Yahar

Am I infected?

Recommended Posts

Ccleaner tells me to close Chrome when I run it, but if hit ctrl+alt+dlt there is no chrome process running. It says the same thing if I try to uninstall Chrome. I even rebooted and tried and it still tells me Chrome is open. I have included my OTL and Extra texts.

I already have emsisoft antimalware free installed so I wasn't sure which log I should post. I ran a full scan the other day and it detected a trojan and quarantined it. The emergency kit scan doesn't detect anything.

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launcher.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autoplay\AutoRun.exe
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [start Explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\PsychoLauncher.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launcher.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autoplay\AutoRun.exe
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [start Explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

I ran it but I accidently closed the new log. Where is it saved to?

Also Ccleaner still reports Chrome as open after reboot.

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

It deleted steam.exe but I'm pretty sure that's a false positive..

Share this post


Link to post
Share on other sites

It deleted steam.exe but I'm pretty sure that's a false positive..

Yes, that is a False Positive. ComboFix should not have deleted Steam. You will have to reinstall Steam.

ComboFix didn't turn up anything of interest.

Download avz4.zip from here

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: AVZupdate.jpg
  • Click Start to begin the update

Note: If you receive an error message, chose a different source, then click Start again

  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Share this post


Link to post
Share on other sites

All your scans are coming back clean. Still having problems with CCleaner saying that Chrome is running?

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, SpySentinel, or JeanInMontana to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Español

Tema cerrado

Razón: La falta de respuesta

PM o ShadowPuterDude, SpySentinel, o JeanInMontana para tener este hilo abierto de nuevo.

Los procedimientos contenidos en este tema son para este usuario y este usuario solamente. Intentando seguir las instrucciones de este tema en su sistema podría resultar en daños en el sistema operativo más allá de reparación. No utilizar cualquiera de las herramientas mencionadas en este tema sin la supervisión de un especialista en eliminación de malware.

Todos los carteles solicitando la asistencia de eliminación de malware están obligados a seguir todos los procedimientos en el hilo titulado Empiece aquí, y si no nos vamos a enviar de vuelta a este hilo

Deutsch

Thema geschlossen

Grund: Fehlende Rückmeldung

Solltest Du diesen Thread erneut benötigen, schicke bitte eine PM an ShadowPuterDude, SpySentinel, oder JeanInMontana.

Diese Schritte sind ausschließlich für diesen Benutzer in dieser Situation erstellt worden. Wenn Du diese Schritte auf deinem System durchführst, könnte dies dein Betriebsystem irreparabel beschädigen. Verwende also keines der hier verwendeten Tools ohne Anweisung eines Malware Removal Specialist.

Für alle User die Unterstützung beim Entfernen von Malware brauchen, bitte folgendes lesen. Starte Hier. Solltest Du dies nicht tun, werden wir auf dieses Thema verlinken

Français

Discussion fermée

Motif: Corrigé

Envoyez un PM soit à ShadowPuterDude, SpySentinel, ou soit à JeanInMontana pour avoir réouvert ce fil.

Les procédures contenues dans ce fil sont pour cet utilisateur et ce seul utilisateur. Essayez d'utiliser les instructions de ce fil sur votre système pourrait endommager le système d'exploitation au-delà de la réparation. Ne pas utiliser l'un des outils mentionnés dans ce fil sans la supervision d'un spécialiste de suppression de programmes malveillants.

Tous les messages demandant une assistance pour la suppression de Malware sont tenus de suivre toutes les procédures dans le fil intitulé DÉMARRÉ ICI, sinon nous allons nous contenter de vous renvoyer à ce fil

Italiana

Discussione chiusa

Motivo: Mancanza di risposta

PM o ShadowPuterDude, SpySentinel, o JeanInMontana di avere questo thread riaperto.

Le procedure contenute in questo thread sono per questo utente e solo a questo utente. Il tentativo di utilizzare le istruzioni in questo thread sul vostro sistema potrebbe causare danni al sistema operativo al di là di riparazione. Non utilizzare uno degli strumenti citati in questo thread, senza la supervisione di un Malware Removal Specialist.

Tutti i poster richiesta di rimozione malware di assistenza sono tenuti a seguire tutte le procedure nel thread intitolato START QUI, se non ci sono solo andare a mandare indietro a questo thread

Nederlandse

Thread Closed

Reden: Gebrek aan respons

PM ofwel ShadowPuterDude, SpySentinel, of JeanInMontana te hebben deze draad heropend.

De procedures die in deze draad zijn voor deze gebruiker en deze gebruiker. Proberen om de instructies te gebruiken in deze thread op uw systeem zou kunnen leiden tot beschadiging van het besturingssysteem niet meer te repareren. Geen gebruik maken van een van de instrumenten genoemd in deze draad, zonder toezicht van een Malware Removal Specialist.

Alle posters verzoekende Malware Removal bijstand nodig zijn om alle procedures in de thread met de titel START HIER volgen, als je niet we zijn gewoon aan u terug te sturen naar deze draad

Polska

Wątek zamknięty

Powód: Brak odpowiedzi

PM albo ShadowPuterDude, SpySentinel, of JeanInMontana mieć tego wątku ponownie.

Procedury zawarte w tym wątku są dla tego użytkownika i to użytkownika. Próba użycia instrukcji w tym wątku na komputerze może doprowadzić do uszkodzenia systemu operacyjnego naprawić. Nie używać żadnych narzędzi, o których mowa w tym wątku bez nadzoru Malware Removal Specialist.

Wszystkie plakaty wniosek Malware Removal pomocy są zobowiązane do przestrzegania wszystkich procedur w wątku pt START HERE, jeśli nie jesteśmy po prostu się wysłać z powrotem do tego wątku

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.