Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Medlight rootkit
#1
Hello.so i have found a rootkit called Medlight.exe and i can't seem to remove.It infected my web browser and its redirecting me to a different home page and i can't change it.One of the files was located at : "file:///C:/ProgramData/Medlights/snp.sc" which I was able to remove,but i cannot remove the Medlight.exe from "file:///C:/ProgramData/Medlight".It also says that some files are also infected,but i saw other people complaining about medlight.I am trying some of the programs that Britec uses,and no luck.I haven't seen a video that he made about it (if he did please tell me),if not please help me through the forum.Thank you.

#2
[Image: adwcleaner_new.png]Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on [Image: adwcleaner_new.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.

Please include the contents of that file in your reply




[Image: malwarebytes-icon.png] Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.







[Image: hitmanpro.png]HitmanPro[/color][/font][/size][/color][/b]



  • Please download HitmanPro.
  • Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and post in your next reply




    Please perform a scan with ESET Online Scan

    §  open new browser tab



    §  Click the [Image: scanner.png] button.

    §  Click on  [Image: eset.png] button to download the ESET Smart Installer.
    Save it to your Desktop.

    o    Double click on [Image: install.png] to start ESET Smart Installer.

    §  Check "YES", and Tick "I accept the Terms of Use"

    §  Click the [Image: start.jpg] button.

    §  Yes to User Account Control warning.

    §  Enable detection of potentially unwanted applications.

    §  Click Advanced settings and select the following:

    o    Remove found threats

    o    Scan Archives

    o    Scan for potentially unsafe applications

    o    Enable Anti-Stealth technology

    §  ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.

    §  When the scan completes, click List of Found Threats

    §  Click Export toText File, and save the file to your desktop and name it EsetLog. Include the contents of this report in your next reply.

    §  Put tick in Uninstall Application on close

    §  Put tick in Delete Quarantined files

    §  Click the Finish button.



    [Image: junkware_removal_tool.png] Fix with Junkware Removal Tool

    Please download JRT by Malwarebytes and save the file to your desktop.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

    • Right-click on [Image: junkware_removal_tool.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    • Follow the prompts and let this process run uninterrupted.
    • This scan can take a while, depending on your System specs.
    • Upon completion, a log (JRT.txt) will open on your desktop.
  • Please include the contents of that file in your reply.

    Do not forget to re-enable your previously switched off protection software!
    Please also manually reboot your machine after this procedure.

#3
Update:I tried Malware bytes,aswMBR and RogueKiller but they didn't work.Hitmanpro 3 worked and deleted the two files.I highly recommend the program and i thank Britec for letting me know about it.Thanks for the quick reply. Big Grin

#4
so the virus is now remove ?

#5
[Image: antirootkit.png] Malwarebytes Anti-Rootkit (MBAR)


  • Please download Malwarebytes Anti-Rootkit and save the file to your desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK.Navigate to the location you selected.
  • Double-click MBAR.exe to run the programme.
  • Follow the prompts to update the programme and scan your computer.
  • Upon completion, click Cleanup*and reboot your computer.
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created.*Copy the contents of both logs and paste in your next reply.
  • Note: Both logs can be found in the MBAR folder.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#6
Yes,the virus is removed.Thanks again Smile

#7
Solved - Thread Closed
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.