Adlice forum

General Category => Malware removal help => Topic started by: DMG49 on May 16, 2018, 01:33:50 pm

Title: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 16, 2018, 01:33:50 pm
I downloaded something that my antivirus cannot remove. I have tried different anti virus removal programs and rescue disks but virus remains. Any help or suggestions would be great. Thank You.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 17, 2018, 04:27:29 pm
Hi DBG49,

Welcome to Adlice.com Forum.
What makes you think your system is infected ? Could you please attach RogueKiller full scan report with your next reply ?

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 20, 2018, 02:32:55 am
web pages get redirected most times. I lose Internet connection very often. I get popup ads on desktop. Kaspersky warned me that a program was using my laptop camera. I have run multiply anti virus programs (including rogue killer) many times trying to get rid of the infection. most of it is gone but not all. I am not able to run Kaspersky rescue disk from cd or usb because the virus has blocked booting from cd or usb. I can not even run the reimaging software on my computer.

Here is the roguekiller text file.

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/19/2018 08:28:48 (Duration : 00:22:02)

Processes : 2
[VT.Detected] Receivers.exe(7172) -- C:\Program Files (x86)\Gerdes\Receivers.exe[-] -> Found
[VT.Detected] Receivers.exe(6820) -- C:\Program Files (x86)\Gerdes\Receivers.exe[-] -> Found

Registry : 0

Tasks : 0

Files : 1
[PUP.Firefox][File] C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j5tnosjs.default\Invalidprefs.js -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: Micron_1100_MTFDDAK512TBN +++++
--- User ---
[MBR] 7f949192c851047c6f5a8a9079563995
[BSP] 62c2b6e0a7f01dca0381e5fd05a1b615 : Empty|VT.Unknown MBR Code
Partition table:
0 - EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 387251 MB
3 - [SYSTEM]  | Offset (sectors): 998459392 | Size: 857 MB
4 -  | Offset (sectors): 793659392 | Size: 91924 MB
5 -  | Offset (sectors): 981919744 | Size: 8076 MB
User = LL1 ... OK
User = LL2 ... OK

Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 20, 2018, 04:41:08 pm
Hi DMG49,

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.
Do not copy pas the report directy in your message, please use the "Attach" feature under "Attachments and other options".

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 21, 2018, 04:05:51 am
Here are the two files.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 21, 2018, 06:09:12 pm
Hi DMG49,

Your system is very infected. Please make sure to save all your personal data before following the process below.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 21, 2018, 09:42:43 pm
Hi Thanks for helping. I downloaded fixlist.txt and ran frst and it gernerated an empty fixlog.txt file. If I open fixlist.txt on the infected computer the file appears blank but if i open fixlist.txt on a noninfected computer then i can see whats in the file. also fixlist.txt is removed from the desktop after i run frst. Here is the fixlog.txt file. I see no differance.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 21, 2018, 11:57:40 pm
Hi DMG49,

The malware denied access to the fixlist.txt file
Please follow the instruction in shadowwar post (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) and attach MBAR log with your next reply.

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 02:01:54 am
The computer already seems better. Thank You. Here are the log files.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 02:30:12 am
Still infected. Kaspersky still detecting virus'. Malwarebytes ran once but will not start again. Here is the malwarebytes log file before i clicked clean.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 02:50:56 am
Latest kaspersky log.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 22, 2018, 03:20:08 am
Hi DMG49,

The malware is still here.
We need to use Windows Recovery Environment to get rid it of it
Please then generate a fresh FRST report on normal mode and attach it as well.

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 12:04:10 pm
here is the log file from the command prompt. frst_cmd.txt
here is the log file from normal boot mode.      frst.txt
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 22, 2018, 02:44:14 pm
Hi DMG49,

Your forgot to attach the fixlog.txt file that should be on your flashdrive. Please attach it with your next reply.
There is some leftovers but the main infection is gone.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 04:06:04 pm
here is fixlog from flashdrive.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 04:07:26 pm
fixlog from desktop.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 22, 2018, 05:25:03 pm
Hi DMG49,

Your system should be clean.
How is your computer running ?

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 22, 2018, 06:40:12 pm
The computer is running much better. You are Awesome. Thank You.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 22, 2018, 06:48:17 pm
Hi DMG49,

You are very welcome.
You can now remove all the tools and linked files used during the malware removal process.

Regards.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: DMG49 on May 23, 2018, 03:00:59 am
Thanks for all your help. have a good day.
Title: Re: infected. no boot to cd ,usb or recovery mode.
Post by: Curson on May 23, 2018, 03:08:25 pm
Hi DMG49,

You are very welcome.
Have a good day, too.

Regards.