Jump to content

EEK can't delete Trojan.GenericKDV.1039032 (B)


iriane
 Share

Recommended Posts

Hi Team,

 

have used Stinger, Malwarebytes and EEK to try and get rid of a recent ukash ransom virus on my PC. There is one trojan left that EEK can find, but not quarantine or delete. I have attached the EEK and OTL logs for your reveiw.

 

Thanks,

 

iriane

Link to comment
Share on other sites

Hello, iriane

Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.

    Click Start, open My Computer, select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the Desktop.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to Desktop.

Just run the tool and click Scan, it will produce 2 logfiles on the desktop. Please attach them in your next reply.

Link to comment
Share on other sites

Hi,

Please download TFC by Old Timer and save it to your desktop.

alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Please save the content of the codebox below into notepad as fixlist.txt to your desktop:

HKU\Administrator\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Administrator\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
HKU\Default\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Default\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
HKU\Default User\...\RunOnce: [DefUserRunOnceSettings] "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs" [399 2010-11-26] ()
HKU\Default User\...\RunOnce: [DeleteIE864BitIcon] c:\windows\deleteie64biticon.bat [x]
2013-06-13 03:39 - 2013-06-13 03:39 - 00000000 ____A C:\ProgramData\l91eje.dat
2013-06-13 00:06 - 2013-06-13 00:06 - 00000000 ____A C:\ProgramData\niewqe8.dat
2013-06-12 22:49 - 2013-06-13 07:46 - 95023320 ___AT C:\ProgramData\v89ir.pad
2013-06-12 22:49 - 2013-06-12 22:49 - 00000151 ____A C:\ProgramData\v89ir.reg
2013-06-12 22:49 - 2013-06-12 22:49 - 00000056 ____A C:\ProgramData\v89ir.bat
2013-06-12 22:49 - 2013-06-12 22:49 - 00000000 ____A C:\ProgramData\kjhy64.txt
C:\ProgramData\l91eje.dat
C:\ProgramData\niewqe8.dat
C:\ProgramData\ntuser.dat
C:\ProgramData\v89ir.bat
C:\ProgramData\v89ir.pad
C:\ProgramData\v89ir.reg
Please open FRST and hit the Fix button, attach the Fixlog.txt to your next reply, along with a fresh FRST Scanlogfile and a Logfile from a fresh scan with Emsisoft Antimalware.
Link to comment
Share on other sites

Hi,

we have removed a lot of malware entries with the last fix, now we can go forward to remove the rest with a special tool.

Next, download ComboFix Save to the Desktop

  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Link to comment
Share on other sites

Hi Tom,

 

I started combofix, but it then warned me to turn off my anti-virus software. It seems to be blocking my from opening the antivirus software, though. It has come up with a warning that it will continue to run with the anti-virus, at my own risk, but there is no "cancel" option. Is there a way to stop combofix so i can disable the anti-virus?

Thanks,

iriane

Link to comment
Share on other sites

Hi Tom,

 

Unfortunately when i rightclick and try to open the antivirus I get an error massage saying that it is being prevented from being opened.  Is there a way to cancel Combofix? or will i have to run it with the antivirus on?

 

thanks,

iriane

Link to comment
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...