infected. no boot to cd ,usb or recovery mode.

[DMG49]

I downloaded something that my antivirus cannot remove. I have tried different anti virus removal programs and rescue disks but virus remains. Any help or suggestions would be great. Thank You.

[Curson]

Hi DBG49,

Welcome to Adlice.com Forum.
What makes you think your system is infected ? Could you please attach RogueKiller full scan report with your next reply ?

Regards.

[DMG49]

web pages get redirected most times. I lose Internet connection very often. I get popup ads on desktop. Kaspersky warned me that a program was using my laptop camera. I have run multiply anti virus programs (including rogue killer) many times trying to get rid of the infection. most of it is gone but not all. I am not able to run Kaspersky rescue disk from cd or usb because the virus has blocked booting from cd or usb. I can not even run the reimaging software on my computer.

Here is the roguekiller text file.

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/19/2018 08:28:48 (Duration : 00:22:02)

¤¤¤ Processes : 2 ¤¤¤
[VT.Detected] Receivers.exe(7172) -- C:\Program Files (x86)\Gerdes\Receivers.exe[-] -> Found
[VT.Detected] Receivers.exe(6820) -- C:\Program Files (x86)\Gerdes\Receivers.exe[-] -> Found

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Firefox][File] C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j5tnosjs.default\Invalidprefs.js -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Micron_1100_MTFDDAK512TBN +++++
--- User ---
[MBR] 7f949192c851047c6f5a8a9079563995
[BSP] 62c2b6e0a7f01dca0381e5fd05a1b615 : Empty|VT.Unknown MBR Code
Partition table:
0 - EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 387251 MB
3 - [SYSTEM]  | Offset (sectors): 998459392 | Size: 857 MB
4 -  | Offset (sectors): 793659392 | Size: 91924 MB
5 -  | Offset (sectors): 981919744 | Size: 8076 MB
User = LL1 ... OK
User = LL2 ... OK

[Curson]

Hi DMG49,

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
  

Do not copy pas the report directy in your message, please use the "Attach" feature under "Attachments and other options".

Regards.

[DMG49]

Here are the two files.

[Curson]

Hi DMG49,

Your system is very infected. Please make sure to save all your personal data before following the process below.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?

Regards.

[DMG49]

Hi Thanks for helping. I downloaded fixlist.txt and ran frst and it gernerated an empty fixlog.txt file. If I open fixlist.txt on the infected computer the file appears blank but if i open fixlist.txt on a noninfected computer then i can see whats in the file. also fixlist.txt is removed from the desktop after i run frst. Here is the fixlog.txt file. I see no differance.

[Curson]

Hi DMG49,

The malware denied access to the fixlist.txt file
Please follow the instruction in shadowwar post and attach MBAR log with your next reply.

Regards.

[DMG49]

The computer already seems better. Thank You. Here are the log files.

[DMG49]

Still infected. Kaspersky still detecting virus'. Malwarebytes ran once but will not start again. Here is the malwarebytes log file before i clicked clean.

[DMG49]

Latest kaspersky log.

[Curson]

Hi DMG49,

The malware is still here.
We need to use Windows Recovery Environment to get rid it of it

• On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive. Do the same with the attached fixlist.txt file.
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  Note: You need to download the version compatible with your machine i.e. 32-bit or 64-bit.
  
  Plug the flashdrive into the infected PC.
   
  
• Enter System Recovery Environment Command Prompt:
  
  Instructions for Windows 10
  Instructions for Windows 8
  Instructions for Windows 7
   
  
• Once in the Command Prompt:
  
  Run FRST/FRST64 located on your flashdrive and press the Fix button just once and wait.
  The tool will generate a log on the flashdrive (Fixlog.txt) please post it with your reply.
  

Please then generate a fresh FRST report on normal mode and attach it as well.

Regards.

[DMG49]

here is the log file from the command prompt. frst_cmd.txt
here is the log file from normal boot mode.      frst.txt

[Curson]

Hi DMG49,

Your forgot to attach the fixlog.txt file that should be on your flashdrive. Please attach it with your next reply.
There is some leftovers but the main infection is gone.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?

Regards.

[DMG49]

here is fixlog from flashdrive.