As this issue appears to be resolved this thread is now closed.
Type: Posts; User: JonTom; Keyword(s):
As this issue appears to be resolved this thread is now closed.
Hello diane7
Lets try it manually:
Please make all files and folders VISIBLE:
Close all open programs.
Hello diane7
You are Very Welcome Diane :bigthumb:
A very good question. Malware can (and quite often does) hide in system restore points. However, no infected points were detected when you...
Hello diane7
You certainly did :)
All of those detections are for things that have been quarantined by various applications. They cannot harm your machine from their present location.
Having...
Hello diane7
Thank you for the logs.
Lets remove your outdated Java. Once we have taken care of that we will run an online scan to check for anything that may have been missed.
Please...
Hello diane7
Thats good :)
Please re-scan your machine with DDS as requested and post the new logs for me to review.
Hello diane7
Thats very odd. A slight delay can sometimes happen but 20 minutes is a little long....
Are you able to boot the machine normally now? Is it still taking a long time to boot?
Hello diane7
Thank you for the logs.
Lets continue as follows:
Temporary File Cleaner
Thread re-opened at Users request.
Due to inactivity, this topic has been closed.
If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).
Everyone...
Are you still with me?
Due to lack of response, this topic is now closed. If you need continued support, please begin a new thread.
Hello diane7
No problem, we will continue when you get back :bigthumb:
Hello diane7
The Junkware Removal Tool is not malicious. It has been used many times without incident.
As for the Combofix log, let try to find it like this:
Navigate to your C drive and...
Hello diane7
I'm back :)
We need to use Combofix again, but this time we will be running it in a slightly different way.
Please work through the following steps
Hello diane7
You did it right :)
Thats nothing to worry about. Simply reboot the machine a couple of times and that message will go away.
I will get back to you later on today with the next...
Do you still need help?
Hello diane7
Thank you for the log :)
If this machine is used to perform any kind of financial transactions please use an uninfected machine to change your passwords as soon as you can.
...
Hello diane7
No problem at all.
Simply copy and paste it piece by piece into multiple posts. If you need to make lots of posts thats fine.
If you need any further help just let me know :)
Hello diane7
Thats okay, just temporarily disable your Norton product and re-run the TDSSKiller scan as described.
Information about how to disable N360 can be found here
Once the scan has...
Hello diane7
Thank you for the attach.txt and for aswMBR.
Was that all the TDSSKiller scan produced? It looks as though the log may have been cut off. Please re-check to see if there is any...
Hello diane7 and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any...
Hello dEkxz and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any...
You are Very Welcome :)
As this problem appears to be resolved this topic is now closed.
Best wishes,
JonTom
Hello drcurious
Thats good news :) Provided you are no longer having any problems we can remove our tools.
Before we do so:
Foistware
Hello drcurious
Lets take care of those detections:
Please make all files and folders Visible:
Click "Start" Go to My Computer-> Tools-> Folder Options-> View tab:
Choose to "Show...
Hello drcurious
McAfee is known to draw heavily on system resources so thats why your system may be slowing. Your system logs indicate that you presently have around 500 MB of free RAM available....
Hello drcurious
Me too :) the file does not appear in your DDS logs, nor was it removed by Combofix and as you mentioned it was not picked up by systemlook.
How is the machine running in...
Hello drcurious
Thank you for the log.
Is WUAUDIT.EXE still showing in your task manager?
Lets take a look for it with the following:
Please download SystemLook by JPShortstuff
Hello drcurious
Thank you for the logs.
Combofix
Download ComboFix from one of the following locations:
Link 1
Hello drcurious and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at...
No problem :)
Since this problem appears to be resolved this topic is now closed.
Glad we could help :)
Best wishes
JonTom
Hello Triode
Good. Provided the machine is running well it looks like there is nothing to worry about :)
Hello Triode
Allow avast to deal with those detections then run the scan again.
Let me know how things are running in your next reply.
You're Welcome Triode, and a Very Merry Christmas to you too.
Best wishes,
JonTom
Hello Triode
You are Very Welcome :)
You can if you wish, but nothing in those folders can cause harm to your machine.
I advise you to keep all files and folders relating to ERUNT. ERUNT...
Hello Triode
That aswMBR log looks much better. The detection was a false positive as suspected.
Provided you are no longer having any problems we can remove our tools.
You no longer need...
Hello Triode
Good job with OTL. That has taken care of the orphan :bigthumb:
Now to address the potential false positive.
Please Uninstall Combofix
Hold down the Windows key (has the...
Hello Triode
Thank you for the log.
Please open OTL
Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.
Hello Triode
That malicious orphan is starting to annoy me.
Lets try this:
Download and run OTL by Oldtimer
Hello Triode
Thats good :)
If you did not have your other hard drives and your phone plugged in when the scans were run then no. Once we are sure that your machine is malware free you can...
Hello Triode
I think the aswMBR detection may possibly be a false positive.
We'll deal with that in a moment. Right now we have some leftovers to take care of:
Please work through the...
Hello Triode
Yes, everything that has been detected is being held in quarantine.
Please post a new set of DDS scan logs and let me know how the machine is running now.
Hello Triode
Thank you for the logs.
Lets continue with the following:
MalwareBytes AntiMalware:
Hello Triode
Thank you for the scan data.
Those files are infected. We will take care of that now. We need to use Combofix again but this time, we will be running it in a slightly different...
Hello Triode
Thank you for the log.
With rootkit infections we are unable to give you a guarantee that the machine will ever be secure after cleaning due to the nature of the infection.
...
Hello Triode
Thank you for the logs.
That confirms Pihar has been removed :bigthumb:
Lets continue with the following:
Combofix
Hello Triode and :welcome:
My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any...
Since this problem appears to be resolved this topic is now closed.
Glad we could help :)
Best wishes
JonTom
Hello leejames75
I am a member at WTT and you will receive excellent Tech Assistance there.
You are Very Welcome :)
Best wishes,
JonTom