Banyan Malware can not be removed by system

Status
Not open for further replies.
Our recommendation is to remove this program.
Yet Another Cleaner!
Remove it using the Add/Remove programs

Let me supply you with known good antivirus tools.

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

~~~~~~~~~
Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop and select PASTE
Farbar Recovery Scan Tool should now be on your desktop.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

FRSTfix.JPG



start
CloseProcesses:
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\...\Winlogon: [Shell] - <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1210306022-1181859764-3225192987-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> {035707D0-FAF1-4D36-8C40-C6734EB967DF} URL =
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-28] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-28] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [51880 2014-10-26] (Elex do Brasil Participações Ltda)
2015-01-21 09:04 - 2015-01-21 09:04 - 00001930 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\YAC.lnk
2015-01-21 09:04 - 2015-01-21 09:04 - 00001924 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-01-21 09:04 - 2015-01-21 09:04 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-21 09:04 - 2014-10-28 06:31 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2015-01-21 09:04 - 2014-10-26 21:02 - 00051880 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-21 09:02 - 2015-01-21 09:02 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Elex-tech
2015-01-21 09:01 - 2015-01-21 09:02 - 16474920 _____ (Elex do Brasil Participações Ltda) C:\Users\Tim\Downloads\yet_another_cleaner_cnt.exe
C:\ProgramData\adwcleaner_4.106.exe
C:\Users\Tim\AppData\Local\Temp\jre-8u31-windows-au.exe
EmptyTemp:
End
Click to expand...

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~``

Download Malwarebytes' Anti-Malware to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"






  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Dections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/22/2015
Scan Time: 4:45:38 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415461
Time Elapsed: 8 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Adware.Finix, C:\Users\Tim\Downloads\Comcast_Desktop_Software_1401.exe, , [6c0767938603cd69ccb54bc7e022f10f],

Physical Sectors: 0
(No malicious items detected)


(end)
 
Fixlog.txt ?

Since we have removed some malicious files, how's the computer?
 
Ty ty

Thank you thank you very much! Sorry about the multiple posts, I have trouble focusing and with short term memory since stroke:heart:
 
katok said:
Thank you thank you very much! Sorry about the multiple posts, I have trouble focusing and with short term memory since stroke:heart:
Click to expand...

Your doing fine.

How's your computer now?


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
 
ESET Scan logs

I ran the scans, but I may have inadvertently taken some action. I may have been on a different menu then you were referring to, it did not have ticks for "take no action but instead had a slide scale action, no action, which I chose. Found variant of Win32/Elex.as. Software said it "cleaned file because it contained body of infection"? Since I am out of my arena, I will turn this over to you to determine how badly I performed. The Smartscan log is too big to upload:red:
 

Attachments

was the file you posted, come from the Eset Online scan?
From what I can tell it actually found a quarantine folder which we will remove in the end.

Tell me how the computer is now.
 
Eset log fle

Juliet said:
was the file you posted, come from the Eset Online scan?
From what I can tell it actually found a quarantine folder which we will remove in the end.

Tell me how the computer is now.
Click to expand...

Juliet - No it came from Eset Nod32 AV 0 day tral software. When I did the Eset Online Scan it started without any input by me. Knowing that I needed to have options ("No action") I stopped scan looked for opportunity to alter setting,found none, then installed trial version. Ran SmartScan. Sent First scan results.
 
OK, I went back over the logs and right now things look good.

The scan produced the same file which is held in FRST quarantine.

You can keep the trial antivirus or you can uninstall it and chose one from this list.

Let me supply you with known good antivirus tools.

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

~~~~~~~~~~~~~~~~~~`

Let's remove the tools I had you download and their quarantine folders.

AFZxnZc.jpg
DelFix
  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
  • Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
Are you working with a wireless mouse?, and if so is your touchpad listed as on?


Some of the tools I'll list to use might not work on Windows 8.1
Try each one, if they wont work go to the next


Please download ServicesRepair and save it to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.

  • After restart wait a few minutes until the system settled down.


~~~~~~~~~~~~

Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.

Checkmark the following check-boxes:


List last 10 Event Viewer log
List Devices
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Also, have you experimented to see if these issues still happen in safe?
 
Issues

I am not using wireless mouse and problem has gone away after Restart and Windows Update. Might of run out of memory? Just to be sure - I have not cleaned up the infected files found by ESET Will install tools above if problem returns in future
 
Good
The Delfix tool will take out the FRST tool and quarantine folder.

Use the computer for a while and post back to let me know if anything else pop ups.
 
Status
Not open for further replies.
Back
Top