Malware infection.

Xen12 · 16 Jun 2013

Hi, so this all started when I clicked on a Shipment Label.exe that arrived on my email, impersonating FedEx, a minute later, I get hit by a Malware denying me internet. So, I start by running Avira which didn't find anything.
So, I go onto my laptop to see what I can do, after that, I restart my computer, I run Safe Mode, I download Microsoft System Scanner, finds 3 infected files and gets rid of them. I go to sleep thinking of everything is fine. The next morning I turn on my computer, and I'm in, I open the browser which gave me a huge relief, less than 3 minutes in, And it's back, closes the browser, and denies me access, at this point, I run safe mode again, run the Microsoft System Scanner, which surprisingly shows no infected files, to which I immediately begin to think that the Malware is more of " Under the radar" kinda thing. So it finishes. Now my other option is that I do a System Restore which will put it a few months back. I tried doing one yesterday but it closed preventing me from doing a Restore, Im thinking of doing the Restore on Safe Mode but Im thinking the System restore might've been infected already and will do more harm. So, fellow forum warriors, I ask for thee. What are my options?

VistaKing · 16 Jun 2013

Xen12

Download FRST from the link below . Either in Safe Mode with Networking if possible or download it from a working PC

64-Bit Version OS

Farbar Recovery Scan Tool x64

If you could download FRST64.exe from Safe Mode with Networking drag the file from the Downloads folder to your Desktop .

From the Desktop :

Right-click on FRST64.exe choose
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt) both logs should be on the Desktop

If you can't Download it inside Safe Mode . Download the file from a non infected PC and save it to your USB Flash Drive and follow the instructions below .

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter

Note

Replace letter X with the drive letter of your flash drive.

Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)

ICIT2LOL · 16 Jun 2013

hiyya mate try TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US

and

http://www.superantispyware.com/

http://www.malwarebytes.org/products/malwarebytes_free/

http://www.bleepingcomputer.com/download/adwcleaner/

download ADW from bleeping computer

Xen12 · 16 Jun 2013

I`ve solved the problem, I ran Malware Bytes through Safe Mode, found a total of 5 infected files and removed them. I restarted the computer, ran another scan, and no files have been detected, my browser works fine, thank you for the help, I will keep this as a reference!

ICIT2LOL · 16 Jun 2013

Good stuff Xen keep them all for permanent use mate I keep taskbar icons for MBAM, SAS and CCleaner and run them on a regular basis and after all they are free.:)

CCleaner is really good stuff if you don't have it already CCleaner - Download

cottonball · 16 Jun 2013

Xen12,

Based on the information you provided in your initial post, as an added measure of precaution, will you open Malwarebyte's Anti-Malware once again, go to the Logs tab, and provide the report that has the files found?

Running scans without analyzing their results is a risky business.
You need to make sure there is not something there than can cause problems in the future.

Also, with no ofense intended to ICit2lol, but, at his point there is no evidence of malware that would require the use of TDSSKiller. Basically, it addresses the TDL threat. The use of this tool here is not recommended.

jumanji · 16 Jun 2013

Xen12 said:

I`ve solved the problem, I ran Malware Bytes through Safe Mode, found a total of 5 infected files and removed them. I restarted the computer, ran another scan, and no files have been detected, my browser works fine, thank you for the help, I will keep this as a reference!

Till 24 Jun, you can buy MalwareBytes Pro at 20% discount.

https://www.sevenforums.com/general-d...24-2013-a.html

( I did and at a whopping 65% discount probably because of my location and it immediately found Trojan Vundo. I was surprised. I had just before installing MalwareBytes Pro, run the Jun Windows update Malicious Software Removal tool, had updated Microsoft Security Essentials and run a quickscan. I am still wondering why MSE didn't get it.)

ICIT2LOL · 17 Jun 2013

cottonball said:

Xen12,

Based on the information you provided in your initial post, as an added measure of precaution, will you open Malwarebyte's Anti-Malware once again, go to the Logs tab, and provide the report that has the files found?

Running scans without analyzing their results is a risky business.
You need to make sure there is not something there than can cause problems in the future.

Also, with no ofense intended to ICit2lol, but, at his point there is no evidence of malware that would require the use of TDSSKiller. Basically, it addresses the TDL threat. The use of this tool here is not recommended.

No offence taken CB I just slipped it in as I was not aware of what you pointed out.

Myself for the MBAM Pro I run Kaspersky ISS and find the KIS doesn't really like the Pro but thats just my machines.

Malware infection.

Malware infection.

Problem Solved!