Stubborn Virus

Hi all, first time posting here so please be gentle!

The kids gifted me a nicely infected notebook so I tried the usual scans:

Spybot
Malwarebytes
AVG
Kapersky online
ATF cleaner (all things checked) - all done in safe mode

Zemana Antimalware
ADaware

Hijackthis returned a "denied write access to hosts file" warning, and I cannot upload the log as it says the uploaded file does not have an allowed extension.

I've also ran a FRST scan and have attached the FRST.txt and Addition.txt.


Many thanks for all your help.

 

I don't see any malware.. I believe your problems come from that little 20gig drive being full.. only has 8% free and needs about 15% to work correctly.

 

Great job, that means I've finally cleared it. Thanks for checking that for me.

Been trying to surf but keep getting pop-ups and asking to download flash, could there be something hidden somewhere else?

 

It's a HP Steam 11, it has such a small HD that even with an external HD attached there is not sufficient space to upgrade to win 10! Not a great device imho.

 

You have ran Zemana which should have taken care of the ad popups. Possably a searchscope in IE browser or your router needs re-setting...
And maybe try this:

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Please also download the attached scriptfile, named zoekscript.txt.


Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

Now, on your Desktop, drag and drop zoekscript.txt on Zoek.exe as shown below:

​

Please approve any UAC prompt to allow this action to proceed.

Answer Yes to the following prompt to allow the zoek script to run:

​

This action causes Zoek.exe to start automatically. Please be patient while Zoek is scanning.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log to your reply and let me know the results.

2oG

 

I can't see to make out the model and it was a present so have no purchase details. It looks like this:

http://www.amazon.co.uk/dp/B00YUBDR...m=A3P5ROKL5A1OLE&pf_rd_r=17PE7X0CRVNBBQHEZJ2D

I can't attach the ZOEK log it says they have the wrong extension!

 

So I copied and pasted Duh!


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Aimee on 05/03/2016 at 9:19:03.86.
Microsoft Windows 8.1 with Bing 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aimee\Desktop\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]

==== System Restore Info ======================

05/03/2016 09:21:10 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\53e919ec-0095-0 deleted successfully
C:\PROGRA~3\53e919ec-0a31-1 deleted successfully
C:\PROGRA~3\53e919ec-0bd7-1 deleted successfully
C:\PROGRA~3\53e919ec-2191-1 deleted successfully
C:\PROGRA~3\53e919ec-3f65-0 deleted successfully
C:\PROGRA~3\53e919ec-4287-0 deleted successfully
C:\PROGRA~3\53e919ec-5e85-0 deleted successfully
C:\PROGRA~3\53e919ec-7c45-1 deleted successfully
C:\PROGRA~3\da4a9c05-2141-0 deleted successfully
C:\PROGRA~3\da4a9c05-3667-0 deleted successfully
C:\PROGRA~3\da4a9c05-3b11-0 deleted successfully
C:\PROGRA~3\da4a9c05-3cd5-0 deleted successfully
C:\PROGRA~3\da4a9c05-4011-0 deleted successfully
C:\PROGRA~3\da4a9c05-5f75-1 deleted successfully
C:\PROGRA~3\da4a9c05-69b5-1 deleted successfully
C:\Users\Default\AppData\Roaming\Hewlett-Packard deleted successfully
C:\Users\DefaultAppPool\AppData\Roaming\Hewlett-Packard deleted successfully
C:\Users\Aimee\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Aimee\AppData\Local\EmieSiteList deleted successfully
C:\Users\Aimee\AppData\Local\EmieUserList deleted successfully

 

No real need for me to see those logs. It's just a little generic cleanup that I hope helps you some..

 

I've rebooted and run Zemana and it has picked up a DNS Hijack - how is it still infected?

 

Because attempting to remove malware from a machine that has NO room left on the drive to work in; is like wiping your arse with a bicycle tire.... The same old shit keeps coming around, over and over...... Forgive me but that's the way I see it.

The first thing you need to do is: un-install All programs and data files that you don't need:
Especially InetStat and PriceFountain and/ or Update for PriceFountain as these are hijackers....

You have AVG and Ad-Aware Antivirus installed on your machine Ad-Aware is disabled and Out of date but probably has system files running that conflict with AVG - un-install Ad-Aware!!

After cleaning as much as possible run another FRST scan:

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach both logs to your next reply.

2oG

 

Saturday afternoon, and I am watching NCAA basketball, drinking a Bloody Mary, and streaming Pandora Radio, and you just made piss my pants laughing. Thank you very much for you insight on the use of a bicycle tire. LOLLOL!

 

If I can make at least one person Smile, or pee their pants a little, or maybe Spit out a Drink, then my Day was Not wasted....

 

Don't get too excited about the pissing the pants. At our age, it is a good thing that it doesn't happen all of the time. On the other hand, a smile is a good thing. Life is good.

 

Yeah I completely get what you mean!

I wonder would attaching an external drive help the cleaning process?

 

I've attached the two files; at least the ants fart of a drive doesn't take long to scan.

 

Yeah. can't poop, can't pee. can't chew, cant see.......... everything either dries up or leaks! LOL

Don't know at this point. Just delete and un-install everything you can in order to get more free space on that little piss ant drive and I'll go over the Logs to see if I can come up with a plan......

2oG (That's '2' and not 'Too', old with a lower case 'o' and Geek with a Capital 'G')

 

I will do, thanks for your time.

 

Well raff, you have a DNS Hijacker that is fairly new, maybe 3 or 4 months and I didn’t recognize it right off…..

Let's reconfig your IP and flush the DNS cache first:

Save the attached file: DNSflush.txt to your desktop.
Right click and Rename DNSflush.txt to: DNSflush.bat
Now, Right click on the DNSflush.bat file and click Run as administrator. Your computer will reboot.

Next. Reset IE to its 'default' settings:
Open IE, Click on Tools -> internet options -> Advanced Tab -> Reset… -> Apply OK

It will probably be best if you can reset your router also..



Download TFC by Old Timer http://www.geekstogo...er-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also hide all desktop shortcuts, so just be aware! They will come back after rebooting.

Right-click on the TFC file and choose Run as administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Manually reboot the machine to ensure a complete clean.

Remember that this will not clear up the problem of not having enough free space on the HDD but we will work on that..

Let me know if you're still in trouble!! If no trouble, reset your Homepage and fill me in on what’s happening?


P.S. please also un-install Spybot S&D it's not as good as it once was and can cause some problems...
2oG