Probably Malware. But not 100% Sure. Lots of stuff are blocked.

ParallelPain

New Member
Thread author
May 2, 2016
11
Hi

I first noticed the problem on 2016 0501 when trying to restart computer.
The computer got stuck. I forced it down and turned on, then noticed iTunes doesn't start. Just as percaution I tried to scan with Kaspersky but it doesn't progress beyond 1%.
I tried download Malwarebytes but it doesn't run at all.

Besides still no access to iTunes and Malwarebyes and Kaspersky not scanning, I've noticed files don't appear and disappear when moved until I refresh. No other noticed symptoms, but I haven't tried doing much.

I tried Kaspersky and Malwarebytes but no luck. Malwarebyte's Chameleon tool gets stuck on updating MBAM. I tried running Rkill, which I found from google. There's an alert in file created, but it does not allow me to run Malwarebytes/Chameleon or Kaspersky.

Also please note that although I uploaded Addition.txt and FRST.txt, my Farbar Recovery Scan Tool is currently stuck and has always gotten stuck a short while the three or four times I've tried it.
So I don't know if it will help.

I also uploaded the last Rkill.txt hoping it will provide more information.
 

Attachments

  • Rkill.txt
    5.1 KB · Views: 1
  • FRST.txt
    101.3 KB · Views: 3
  • Addition.txt
    69.3 KB · Views: 4

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 

ParallelPain

New Member
Thread author
May 2, 2016
11
Before I do that, should I force close Farbar Recovery Scan Tool?

Also just to add to symptoms, I've actually tried shutting down, restarting, and restarting into safe mode. It always seem to get stuck on the shutdown phase.
 

ParallelPain

New Member
Thread author
May 2, 2016
11
Zemana is stuck on this screen for quite a while now. I am wondering how I should proceed. I don't want to do anything wrong so I'm not going to do anything without confirmation.

Should I keep waiting or should I press stop. Should the repair/delete options be changed?

I am 99% sure the pokemon file it is currently scanning is not a problem because I've had that file since before I had this computer. I haven't touched it in years.

Looking at the threat results, it would make since I haven't noticed other symptoms as I don't use IE anymore and Firefox only has my history research results open, which I haven't looked at before I first forced down the computer and haven't turned on since.
 

Attachments

  • Untitled.png
    Untitled.png
    77.4 KB · Views: 10

ParallelPain

New Member
Thread author
May 2, 2016
11
Hi.

So after it's stuck classifying the same file for over 18 hours, I tried clicking stop and found out it's stuck.
So I forced close and restarted it multiple times. It always gets stuck at about the 22k files mark.

So I tried stopping and removing those 14 malware before it gets stuck. I was able to do that. But the scan still doesn't do more than roughly the 22k files mark before it gets stuck. I am also still unable to run iTune or Malwarebytes or restart computer without getting stuck.

I've attacked two reports. One is the Malware detected. The other is the "clean" results that is only clean as far as the 22k files scanned.

What should I do next?
 

Attachments

  • 2016.05.02-18.07.58-i0-t92-d14.txt
    11.3 KB · Views: 2
  • 2016.05.02-18.39.49-i0-t92-d0(2).txt
    796 bytes · Views: 3

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

ParallelPain

New Member
Thread author
May 2, 2016
11
So like before, it is still stuck. I left it and went to work and came back and it is still stuck.
I've attached the generated files. But again I don't know how accurate they are because the scan is stuck.

Also I found another symptom. I can't access Microsoft Office.
 

Attachments

  • Addition.txt
    68.1 KB · Views: 2
  • FRST.txt
    101.1 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 

Attachments

  • fixlist.txt
    6.2 KB · Views: 6

ParallelPain

New Member
Thread author
May 2, 2016
11
FRST never move beyond the message "Creating Restore Point. This can take a few minutes, please wait..."
This after multiple tries and a restart.

I went ahead with ZOEK anyway. I put the script, made sure the option is checked, and pressed Run Script as asked.
FRST is still stuck. I can't even click drag to move the window around.

I have not had a response from either programs in over 30 minutes.

Attached is the Fixlog FRST generated. I don't know how accurate it is.
ZOEK has only generated a runcheck.txt in C drive. The file is blank. It can only be opened as a readme (so I guess ZOEK is still open at least).

What should I do? Should I force close both tools from Task Manager and try again?

One more symptom found. When restarting the computer I decided to wait when it got stuck. After being stuck a few minutes, it gave me a Driver State Power Failure before forcing a restart itself.
 

Attachments

  • Fixlog.txt
    6.6 KB · Views: 2

ParallelPain

New Member
Thread author
May 2, 2016
11
Reporting no change from over 6 and a half hours ago. So still no log from ZOEK.

I have to go to work now. I will try after. But just want to let you know I was not able to enter 2 days ago due to being unable to restart properly.
 

ParallelPain

New Member
Thread author
May 2, 2016
11
So because shift click restart doesn't work (I tried again to make sure) I went to msconfig to change setting to boot into safe mode.

But now it just gets stuck forever loading.

Using F8 or shift F8 don't work either.

I am trying to boot to safe mode from recovery USB I made from my tablet, but so far no luck.

What do I do now? Now I can't even access the computer.

I'll keep trying to get into safe mode.
 

ParallelPain

New Member
Thread author
May 2, 2016
11
I am running out of options. USB boot don't give me the option of restart to safe mode. System Restore doesn't work (error 0x80070002). Startup Repair just gets stuck doing diagnosis (no movement after 3 hours). And I don't have CD to use System Image Recovery.

Only thing left is command prompt. Is there something I can type into command prompt to change msconfig boot option to not boot to safe mode?

Right now the only thing I could do that I couldn't before is shut down the computer from advanced options.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top