Adlice forum

General Category => Malware removal help => Topic started by: bill.wasserman@verizon.ne on December 08, 2016, 10:40:54 PM

Title: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 08, 2016, 10:40:54 PM

I'm certain there's malware on my PC. I'm using both Norton Anti-Virus and MalwareBytes ("MB") for protection. On numerous occasions MalwareBytes blocks outgoing traffic to www.invokefun.com and, perhaps, one or two other sites. The problem is now of 2-3 weeks duration. When I first observed atypical behavior from my PC I ran a scan with MalwareBytes. MB reported finding PUP. Optional.Scanguard. I got no "hit" when I googled the offending program name and queried MB technical support. After sharing logs and narratively describing my problem MB support reported the problem was likely in my modem. Per their instructions, I reset the modem, but problems persisted. Furthermore, neither the laptop or second PC on the network displayed any unusual behavior nor did my iPhone or my girlfriend's cell.
I tried the standard approach recommended by MB support - Junkware Removal Tool (JRT) then Adware Cleaner (advcleaner) and Hitman. JRT reported deleting multiple Temporary Internet File Folders, AdwCleaner reported finding and cleaning infections of/with "SearchScopes" and "Auslogic" (at different times) and today has been reporting it finds nothing that doesn't belong. I purchased RogueKiller which reports adverse DNS findings in the registry (I took to saving RogueKiller's log on the desktop, so all logs are not available to me).
All the tools I've employed have not resolved the problem - MB continues to block unauthorized outgoing traffic. In desperation I decided to redo the machine - reformat HDD, clean install of Windows 7 and application software. In the process of writing to software companies about what to do to preserve my license authorizations I was encouraged by Adlice Support to post my problem on this board to obtain help clearing my PC of problems. Thank you, in advance, for your response and assistance.

Title: Re: Unable to resolve malware infection
Post by: Curson on December 08, 2016, 10:58:01 PM

Hi Bill,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller and MalwareBytes latest reports in your next reply ?

Regards.

Title: Re: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 09, 2016, 12:19:19 AM

Thank you for your response. Last two logs for each program are attached. MBytes logs are xml files. I've changed the extension so they can be uploaded

Title: Re: Unable to resolve malware infection
Post by: Curson on December 09, 2016, 01:49:57 PM

Hi Bill,

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.

Title: Re: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 09, 2016, 04:26:22 PM

Been there done that too. Logs are attached.

Title: Re: Unable to resolve malware infection
Post by: Curson on December 10, 2016, 02:25:04 PM

Hi Bill,

You have numerous software and removal tools installed, your system seems damaged in some ways.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Regards.

Title: Re: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 10, 2016, 03:46:29 PM

I'd saved the logs from FRST64 but uninstalled the program after it turned out not to be the "magic bullet" I hoped it would be. Accordingly, there was a new "Addition.txt" file generated as well as "Fixlog.txt". To be on the safe side, I'm uploading everything generated by this run of FRST64. Just glancing at these files makes my head spin, so I thoroughly understand the  tortuous nature of the process and am tremendously thankful for your assistance.

Title: Re: Unable to resolve malware infection
Post by: Curson on December 10, 2016, 04:38:10 PM

Hi Bill,

How is the system running now ?
Do you still have alerts about invokefun ?

Regards.

Title: Re: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 11, 2016, 10:09:47 PM

I'm saddened to report the problem persists

Title: Re: Unable to resolve malware infection
Post by: Curson on December 11, 2016, 11:56:58 PM

Hi Bill,

Let's try another thing.
Update Malwarebytes Anti-Malware to latest version an do a full scan of you hard disk drive.
Please then attach the log with your next reply.

Regards.

Title: Re: Unable to resolve malware infection
Post by: bill.wasserman@verizon.ne on December 12, 2016, 02:10:48 PM

Scan completed, file's attached.

Title: Re: Unable to resolve malware infection
Post by: Curson on December 12, 2016, 11:28:24 PM

Hi Bill,

I'm sorry, but I don't see any malicious items left in the FRST reports.
Malwarebytes also hasn't detected anything.

I advice you to open a new thread on Malwarebytes forum. Maybe they will have a clue about the invokefun detection.
I'm sorry I cannot help you more.

Regards.