Hello.so i have found a rootkit called Medlight.exe and i can't seem to remove.It infected my web browser and its redirecting me to a different home page and i can't change it.One of the files was located at : "file:///C:/ProgramData/Medlights/snp.sc" which I was able to remove,but i cannot remove the Medlight.exe from "file:///C:/ProgramData/Medlight".It also says that some files are also infected,but i saw other people complaining about medlight.I am trying some of the programs that Britec uses,and no luck.I haven't seen a video that he made about it (if he did please tell me),if not please help me through the forum.Thank you.
Scan with AdwCleaner
Please download
AdwCleaner by Xplode and save the file to your desktop.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and click Scan.
- Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
Please include the contents of that file in your reply
Scan with Malwarebytes' Anti-Malware
Please download
Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam and select update.
- Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
HitmanPro[/color][/font][/size][/color][/b]
- Please download HitmanPro.
- Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
- Click on the next button. You must agree with the terms of EULA.
- Check the box beside "No, I only want to perform a one-time scan to check this computer".
- Click on the next button.
- The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
- When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
- Click on the next button.
- Click on the "Export scan results to XML file".
- Save that file to your desktop and post in your next reply
Please perform a scan with ESET Online Scan
§ open new browser tab
§ Click the button.
§ Click on button to download the ESET Smart Installer.
Save it to your Desktop.
o Double click on to start ESET Smart Installer.
§ Check "YES", and Tick "I accept the Terms of Use"
§ Click the button.
§ Yes to User Account Control warning.
§ Enable detection of potentially unwanted applications.
§ Click Advanced settings and select the following:
o Remove found threats
o Scan Archives
o Scan for potentially unsafe applications
o Enable Anti-Stealth technology
§ ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.
§ When the scan completes, click List of Found Threats
§ Click Export toText File, and save the file to your desktop and name it EsetLog. Include the contents of this report in your next reply.
§ Put tick in Uninstall Application on close
§ Put tick in Delete Quarantined files
§ Click the Finish button.
Fix with Junkware Removal Tool
Please download JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and let this process run uninterrupted.
- This scan can take a while, depending on your System specs.
- Upon completion, a log (JRT.txt) will open on your desktop.
- Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
Update:I tried Malware bytes,aswMBR and RogueKiller but they didn't work.Hitmanpro 3 worked and deleted the two files.I highly recommend the program and i thank Britec for letting me know about it.Thanks for the quick reply.
so the virus is now remove ?
Yes,the virus is removed.Thanks again