Operating System
Windows 10
Infection date and initial symptoms
First noticed on 2016 0501 when trying to restart computer.
The computer got stuck. I forced it down and turned on, then noticed iTunes doesn't start. Just as percaution I tried to scan with Kaspersky but it doesn't progress beyond 1%.
I tried download Malwarebytes but it doesn't run at all.
Current issues and symptoms
Besides still no access to iTunes and Malwarebyes and Kaspersky not scanning, I've noticed files don't appear and disappear when moved until I refresh.
Steps taken in order to remove the infection
Tried Kaspersky and Malwarebytes but no luck. Malwarebyte's Chameleon tool gets stuck on updating MBAM. I tried running Rkill, which I found from google. There's an alert in file created, but it does not allow me to run Malwarebytes/Chameleon or Kaspersky.

ParallelPain

New Member
Hi

I first noticed the problem on 2016 0501 when trying to restart computer.
The computer got stuck. I forced it down and turned on, then noticed iTunes doesn't start. Just as percaution I tried to scan with Kaspersky but it doesn't progress beyond 1%.
I tried download Malwarebytes but it doesn't run at all.

Besides still no access to iTunes and Malwarebyes and Kaspersky not scanning, I've noticed files don't appear and disappear when moved until I refresh. No other noticed symptoms, but I haven't tried doing much.

I tried Kaspersky and Malwarebytes but no luck. Malwarebyte's Chameleon tool gets stuck on updating MBAM. I tried running Rkill, which I found from google. There's an alert in file created, but it does not allow me to run Malwarebytes/Chameleon or Kaspersky.

Also please note that although I uploaded Addition.txt and FRST.txt, my Farbar Recovery Scan Tool is currently stuck and has always gotten stuck a short while the three or four times I've tried it.
So I don't know if it will help.

I also uploaded the last Rkill.txt hoping it will provide more information.
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Hello,



Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 

ParallelPain

New Member
Before I do that, should I force close Farbar Recovery Scan Tool?

Also just to add to symptoms, I've actually tried shutting down, restarting, and restarting into safe mode. It always seem to get stuck on the shutdown phase.
 

ParallelPain

New Member
Zemana is stuck on this screen for quite a while now. I am wondering how I should proceed. I don't want to do anything wrong so I'm not going to do anything without confirmation.

Should I keep waiting or should I press stop. Should the repair/delete options be changed?

I am 99% sure the pokemon file it is currently scanning is not a problem because I've had that file since before I had this computer. I haven't touched it in years.

Looking at the threat results, it would make since I haven't noticed other symptoms as I don't use IE anymore and Firefox only has my history research results open, which I haven't looked at before I first forced down the computer and haven't turned on since.
 

Attachments

ParallelPain

New Member
Hi.

So after it's stuck classifying the same file for over 18 hours, I tried clicking stop and found out it's stuck.
So I forced close and restarted it multiple times. It always gets stuck at about the 22k files mark.

So I tried stopping and removing those 14 malware before it gets stuck. I was able to do that. But the scan still doesn't do more than roughly the 22k files mark before it gets stuck. I am also still unable to run iTune or Malwarebytes or restart computer without getting stuck.

I've attacked two reports. One is the Malware detected. The other is the "clean" results that is only clean as far as the 22k files scanned.

What should I do next?
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

ParallelPain

New Member
So like before, it is still stuck. I left it and went to work and came back and it is still stuck.
I've attached the generated files. But again I don't know how accurate they are because the scan is stuck.

Also I found another symptom. I can't access Microsoft Office.
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 

Attachments

ParallelPain

New Member
FRST never move beyond the message "Creating Restore Point. This can take a few minutes, please wait..."
This after multiple tries and a restart.

I went ahead with ZOEK anyway. I put the script, made sure the option is checked, and pressed Run Script as asked.
FRST is still stuck. I can't even click drag to move the window around.

I have not had a response from either programs in over 30 minutes.

Attached is the Fixlog FRST generated. I don't know how accurate it is.
ZOEK has only generated a runcheck.txt in C drive. The file is blank. It can only be opened as a readme (so I guess ZOEK is still open at least).

What should I do? Should I force close both tools from Task Manager and try again?

One more symptom found. When restarting the computer I decided to wait when it got stuck. After being stuck a few minutes, it gave me a Driver State Power Failure before forcing a restart itself.
 

Attachments

ParallelPain

New Member
Reporting no change from over 6 and a half hours ago. So still no log from ZOEK.

I have to go to work now. I will try after. But just want to let you know I was not able to enter 2 days ago due to being unable to restart properly.
 

ParallelPain

New Member
So because shift click restart doesn't work (I tried again to make sure) I went to msconfig to change setting to boot into safe mode.

But now it just gets stuck forever loading.

Using F8 or shift F8 don't work either.

I am trying to boot to safe mode from recovery USB I made from my tablet, but so far no luck.

What do I do now? Now I can't even access the computer.

I'll keep trying to get into safe mode.
 

ParallelPain

New Member
I am running out of options. USB boot don't give me the option of restart to safe mode. System Restore doesn't work (error 0x80070002). Startup Repair just gets stuck doing diagnosis (no movement after 3 hours). And I don't have CD to use System Image Recovery.

Only thing left is command prompt. Is there something I can type into command prompt to change msconfig boot option to not boot to safe mode?

Right now the only thing I could do that I couldn't before is shut down the computer from advanced options.