical with some websites i guess.