MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: It's all junked up...
November 20, 2019, 10:45:32 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 20, 2019, 10:45:32 AM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: It's all junked up...  (Read 4817 times)
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« on: April 27, 2014, 10:40:16 PM »

Hello,
My father-in-law brought me his PC and told me that it was performing poorly...  Upon login, I am immediately inundated with pop-ups that the PC is infected, registry cleaners, optimize now buttons, backup now requests, and the like.  The only way that I could get OTL or aswMDR to run was in safe mode.  Output from both has been attached.  Thank you in advance for your assistance.
« Last Edit: April 27, 2014, 10:51:58 PM by poyndextr » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: April 27, 2014, 10:50:16 PM »

I see you have malware... Run these three programes..



Please download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
=================================================

Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:
 
http://malwarebytes.org/mbam-download-exe-random.php
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #2 on: April 27, 2014, 11:38:17 PM »

Hi Pancake,
It's unfortunate that I'm here again, but I'm glad you are still helping folks out.  I can't get any executable to run in normal boot.  When I try, it hangs the system.  I couldn't get JRT or MBAM to run in safe mode.  JRT opened a cmd prompt and sat there.  MBAM did nothing.  However, I was able to run AdwCleaner in safe mode... output attached.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: April 28, 2014, 12:08:35 AM »

Ok.Thats removed a lot of junk and malware.Lets run this first .


Download and run RKill.from any of these links:


Link 1 Link 2  Link 3
Link 4


Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
Once the tool has run, do NOT reboot the machine, and then try to run Malwarebytes and Combofix .

============================

 
Download Combofix from any of the links below, and save it to your desktop.
 
Link 1
Link 2
 
 To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

 
Click I Agree to start the program.
 
ComboFix will then extract the necessary files and you will see this:
 

 
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
 
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
 
If you did not have it installed, you will see the prompt below. Choose YES.
 

 
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 

 
Click on Yes, to continue scanning for malware.
 
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
 
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
 
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #4 on: April 28, 2014, 12:14:16 AM »

I've been able to install MBAM and am scanning now.  Would you like me to update once complete, or follow the steps for RKill and Combofix too, then update? 
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: April 28, 2014, 12:30:34 AM »

Just run Rkill and then run Combofix after you have posted the MBAM results.
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #6 on: April 28, 2014, 03:26:22 AM »

Okay.  I still can't run JRT, but the MBAM log is attached.  Going to run RKill and Combofix...
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: April 28, 2014, 04:21:39 AM »

This beast is in real bad shape.Loaded with malware.You should start to see some improvment now.
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #8 on: April 28, 2014, 02:59:30 PM »

Yeah, by the time they bring it to me, it's usually pretty bad.  Thank goodness you are here to provide guidance and assistance!  Smiley  After running MBAM the first time, I ran RKill.  The CMD prompt opens, it checks for running services to terminate, completes, then begins "Checking for processes to terminate" and appears to hang.  I left it there overnight and it was in the same spot in the morning.  I closed it and attempted to run again with the exact same result.  Afterwards, I attempted running Combofix, but it never opens.  The PC just sits there and thinks about opening it...  I thought about running Combofix in Safe Mode, but wasn't sure if the reboot was desired with where things are currently at.  Should I go ahead and boot into Safe Mode and run Combofix?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: April 28, 2014, 10:05:06 PM »

Yes reboot and go with safe mode.
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #10 on: April 29, 2014, 03:07:25 AM »

Combofix took a while to complete, but did run in safe mode.  Log is attached.  I am definitely seeing improvement. 
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: April 29, 2014, 03:52:39 AM »

Ok.I now want you to delete the c:\windows\system32\samsrv.dll file and replace it with a new one from here. http://www.opendll.com/index.php?file-download=samsrv.dll&arch=32bit&version=6.1.7100.0&dsc=SAM-Server-DLL
Logged

An Australian Member of

EDDY
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #12 on: April 29, 2014, 04:31:52 AM »

When I try deleting C:\windows\system32\samsrv.dll, it hangs "Calculating..." how much time is remaining and doesn't delete.  At least it hasn't yet, and it has been calculating for about 15 minutes...  I tried in safe mode first, but it complained about permission.
Logged

 
poyndextr
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 57


Bookmark and Share

View Profile
« Reply #13 on: April 29, 2014, 05:51:43 AM »

Fresh OTL log attached
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #14 on: April 29, 2014, 06:34:05 AM »

Its not a problem if that files stays.I was only tidying up.That all looks fine so how are things now.
Logged

An Australian Member of

EDDY
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 18, 2019, 03:57:28 PM