Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malawarebytes removed Astromenda but what damage has been left?

22 Oct 2014   #31
Jay1978

Windows 7 Professional
 
 

C:\Users\Jason Mayor\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Jason Mayor\Downloads\Adobe_Flash_Setup.exe a variant of Win32/InstallCore.QH potentially unwanted application




those are the results of the scan....


My System SpecsSystem Spec
.
22 Oct 2014   #32
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Quote   Quote: Originally Posted by Jay1978 View Post
BTW thank you very much for assisting me. I can see this can be a big nightmare. What makes you guys want to do this?
Hi Jay,

Sorry for the delay. Very long work days for me lately.......

You're most welcome! Why do we want to do this? I do this to give back what other having given to me. Kind of like paying the favor forward. There is nothing more rewarding than helping someone who can not pay you back.

The MBAM log looks really good!

Did ESET ever run a full scan? The log can also be found > C:\Program Files\ESET\EsetOnlineScanner\log.txt Check in that location and see if a log was saved. Please post it if there was.

It appears that ESET does not like your Weather Channel app because it is bundled with the Ask toolbar.

The other file is just the setup file for Adobe Flash that is in your downloads folder.

How is your system behaving? What other issues are you experiencing?
My System SpecsSystem Spec
22 Oct 2014   #33
Jay1978

Windows 7 Professional
 
 

Well I thank you.

I dont think the problem is completely solved.
  • Startup takes a while when it used to take seconds.
  • Upon start up the screen was completely black for about a minute.
  • Also the fan continues to run high and hot for a bit. Seems to have cooled down now. Fan never used to run at all basically.

I believe the issue started and restarted when I wanted to install Adobe flash. I think that file is the infection or whatever. Some pages tell me I need Flash but i do not want to try and install that again.

In addition on this restart I saw an Astromenda logo on my Mozilla browser. I attached a photo of it.

I think processes and programs are still shut down and screwed up. What are you thoughts?
My System SpecsSystem Spec
.

22 Oct 2014   #34
Jay1978

Windows 7 Professional
 
 

ESET ran and I cannot find it in program files. I have attached what I think was the log. PLease advise.


Attached Files
File Type: txt scan eset.txt (321 Bytes, 4 views)
My System SpecsSystem Spec
22 Oct 2014   #35
Jay1978

Windows 7 Professional
 
 

This is the photo of that logo. Now when I open a Mozilla page it starts with a blank tab and that Astromenda on the bottom. And Malawarbytes jsut started blocking those sites again.


Attached Thumbnails
Malawarebytes removed Astromenda but what damage has been left?-20141022_223809_resized.jpg  
My System SpecsSystem Spec
22 Oct 2014   #36
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Let's get a second opinion with the following tool.

Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You will need to download the 64-bit version
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    Please post the following logs found on your desktop:
    FRST.txt
    Addition.txt


    It's getting late and I have to be up early for work. I'll check back in the morning.
My System SpecsSystem Spec
23 Oct 2014   #37
Jay1978

Windows 7 Professional
 
 

I have not done the Farbar yet but attached are the scan logs for another ESET and MBAM. Its def still in the system as you can see. Will do Farbar tonight. Any new recomendations based on the two attached scans? SHould I have it quarantined? Thanks,


Attached Files
File Type: txt eset scan 2.txt (321 Bytes, 4 views)
File Type: txt malaware log 1023.txt (49 Bytes, 5 views)
My System SpecsSystem Spec
23 Oct 2014   #38
andrew129260

Windows 10 Pro
 
 

If I may interject here, I would also like to see the output of this scan:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I/donnab will advise if anything needs removed when I/we receive the log.

Attached Images
My System SpecsSystem Spec
25 Oct 2014   #39
Jay1978

Windows 7 Professional
 
 

scans of farbar are attached


Attached Files
File Type: txt FRST.txt (44.8 KB, 16 views)
File Type: txt Addition.txt (28.4 KB, 3 views)
My System SpecsSystem Spec
25 Oct 2014   #40
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Jay,

Thank you for the logs. Quickly scanning over the FRST log I see that you have a trojan that resides in the registry called poweliks. This bad boy is a persistent piece of malware. Please give me a bit of time to research what I found to verify which variant is present in the registry so we can remove appropriately without issue.

Please do not try to remove this on your own in my absence. Back as soon as possible.
My System SpecsSystem Spec
Reply

 Malawarebytes removed Astromenda but what damage has been left?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Astromenda virus
I did something bad. Somehow I downloaded the Astromenda virus that is installed in my Startups and has attached itself to Chrome. I uninstalled Chrome and reinstalled it. I tried to track it down and came up with the attached info. I finally found it in msconfig/Startup and unchecked it; it's...
System Security
Want Related Items pop up at left side of screen removed.
Hi, I have a problem.......every time I go on to a page or thread (on any forum) I get a pop up at the left side of the screen that says "related searches" and contains about 4 or 5 items probably related to the thread I'm viewing but do not want to have as it blocks out at least 1/5 of the screen....
General Discussion
malawarebytes antimalware will not start up
I have found the program Malawarebytes Antimalware to be most useful and I bought the full version. This morning I gave a technician access to my computer and he reviewed my files and offered me a service for $190, which I declined. He looked at my Malawarebytes antimalware set up and remarked it...
System Security
Desktop shifted left and cutoff on left side Win7 64bit Raedon HD 46xx
Hello, I have a strange problem. I recently had to move my graphics card from one slot to another on my motherboard. When I did so, my desktop appeared to be shifted over to the left and that the left most part of the desktop would not display. I tried to use my TV controls to shift the...
Hardware & Devices
Login name removed after ransom virus removed
Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user...
General Discussion
White noise on left speakers/left side of headphone
There's this annoying white noise on my left speakers(Logitech X-540 Speakerset), though I think it's not my speakers that are causing it, but something else, because when I connect my iPod to my speakers there's no white noise. So I was wondering if anyone could tell me how to get rid of this...
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:50.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App