Town of Skykomish

CLOSED Please help remove Trojan.LNK.Poweliks.1.Gen (B)

Recommended Posts

To Whom It May Concern:

I recently performed the Emsisoft Emergency Kit Scan and two Trojan.LNK.Poweliks.1.Gen (B) files were identified for quarantine.  However, the files are deeply embedded in my operating system and the Emergency Kit directed me to seek your expert advise.  Thank you in advance for your time and assistance,

Sage, Deputy Clerk
Town of Skykomish, WA

Addition_28-12-2017 12.47.25.txt

FRST_28-12-2017 12.47.25.txt

Share this post


Link to post
Share on other sites

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

S1 asdhyuol; \??\C:\WINDOWS\system32\drivers\asdhyuol.sys [X]
2017-12-28 09:39 - 2017-12-28 09:39 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\Xacetud
2017-12-28 09:39 - 2017-12-28 09:39 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\Qymq
2017-12-28 09:39 - 2017-12-28 09:39 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\Emyleh
2017-12-18 14:54 - 2017-12-19 11:06 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\Espitnirlo
2017-12-18 14:27 - 2017-12-18 14:27 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\hqtzwu
2017-12-18 14:27 - 2017-12-18 14:27 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\Dfofavjopw
2017-12-28 10:27 - 2017-08-29 13:09 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\7f3310
2017-12-28 10:27 - 2016-09-27 07:41 - 000000000 ____D C:\Users\Deputy Clerk\AppData\Local\997d53
Task: {BDA6F00A-2018-4D8D-AF56-2D332219495F} - System32\Tasks\McAfee Cleanup => C:\Users\DEPUTY~1\AppData\Local\Temp\MCPR\mccleanup.exe <==== ATTENTION
Task: {F4412052-B734-4941-922B-42BF5E72549C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Shortcut: C:\Users\Deputy Clerk\AppData\Local\997d53\74de9e.lnk -> C:\Users\Deputy Clerk\AppData\Local\997d53\dfe94c.bat (No File)
Shortcut: C:\Users\Deputy Clerk\AppData\Local\7f3310\8e7b19.lnk -> C:\Users\Deputy Clerk\AppData\Local\7f3310\14135b.bat (No File)

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Thank you!  I will not return to the infected PC until Tuesday, which is outside of the 72 hour window to respond.  So sorry!  I am hoping you will keep this thread open and allow me a chance to follow up?  I expect to follow your advice in the above thread as soon as I get back to my office.  Happy New Year :)

Share this post


Link to post
Share on other sites

Let's see how well that worked.

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

As far as I can tell everything is running fine with the exception of a hosted software package we use for accounting.  I have some other issues to chase with that however, so if we can confirm this Trojan is gone I will be very happy!  Attached the scans below.

scan_180103-090740.txt

Addition_03-01-2018 09.33.51.txt

FRST_03-01-2018 09.33.51.txt

Share this post


Link to post
Share on other sites

The previous fix appears to have been effective and I see no indications of malware being present in the logs.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
  • Click the Run button.

When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delete the EEK for in the of your System Drive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thanks for all your help.  We are a small municipality in need of a comprehensive malware package for multiple devices.  Final request, do you have any links to articles that explain why we might want to consider EmsiSoft over other anti-malware options?  That would be so helpful.  

 

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.