No way to get rid OMIGA-Plus malware

[djtarek]

Thank you
Many items were detected and deleted.
Use your computer as normal without extra activities. Then please give me an update on how it is acting.

Hi Juliet.
I used normaly my computer with Internet Explorer only. No problem.
This morning, without having restarted the computer, I have a "Microsoft Guenine Warning" displayed.
I use an ASUS X501A Laptop with preinstalled Windows 7 also available on a hidden partition with valid licence.
For information, I was always able to make automatically the window updates.
But this time, I guess my sytem will be blocked (by Microsoft) at the next restart.
I guess important system files have been altered/blocked with last scan (as suggest Microsoft online help).
I don't know how to restore them from Malwarebytes (and which ones).
Of course, I can recovery OS by pressing "F9" to access the hidden partition.
To avoid this final solution (that's why I'm disturbing you on this forum), you may find a trick to solve this issue.
Find attached all Malwarebytes Logs and screeshots for the Guenine warning.
Kind Regards,
DJ. Tarek, France.

[Juliet]

Also please download Windows Repair (all in one) from here


Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:




NEXT
On the the Start Repairs tab => Click the Start



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):


Click on box next to the Restart System when Finished. Then click on Start.

[djtarek]

Also please download Windows Repair (all in one) from here

You save my laptop !
I will follow your last advise to restore corrupted system files.
I just hope my computer will not be restarted at home.
I would like to say I've noticed these lines on Malwarebytes Log

Protection, 28/01/2015 20:27:55, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/01/2015 20:28:30, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, Started,
Detection, 28/01/2015 20:58:50, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, IP, 176.103.48.36, 49684, Outbound, C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe,
Detection, 28/01/2015 20:58:51, SYSTEM, UTILISATEUR-PC, Protection, Malicious Website Protection, IP, 176.103.48.36, 49684, Outbound, C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe,
...


176.103.48.36 > UKRAINE (??)
rassstp.exe > supposed to be a Microsoft Process
C:\Program Files (x86)\Miniport WAN SSTP\rassstp.exe > not to seem an official Microsot path

Question : Should we remove all this folder ?

DJ. Tarek, France

[Juliet]

At this time please allow MBAM to continue to block it.

VPN connections?

http://www.bleepingcomputer.com/foru...miniport-sstp/
"Just disable the miniport if you want, do not try to uninstall it."
It is part of the network drivers and you can't properly uninstall it. You can just
ignore it.

Or go into MBAM settings
Notifications and set to disabled

[djtarek]

At this time please allow MBAM to continue to block it.

VPN connections?

http://www.bleepingcomputer.com/foru...miniport-sstp/
"Just disable the miniport if you want, do not try to uninstall it."
...

Hi Juliet
Sorry for the late of my feedback.
I don't use vpn on my computer.
All issues on my computer seem to be solved.
After 2 restarts, there is neither malwares detection nor guenine warning.
I did not uninstall wan-miniport.
Please to see the last Log of MBAM.
adwcleaner does not detect any threat from now on.
Of course, I'm wondering what is the best antimalwares of the world,
as I had to use many of them with your advices to get rid omiga-plus (what a bitch!).
Undoubtedly, you are the best!
Thank you a lot.
DJ. Tarek, France

[Juliet]

Thank you for all the kind words, C'était mon plaisir merci

As for the best antimalwares in the world....what we recommend is layered protection.

I'll get to that. First, let's remove tools and quarantine folders then I will give recommendations.


DelFix

• Please download DelFix
  or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
  
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  
  
• Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~`

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malwareby quietman7, MVP
  

The following programmes come highly recommended in the security community.

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
• SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.