Malware infection.

X

Xen12

New member
Member
Local time
11:15 PM
Messages
42
Hi, so this all started when I clicked on a Shipment Label.exe that arrived on my email, impersonating FedEx, a minute later, I get hit by a Malware denying me internet. So, I start by running Avira which didn't find anything.
So, I go onto my laptop to see what I can do, after that, I restart my computer, I run Safe Mode, I download Microsoft System Scanner, finds 3 infected files and gets rid of them. I go to sleep thinking of everything is fine. The next morning I turn on my computer, and I'm in, I open the browser which gave me a huge relief, less than 3 minutes in, And it's back, closes the browser, and denies me access, at this point, I run safe mode again, run the Microsoft System Scanner, which surprisingly shows no infected files, to which I immediately begin to think that the Malware is more of " Under the radar" kinda thing. So it finishes. Now my other option is that I do a System Restore which will put it a few months back. I tried doing one yesterday but it closed preventing me from doing a Restore, Im thinking of doing the Restore on Safe Mode but Im thinking the System restore might've been infected already and will do more harm. So, fellow forum warriors, I ask for thee. What are my options?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway
OS
Windows 7 64bit
CPU
Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Motherboard
Gateway H57M01
Memory
8.00 GB
Graphics Card(s)
ATI Radeon HD 5570
Sound Card
(1) ATI High Definition Audio Device (2) Realtek High Defi
Monitor(s) Displays
Gateway FHX2300
Screen Resolution
1920 x 1080
Hard Drives
(1) Hitachi HDT721010SLA360 (2) Generic- Compact Flash USB Device (3) Generic- MicroSD USB Device (4) Generic- SD/MMC USB Device (5) Generic- xD-Picture USB Device
PSU
LiteOn 12v2 Rails 130 Watts
Case
Gateway Case 140mm Fan
Cooling
Don't know
Browser
Chrome
Xen12


Download FRST from the link below . Either in Safe Mode with Networking if possible or download it from a working PC

64-Bit Version OS :ar: Farbar Recovery Scan Tool x64

If you could download FRST64.exe from Safe Mode with Networking drag the file from the Downloads folder to your Desktop .

:ar: From the Desktop :

  • Right-click on FRST64.exe choose
    mawket.jpg
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file
  • Please copy and paste both logs in your reply.(FRST.txt and Addition.txt) both logs should be on the Desktop

If you can't Download it inside Safe Mode . Download the file from a non infected PC and save it to your USB Flash Drive and follow the instructions below .


Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select Repair Your Computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:

  • Startup Repair

  • System Restore

  • Windows Complete PC Restore

  • Windows Memory Diagnostic Tool

  • Command Prompt

Select Command Prompt

In the command window type X:\FRST.exe (for x64 bit version type X:\FRST64.exe) and press Enter
   Note
Replace letter X with the drive letter of your flash drive.

   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code: 
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)
 

My Computer

Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Problem Solved!

I`ve solved the problem, I ran Malware Bytes through Safe Mode, found a total of 5 infected files and removed them. I restarted the computer, ran another scan, and no files have been detected, my browser works fine, thank you for the help, I will keep this as a reference!
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway
OS
Windows 7 64bit
CPU
Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Motherboard
Gateway H57M01
Memory
8.00 GB
Graphics Card(s)
ATI Radeon HD 5570
Sound Card
(1) ATI High Definition Audio Device (2) Realtek High Defi
Monitor(s) Displays
Gateway FHX2300
Screen Resolution
1920 x 1080
Hard Drives
(1) Hitachi HDT721010SLA360 (2) Generic- Compact Flash USB Device (3) Generic- MicroSD USB Device (4) Generic- SD/MMC USB Device (5) Generic- xD-Picture USB Device
PSU
LiteOn 12v2 Rails 130 Watts
Case
Gateway Case 140mm Fan
Cooling
Don't know
Browser
Chrome
Good stuff Xen keep them all for permanent use mate I keep taskbar icons for MBAM, SAS and CCleaner and run them on a regular basis and after all they are free.:)

CCleaner is really good stuff if you don't have it already CCleaner - Download
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Xen12,

Based on the information you provided in your initial post, as an added measure of precaution, will you open Malwarebyte's Anti-Malware once again, go to the Logs tab, and provide the report that has the files found?

Running scans without analyzing their results is a risky business.
You need to make sure there is not something there than can cause problems in the future.

Also, with no ofense intended to ICit2lol, but, at his point there is no evidence of malware that would require the use of TDSSKiller. Basically, it addresses the TDL threat. The use of this tool here is not recommended.
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Xen12 said:
I`ve solved the problem, I ran Malware Bytes through Safe Mode, found a total of 5 infected files and removed them. I restarted the computer, ran another scan, and no files have been detected, my browser works fine, thank you for the help, I will keep this as a reference!
Click to expand...

Till 24 Jun, you can buy MalwareBytes Pro at 20% discount.

http://www.sevenforums.com/general-...arebytes-pro-20-off-until-june-24-2013-a.html

( I did and at a whopping 65% discount probably because of my location and it immediately found Trojan Vundo. I was surprised. I had just before installing MalwareBytes Pro, run the Jun Windows update Malicious Software Removal tool, had updated Microsoft Security Essentials and run a quickscan. I am still wondering why MSE didn't get it.)
 

My Computer

OS
Windows 7 Home Premium 32 bit
cottonball said:
Xen12,

Based on the information you provided in your initial post, as an added measure of precaution, will you open Malwarebyte's Anti-Malware once again, go to the Logs tab, and provide the report that has the files found?

Running scans without analyzing their results is a risky business.
You need to make sure there is not something there than can cause problems in the future.

Also, with no ofense intended to ICit2lol, but, at his point there is no evidence of malware that would require the use of TDSSKiller. Basically, it addresses the TDL threat. The use of this tool here is not recommended.
Click to expand...
No offence taken CB I just slipped it in as I was not aware of what you pointed out.

Myself for the MBAM Pro I run Kaspersky ISS and find the KIS doesn't really like the Pro but thats just my machines.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
You must log in or register to reply here.

Similar threads

Solved Help Please! All System Restore Points Are Gone.
Replies
4
Views
939
BILL 143
B
Solved Received BSOD on 04/19/26 after istalling manual windows update
Replies
9
Views
4K
torchwood
torchwood
Problem with Windows Explorer crashing
Replies
11
Views
2K
Gwaihir
Gwaihir
Unable to login to Rustdesk public server, Windows 7 32-bit
Replies
2
Views
2K
spapakons
spapakons
programs stopped working
Replies
1
Views
2K
Aardvarkly
Aardvarkly
Back
Top