New
#11
Do you remember the name of the Tojan?
What Antivirus are you using?
Are you running x64 or x86 .... ? We need to know your computer specs, please.
Last edited by Jacee; 22 Sep 2015 at 11:38. Reason: wrong number
Do you remember the name of the Tojan?
What Antivirus are you using?
Are you running x64 or x86 .... ? We need to know your computer specs, please.
Last edited by Jacee; 22 Sep 2015 at 11:38. Reason: wrong number
This is what virus total read on the .exe I really don't wanna install it again I'm not sure of any names.. I may can remember few programs .. Note up.. YTDownloader.. Outbrowser here is the data
Antivirus Result Update
AVG MultiDropper_c.AVTO 20150922
Ad-Aware Application.OutBrowse.J 20150923
Agnitum PUA.OutBrowse! 20150922
AhnLab-V3 PUP/Win32.Installer 20150922
Antiy-AVL GrayWare[AdWare:not-a-virus]/Win32.OutBrowse 20150923
Arcabit Application.OutBrowse.J 20150923
Avast NSIS:OutBrowse-BN [PUP] 20150923
BitDefender Application.OutBrowse.J 20150923
Bkav HW32.Packed.7394 20150922
CAT-QuickHeal AdWare.OutBrowse.r5 (Not a Virus) 20150922
Comodo UnclassifiedMalware 20150922
Cyren W32/Application.ACWP-2462 20150923
DrWeb Trojan.DownLoader14.4218 20150923
ESET-NOD32 Win32/OutBrowse potentially unwanted 20150923
F-Secure Application.OutBrowse.J 20150923
GData Application.OutBrowse.J 20150923
Kaspersky not-a-virusownloader.NSIS.OutBrowse.bp 20150923
Malwarebytes PUP.Optional.Amonetize 20150922
McAfee Artemis!D2B743D87331 20150923
McAfee-GW-Edition Artemis!PUP 20150922
MicroWorld-eScan Application.OutBrowse.J 20150923
NANO-Antivirus Trojan.Win32.DownLoad3.dqapeg 20150923
Panda Generic Suspicious 20150922
Qihoo-360 HEUR/QVM41.2.Malware.Gen 20150923
Sophos Generic PUA IH (PUA) 20150923
Symantec Suspicious.Cloud.2 20150922
Tencent Win32.Trojan.Outbrowse.Wrgh 20150923
VBA32 Downloader.OutBrowse 20150922
VIPRE OutBrowse 20150923
ViRobot Adware.Outbrowse.1794834[h] 20150922
My computer specs
Operating System
Windows 7 Ultimate 64-bit SP1
CPU
AMD Phenom II X4 955 116 °F
Deneb 45nm Technology
RAM
16.0GB Dual-Channel DDR3 @ 799MHz (11-11-11-28)
Motherboard
MSI 870-G45 (MS-7599) (CPU1) 117 °F
Graphics
HP LP1965 (1280x1024@75Hz)
1024MB ATI AMD Radeon HD 5800 Series (Sapphire/PCPartner) 103 °F
Storage
931GB Western Digital WDC WD10EARS-00Y5B1 ATA Device (SATA) 81 °F
29GB SanDisk Cruzer Glide USB Device (USB)
Optical Drives
ASUS DRW-24B1ST ATA Device
DTSOFT Virtual CdRom Device
Audio
VIA High Definition Audio
It looks like you've installed a 'browser hijacker' along with some software you downloaded.
Please download AdwCleaner by Xplode and save to your Desktop.
Step 1.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Step 2.
Using AdwCleaner: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
Please post both .txt logs
The procedure entry point IcmpSendEcho could not be located in the dynamic link library IPHLPAPI.DLL Error from the ADWCleaner.
Let's try a couple of things ... first, flush DNS cache and restore MS's Hosts file.
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click on the .bat file to run it as Administrator. Your computer will restart itself.
Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer Download - Geeks to Go Forum and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser! This will also temporarily eliminate all desktop shortcuts, so just be aware! They will come back after rebooting.
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Manually reboot the machine to ensure a complete clean.
Let me know if that was any help.
I attempted both the .bat and the cleaner still receiving the same error. I tried looking it up via event logger no go
I have also uploaded a copy of my CBS SFC was unable to fix some corrupted files, but dear god I can't understand the massive amount of text. I noticed a few .DLL but hope I could get someone bit more experienced to look at the problem .dll
Last edited by WHYCANTIFIXTHIS; 23 Sep 2015 at 21:26.
I think myself and malware bytes removed most of the injection itself, but I'm not sure what damage it did to within my .dll library there are corrupted windows files. and my windows is not validating or letting me run a windows update.
I'll run a MRT.exe as well
I'll post a tasklist let me know if you see anything strange, only thing I notice a bit off is a schost.exe PID 2360 is taking about 300k of memory