Status
Not open for further replies.
Infection date and initial symptoms
5/6/2015. Wireless connection shows Internet access, but laptop will not connect to the Internet after running Malwarebytes quarantine on 96 files.
Current issues and symptoms
No Internet connection and receive constant pop up boxes indicating Bad Image for multiple .exe files related to the file path C:\Windows\system32\ColorMedia.dll.
Steps taken in order to remove the infection
1. Uninstalled Malwarebytes after quarantined file restore was unsuccessful.
2. Performed System Restore to most recent clean point today.
3. Reinstalled Malwarebytes in order to export scan log to a .txt file.
4. Ran AdwCleaner prior to this post.

CMBACH

New Member
I ran Malwarebytes on my father-in-law's laptop this morning and quarantined 96 potential non-malware threats. Internet connection was lost after reboot following Malwarebytes scan and quarantine. I am also receiving constant pop up boxes indicating Bad Image for multiple .exe files related to the file path C:\Windows\system32\ColorMedia.dll. I have attached a screen shot of one of the pop up boxes plus the Malwarebytes scan log from this morning.
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
Yes, there is a lot of malware. Let's try with this:


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
This is one nasty malware. We need to work outside Windows to remove it:


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).



    Access the notepad and identify your USB drive

    In the Command Prompt please type in:
    Code:
    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.



    Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
 

Attachments

CMBACH

New Member
Here is Fixlog.txt file. I booted Windows normally. No Internet and pop up boxes continue with same message.
 

Attachments

TwinHeadedEagle

Removal Expert
Verified
Staff member
We're on the good way to fix your issue:


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

CMBACH

New Member
Everything seems to be working normally now. Is it okay if I delete the .txt files from the desktop?
 
Status
Not open for further replies.