[SOLVED] [Moved]Infected file
- Thread starter jwdo
- Start date
Hi there, I moved your topic, if you could follow the instructions here: Malware Removal Posting Instructions the Security staff will be able to understand the problem better and help you sort it out :)
Hi!
If you downloaded Kaspersky tdss killer in the past but you didn't delete it, you can just delete it now (it could be in the downloaded files folder).
If this is not the case, wait for an answer by a security analyst.
If you downloaded Kaspersky tdss killer in the past but you didn't delete it, you can just delete it now (it could be in the downloaded files folder).
If this is not the case, wait for an answer by a security analyst.
I recently ran eset online virus checker and it detected a file that it could not clean. It is called, Win32/RiskWare.TDSSKiller.A application. Could you help me eradicate this file?
I ran Malwarebytes (free version) and it did not detect anything. So I am attaching the first.txt file as well as the addition.txt file.
I ran Malwarebytes (free version) and it did not detect anything. So I am attaching the first.txt file as well as the addition.txt file.
Hello, jwdo and welcome to the Security Arena, here at Sysnative Forums..! 
My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:
Please give me some time to examine your logs and I will get back to you as soon as possible...!
Thank you..!
My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:
- First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
- It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
- Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
- Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
- Please attach all logs into your post unless otherwise requested.
- When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
- If you do not reply to your topic after 3 days I will assume it has been abandoned and I will close it.
Please give me some time to examine your logs and I will get back to you as soon as possible...!
Thank you..!
Farbar Recovery Scan Tool - Fix
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone
Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
Next..:
Temporarily disable Smart Screen and your antivirus (if needed) to download and run the following tool. If you are afraid to turn off the antivirus, so as not to download even more viruses, then additionally temporarily disconnect from the Internet. This tool sometimes gets flagged as suspicious/malicious, but it's a false positive.
Malware Removal Script by thisisu
Please download FMRS.exe and save it to your desktop.
Note: Please save all your existing work / windows as this tool will attempt to close all non-essential processes during the course of its scan. This includes the internet browser you're currently using to view this message.
Next..:
Scan with SecurityCheck by glax24
In your next reply, please include:
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone
Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
- Copy/paste the following in the Search: box
Code:
Searchall: pkedcjkdefgpdelpbcmbmeomcjbeemfm- Click Search Files button
- When completed click OK and a Search.txt document will open on your desktop
- Аttach the report in your reply. If the file is too large zip and upload it here.
Next..:
Temporarily disable Smart Screen and your antivirus (if needed) to download and run the following tool. If you are afraid to turn off the antivirus, so as not to download even more viruses, then additionally temporarily disconnect from the Internet. This tool sometimes gets flagged as suspicious/malicious, but it's a false positive.
Malware Removal Script by thisisu
Please download FMRS.exe and save it to your desktop.
Note: Please save all your existing work / windows as this tool will attempt to close all non-essential processes during the course of its scan. This includes the internet browser you're currently using to view this message.
- Right-click FMRS.exe and then click Run as administrator.
- Click Yes to the Disclaimer
- The script will begin to run. Be patient.
- When the scan is finished, a log entitled FMRS_final.txt will open.
- Post the contents of the log into your next reply
- A copy of this log is also saved to your desktop
Next..:
Scan with SecurityCheck by glax24
- Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
- Download SecurityCheck by glax24 from here
- If SmartScreen blocks the file from running click on More info and Run anyway
- This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
- Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
- Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
- You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
In your next reply, please include:
- Fixlog.txt
- Search report
- SecurityCheck.txt
- FMRS - log into your next reply
Good morning..! This computer is at a very high risk..! Everything below should be adjusted ..! I expect your decision ..!
Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported.
Microsoft Office Enterprise 2007 v.12.0.6612.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Microsoft Office 2007 Service Pack 3 (SP3) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Backup and Sync from Google v.3.57.4256.0809 Warning! This software is no longer supported. Please use Google Drive.
WhatsApp (Outdated) v.2.2326.10 Warning! This software is no longer supported. Please use version from Microsoft Store.
Skype version 8.138 v.8.138 Warning! This software is no longer supported. Please use Microsoft Teams.
Skype 8.138 v.8.138.0.214 Warning! This software is no longer supported. Please use Microsoft Teams.
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader v.22.001.20085 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
Safari v.5.34.57.2 Warning! This software is no longer supported.
CCleaner v.6.35 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Driver Easy 6.0.0 v.6.0.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Ashampoo Driver Updater v.1.6.1 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WinX YouTube Downloader v.7.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
FilExile v.3.00 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported.
Microsoft Office Enterprise 2007 v.12.0.6612.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Microsoft Office 2007 Service Pack 3 (SP3) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Backup and Sync from Google v.3.57.4256.0809 Warning! This software is no longer supported. Please use Google Drive.
WhatsApp (Outdated) v.2.2326.10 Warning! This software is no longer supported. Please use version from Microsoft Store.
Skype version 8.138 v.8.138 Warning! This software is no longer supported. Please use Microsoft Teams.
Skype 8.138 v.8.138.0.214 Warning! This software is no longer supported. Please use Microsoft Teams.
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader v.22.001.20085 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC.
Safari v.5.34.57.2 Warning! This software is no longer supported.
CCleaner v.6.35 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Driver Easy 6.0.0 v.6.0.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Ashampoo Driver Updater v.1.6.1 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WinX YouTube Downloader v.7.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
FilExile v.3.00 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Run Malwarebytes
Malwarebytes AdwCleaner
- Download Malwarebytes and save it to your Desktop.
- Once downloaded, close all programs and Windows on your computer.
- Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
- Follow the instructions to install the program.
- When finished, double click the program's icon created on your Desktop.
- Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
- Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
- Return to the Dashboard and choose Scan.
- Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
- When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
- When finished, you will see the Threat Scan Summary window open.
- If threats are not found, click View Report and proceed to the two last steps below.
If threats are found, make sure that all threats are selected and click the "Quarantine" button.- Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
Malwarebytes AdwCleaner
- Please download AdwCleaner and save it to your Desktop
- Close all open programs and browsers
- Right click on the icon and select Run as administrator
- Click Scan now
- Uncheck any detected items you would to keep then click Next
- If a Preinstalled software was found! screen appears review it if you'd like then click OK
- Review the list of Preinstalled software and place a check mark in those you do not wish to keep
- Click Quarantine, then Continue
- When completed click View Log File
- Copy and paste the contents in your reply
- Close the AdwCleaner window
- The Malwarebytes report
- AdwCleaner report
Just a note to let you know that I deleted everything you recommended except for CCleaner as I have a subscription to that one. I can't send you the files that you requested yet as Malwarebytes is still analyzing my files. It has been running for 2 days now and has analyzed over 675,000 files and I think I still have another 10 hours before its finished. I will send you the files you requested when everything completes.
Thank you for the reply...! So far, things are moving according to plan ..!
I want to see the condition of the system after everything here ..!
Fresh FRST logs
Please run FRST tool once more, and attach for me fresh logs:
I want to see the condition of the system after everything here ..!
Fresh FRST logs
Please run FRST tool once more, and attach for me fresh logs:
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach these two logs in your next reply.
- Fresh FRST logs
Farbar Recovery Scan Tool - Fix
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone
Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
In your next reply, please include:
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone
Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
In your next reply, please include:
- Fixlog.txt
Perfect, thanks...!
If everything is fine ..for final:
KpRm by Kernel-panik
- Download KpRm and save it to your Desktop (see here if you must use Chrome)
- Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
- Right click on the icon and select Run as administrator
- Click Yes on the Disclaimer
- Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
- Click Run
- Click OK on All operations are completed
- KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
- You are free to remove any other tools/reports still remaining
- Please copy and paste its contents in your next reply.
Unfortunately, when I downloaded KpRm, a Folder was installed on my Computer called PC Store or PC Store App. It then produced a pop up that wanted me to buy McAfee. I could not delete or close my browser. The only way I was able to get rid of the advertisement was to restart my computer. I tried a few times, but all my efforts were unsuccessful, so I finally removed that Folder with Revo Uninstaller. Now my computer is running fine. Perhaps we can now close this thread now, what do you think?
Has Sysnative Forums helped you? Please consider donating to help us support the site!