Powerliks still going...

[0x90]

Hey guys, I have Powerliks in my system, something which I have been struggling for the past few weeks already, like most of the people I have seen testimonials from they have spent hours and hours trying to defeat this thing, but the one I have is just more than annoying and I guess it's stronger and updated because I have tried to follow http://www.adlice.com/poweliks-removal-with-roguekiller/ tutorial and when I get to the part of checking the registry I just see no entry whatsoever about anything related to powerliks as shown in the tutorial... I still see it running in the tasks and so on (reference image below), sometimes it s SO annoying because it closes and re-opens itself, and that makes me lose the focus on the current active windows that I'm working on, sometimes when I even playing some games, it makes me lose the focus of the game, minimizing it, and that's truly annoying.



And sometimes I get all sorts of 'Stopped Working' errors like this one, obviously related to Powerliks...


My problem is big because I've been running with this for a long time ago, and I don't want to run across the solution of formatting my PC just because I'm lazy enough, and don't find quite the comfort of removing all the current things I have already setup on my PC and re-downloading them, or even, making hours and hours of backups, and so on...

I ran RougeKiller already it found few stuff and I don't know whatelse... and this is my report:
https://paste.ee/r/lMWmz

This is my HiJackThis report log:
https://paste.ee/r/BqAvZ




I will be grateful enough to be happy for my entire life if you guys could help me out on this situation. Thanks for further responses/help.

Kind Regards,
0x90

[Tigzy]

Hello
Have you looked that topic? http://forum.adlice.com/index.php/topic,189.msg690.html#msg690

Could you tell me if you find that registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32

With the values associated to poweliks

[Tigzy]

Ok, I found it.
On X64 it's slightly different, the subkey is "hidden" by removing read attributes.
I'm working on it.

EDIT: mmh, actually that's a bug introduced in last version. HKCU keys are not scanned anymore.
I'm doing a quick fix for that, you'll be able to try 9.2.13 in a few minutes

[0x90]

Awesome work and thanks for keeping me updated~!

 Will look forward further on this

*Update*

Oh..My..Goodness! Thank you for this amazing service!

Rogue just Killed it xD



This is the latest report:
https://paste.ee/p/1Qh1G

It was very well hidden, given the previous keys you gave me to check upon them, gladly your algorithm killed it very well, I'm using Malwarebytes, since the malware (Powerliks) doesn't use files, is there anyways to prevent further infections? there is no way sending samples to online antivirus scanning services to make distribute throughout services, to keep signatures detectable...

Don't have words to describe myself right now haha, just enough to say Thank You!

*Edit*

It is obvious that with the removal of the malware my PC keeps trying to have access to left overs that the malware left... now I get all sorts of pop-ups:



and



*Extra*

This is what happens behind scenes whenever these two last things occurs..
https://paste.ee/r/GWkbT

[Tigzy]

Have you rebooted after the removal?
Because the script is still in memory even after registry removal.
I just removed startup entry.

[0x90]

Have you rebooted after the removal?
Because the script is still in memory even after registry removal.
I just removed startup entry.

:facepalm: haha forgot to reboot! my mistake!

I did rebooted the system after some testing and now it's working just fine

Thank you for the awesome support! and for this excellent tool!

Kind Regards,
0x90

[Tigzy]

Cool!