PDA

View Full Version : Instashare got me too!



yipwj
2014-09-20, 19:38
Hi, I caught this persistent malware about 5 days ago, and tried every way possible, until I came cross this website this evening. Thank to ken545 for his reply (I registered just to say this).

Like TheJDawg, I needed to use Combofix.exe, using ken545's CFscript, after identifying the malware file (for me, it was vSEFuPto.exe). For reference, the antivirus scan result for me is here:

https://www.virustotal.com/en/file/52c534b3b004149880f7927bf33676abad55eaed64ed5d54494925b3fc543ab2/analysis/

Super work, and timely too! Thanks for helping me get rid of this sickeningly persistent malware!

ken545
2014-09-20, 20:44
:snwelcome:

FYI .... all the scans and scripts we run are just for that user, running a script for FRST or especially Combofix that wasn't written for you and your system can sometimes to irreversible damage


If you would like to double check and make sure this pest is gone as sometimes it brings other garbage with it then run both these scans and post the logs please

http://i.imgur.com/1QYkxTZ.jpg Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================




Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties



Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.