Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: posting logs for malware help

  1. #11
    Junior Member
    Join Date
    Jan 2006
    Posts
    29

    Default

    Quote Originally Posted by Juliet View Post
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    FRST fix log below. Anything else? Very happy to get my PC cleaned up. Can't believe how much garbage was out there.

    Joe

    Fix result of Farbar Recovery Scan Tool (x86) Version:05-11-2015
    Ran by Dad (2015-11-06 17:20:50) Run:4
    Running from C:\Documents and Settings\Dad\Desktop
    Loaded Profiles: Dad (Available Profiles: Dad & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\sys7y6\GeeGo.exe
    C:\sys7y6\gojoee.exe
    C:\sys7y6\syswin7u8.exe
    C:\winxz100598228412mkeo\100598228412mkeo\100598228412mkeo.exe
    D:\Downloads\mom\PowerDVD 6.0.01102\PowerDVD 6 Deluxe - Key -.exe
    C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\extensions\{44c81f55-fe84-4145-8f1c-0da2c7ea8500}.xpi
    C:\Documents and Settings\Dad\Desktop\Old Firefox Data\r26vc2ze.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
    D:\Downloads\ipscan.exe
    D:\Downloads\soldering_desoldering
    D:\Downloads\winrarSetup.exe
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\sys7y6\GeeGo.exe => moved successfully
    C:\sys7y6\gojoee.exe => moved successfully
    C:\sys7y6\syswin7u8.exe => moved successfully
    C:\winxz100598228412mkeo\100598228412mkeo\100598228412mkeo.exe => moved successfully
    D:\Downloads\mom\PowerDVD 6.0.01102\PowerDVD 6 Deluxe - Key -.exe => moved successfully
    C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\extensions\{44c81f55-fe84-4145-8f1c-0da2c7ea8500}.xpi => moved successfully
    C:\Documents and Settings\Dad\Desktop\Old Firefox Data\r26vc2ze.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi => moved successfully
    D:\Downloads\ipscan.exe => moved successfully
    D:\Downloads\soldering_desoldering => moved successfully
    D:\Downloads\winrarSetup.exe => moved successfully
    EmptyTemp: => 211 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 17:22:43 ====

  2. #12
    Junior Member
    Join Date
    Jan 2006
    Posts
    29

    Default

    Quote Originally Posted by joemagiera View Post
    Anything else?
    Should I now do the CKScanner step you mentioned in the previous reply?

    Joe

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Yes please.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Junior Member
    Join Date
    Jan 2006
    Posts
    29

    Default

    CKScanner log below. Anything else?

    PC appears to be working normally, in fact (probably my imagination), maybe even a little faster than before the virus.

    Joe

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.GONAUZ
    ----- EOF -----

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    PC appears to be working normally, in fact (probably my imagination), maybe even a little faster than before the virus.
    Thats always good to hear.

    Since this is a Windows XP machine I have an article I would like for you to read.
    Important information regarding Windows XP

    ~~~~~~~~~~~`

    Time to remove tools and quarantine folders.

    DelFix
    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
      ~~~~~~~~~~
    • Remove disinfection tools
      ~~~~~~~~~~
    • Click the Run button.
    • -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    ~~~~~~~~~~~


    The following programmes come highly recommended in the security community.
    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Jan 2006
    Posts
    29

    Default

    Quote Originally Posted by Juliet View Post
    Since this is a Windows XP machine I have an article I would like for you to read.
    Please download DelFix and save the file to your Desktop.
    Sorry was slow on this step. Downloaded and ran DelFix. Read the XP article. Thanks for the recommendations on the other tools.

    Thanks again for all your help. If there are any final steps, let me know.

    Below is the Delfix log (even though you didn't ask for it).

    Joe

    # DelFix v1.011 - Logfile created 08/11/2015 at 15:55:05
    # Updated 18/08/2015 by Xplode
    # Username : Dad - JOE
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\Documents and Settings\Dad\Desktop\FRST-OlderVersion
    Deleted : C:\Documents and Settings\Dad\Desktop\AdwCleaner.exe
    Deleted : C:\Documents and Settings\Dad\Desktop\AdwCleaner[C2].txt
    Deleted : C:\Documents and Settings\Dad\Desktop\CKScanner.exe
    Deleted : C:\Documents and Settings\Dad\Desktop\esetsmartinstaller_enu.exe
    Deleted : C:\Documents and Settings\Dad\Desktop\Fixlog.txt
    Deleted : C:\Documents and Settings\Dad\Desktop\Fixlog_1.txt
    Deleted : C:\Documents and Settings\Dad\Desktop\FRST.exe
    Deleted : C:\Documents and Settings\Dad\Desktop\JRT.exe
    Deleted : C:\Documents and Settings\Dad\Desktop\JRT.txt
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\Addition.txt
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\AdwCleaner.exe
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\aswMBR.exe
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\aswMBR.txt
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\CKScanner.exe
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\esetsmartinstaller_enu.exe
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\FRST.txt
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\JRT.exe
    Deleted : C:\Documents and Settings\Dad\My Documents\Downloads\MBR.dat
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

    ########## - EOF - ##########

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Joe
    We're finished.

    Safe Surfing
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •