Britec Tech Support Forum

Hello.so i have found a rootkit called Medlight.exe and i can't seem to remove.It infected my web browser and its redirecting me to a different home page and i can't change it.One of the files was located at : "file:///C:/ProgramData/Medlights/snp.sc" which I was able to remove,but i cannot remove the Medlight.exe from "file:///C:/ProgramData/Medlight".It also says that some files are also infected,but i saw other people complaining about medlight.I am trying some of the programs that Britec uses,and no luck.I haven't seen a video that he made about it (if he did please tell me),if not please help me through the forum.Thank you.

Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
  

Please include the contents of that file in your reply




Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.
  

Save the file to your desktop and include its content in your next reply.







HitmanPro[/color][/font][/size][/color][/b]

• Please download HitmanPro.
• Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
• Click on the next button. You must agree with the terms of EULA.
• Check the box beside "No, I only want to perform a one-time scan to check this computer".
• Click on the next button.
• The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
• When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
• Click on the next button.
• Click on the "Export scan results to XML file".
• Save that file to your desktop and post in your next reply
  
  
  
  
  Please perform a scan with ESET Online Scan
  
  §  open new browser tab
  
  
  
  §  Click the  button.
  
  §  Click on   button to download the ESET Smart Installer.
  Save it to your Desktop.
  
  o    Double click on  to start ESET Smart Installer.
  
  §  Check "YES", and Tick "I accept the Terms of Use"
  
  §  Click the  button.
  
  §  Yes to User Account Control warning.
  
  §  Enable detection of potentially unwanted applications.
  
  §  Click Advanced settings and select the following:
  
  o    Remove found threats
  
  o    Scan Archives
  
  o    Scan for potentially unsafe applications
  
  o    Enable Anti-Stealth technology
  
  §  ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
  §  When the scan completes, click List of Found Threats
  
  §  Click Export toText File, and save the file to your desktop and name it EsetLog. Include the contents of this report in your next reply.
  
  §  Put tick in Uninstall Application on close
  
  §  Put tick in Delete Quarantined files
  
  §  Click the Finish button.
  
  
  
  Fix with Junkware Removal Tool
  
  Please download JRT by Malwarebytes and save the file to your desktop.
  Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  
  
  • Right-click on icon and select Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
    
• Please include the contents of that file in your reply.
  
  Do not forget to re-enable your previously switched off protection software!
  Please also manually reboot your machine after this procedure.
  

Update:I tried Malware bytes,aswMBR and RogueKiller but they didn't work.Hitmanpro 3 worked and deleted the two files.I highly recommend the program and i thank Britec for letting me know about it.Thanks for the quick reply.

so the virus is now remove ?

 Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your desktop.
• Double-click MBAR.exe to run the installer.
• Select a convenient location to extract the contents and click OK.Navigate to the location you selected.
• Double-click MBAR.exe to run the programme.
• Follow the prompts to update the programme and scan your computer.
• Upon completion, click Cleanup*and reboot your computer.
• After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
• Upon completion, two logs (mbar-log.txt and system-log.txt) will be created.*Copy the contents of both logs and paste in your next reply.
• Note: Both logs can be found in the MBAR folder.
  

Yes,the virus is removed.Thanks again

Solved - Thread Closed