Jump to content

Help, My PC is infected with the Locky virus


Recommended Posts

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1157311671-866355910-1506779047-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1157311671-866355910-1506779047-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-04-21 09:33 - 2015-04-21 09:33 - 0038435 _____ () C:\Users\Adrian\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-04-21 08:46 - 2015-04-21 09:28 - 0000154 _____ () C:\Users\Adrian\AppData\Roaming\Rim.Desktop.Exception.log
2015-04-21 08:40 - 2015-04-21 08:40 - 0001111 _____ () C:\Users\Adrian\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-21 08:46 - 2015-04-21 09:28 - 0000154 _____ () C:\Users\Adrian\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-05-13 09:54 - 2016-05-31 13:37 - 0000062 _____ () C:\Users\Adrian\AppData\Roaming\sp_data.sys
2013-05-01 04:34 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 04:34 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 04:34 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-10-08 13:45 - 2015-06-08 11:43 - 0427840 _____ (ForensiT Limited) C:\ProgramData\UserProfileMigrationService.exe
C:\ProgramData\UserProfileMigrationService.exe
C:\Users\Adrian\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Adrian\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Adrian\AppData\Local\Temp\SkypeSetup.exe
Task: {0FE72DF6-6A0B-480A-975C-FC8A73D94804} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C2AD96E-65C1-4439-B959-553AE0D3C86B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2F4D890A-9D82-4546-8513-4112D4701507} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3C76781D-7AC2-41EC-BA7F-F210B2B30CE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {42A19E7D-A7A4-4C11-ADF5-7661EF637748} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4D6D1C6F-16E6-4A42-8A29-1D53E9CB5B00} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4ED41516-D710-47FB-A3EE-F1C59A274E94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {51E9F117-6B57-4FEF-BA04-E112B3D0789B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7FE30601-307D-405C-BEDD-95C3F328401F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B6F6893-4333-460D-ABB2-AF6CBF403728} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C1130675-4A00-4577-BAE7-C59B31F5869E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C57AAEF8-A50A-496F-8471-8467E42BA6E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {E7BD6D97-59AC-4599-9BE1-747826077456} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {F94B793F-FD11-44C6-8349-92410F180A67} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
C:\Users\Adrian\AppData\Roaming\OpenCandy
C:\Users\Adrian\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe
C:\Users\Adrian\Downloads\BitTorrent.exe
C:\Users\Adrian\Downloads\FlashPlayer__4369_i910108692_il19.exe
C:\Users\Adrian\Downloads\FlashPlayer__4369_i910767252_il19.exe
C:\Users\Adrian\Downloads\FlashPlayer__4369_i910110054_il19.exe
C:\Users\Adrian\Downloads\Iomega_ScreenPlay_Pro_HD_Multimedia_Drive_Driver_Update_05-2014.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f)
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}" /f)
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...