Hi Team, just wondering if you have come across the item in the Thread subject , my problems started last week when extra tabs started opening and they progressively got worse ending with the web page blocking - the one with the ransom message & the voice over.
I looked at the forum & YouTube on Brian's site and followed the advice running Malwarebytes & adware - these removed a couple of malware items. followed the instructions & reset the web browsers to default. Then this morning Malwarebytes blocked the above web page from going outward bound. Re-ran all the malware software and they say the system is clean, I spotted in the LAN setting the script box has script in it "https://no-blocked.org/wpad.dat?ba67153a7adafb2722672827d29ed5e824511669" which I cannot get rid of, the script box is unchecked. I am wondering if the two are linked.
any help would be appreciated.
Download Emsisoft Emergency Kit[/b] to your desktop.
· Please double click
EmsisoftEmergencyKit.exe this will install
Emsisoft Emergency Kit
· Next choose
Extract it will put program in
C:\EEK
· Navigate to
C:\EEK then click "
Start Emergency Kit Scanner .exe"
· Click
Yes to
User Account Control (UAC)
· Click
Yes to
Update Signature Definitions
· Now click "
Smart Scan "and select
Yes" to "
Detect Potently Unwanted Programs (PuPs) "
· Click
Delete Selected then click
View Report and save as
EEK.log.
· Click
Finish and post
EEK.log on next post..
Scan with Panda Cloud Cleaner
Please download
Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions
here.
- Install the scanner by right-click on icon and select Run as Administrator.
- It should start itself automaticaly after the installation.
- In the main console click Accept and Scan.
- This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
- At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
- Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
- A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
Please perform a scan with ESET Online Scan
§ open new browser tab
§ Click the button.
§ Click on button to download the ESET Smart Installer.
Save it to your Desktop.
o Double click on to start ESET Smart Installer.
§ Check "YES", and Tick "I accept the Terms of Use"
§ Click the button.
§ Yes to User Account Control warning.
§ Enable detection of potentially unwanted applications.
§ Click Advanced settings and select the following:
o Remove found threats
o Scan Archives
o Scan for potentially unsafe applications
o Enable Anti-Stealth technology
§ ESET will then download updates for signature database, install itself, and begin scanning your computer. Please be patient as this can take some time.
§ When the scan completes, click List of Found Threats
§ Click Export toText File, and save the file to your desktop and name it EsetLog. Include the contents of this report in your next reply.
§ Put tick in Uninstall Application on close
§ Put tick in Delete Quarantined files
§ Click the Finish button.
HitmanPro
- Please download HitmanPro.
- Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
- Click on the next button. You must agree with the terms of EULA.
- Check the box beside "No, I only want to perform a one-time scan to check this computer".
- Click on the next button.
- The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
- When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
- Click on the next button.
- Click on the "Export scan results to XML file".
- Save that file to your desktop and post in your next reply.
Along with what Compton is suggesting, Is there a restore point from last week that was created before you started having issues?
If so, try using system restore to go back to that point. If it's successful, you will still have to run the software that Compton suggested just to make sure the system is clean. By using system restore, the changes that the malware made such as the link in your LAN settings will be reset so to speak.
sorry for delay, in the process of running through the tasks set. as to restore point , I have it switched on ,but it its only giving me two from yesterday and nothing before that..
By the way a bit late I know, but running WIN10 with all updates. right off to work I go.
Are you running a server?
Or on a communal network like a workplace?
please find attached the files you asked for from
Emisoft
Eset
Hitman Pro
the panda one showed a couple of malware files old games that have been migrated from pc to pc as we have improved the system. also some broken links. I let the program clean these and that was it, could not fine the view report option you mentioned.
anyway thanks for the help to date.
(02-07-2017, 05:13 PM)GuiltySpark Wrote: [ -> ]Are you running a server?
Or on a communal network like a workplace?
no its a home PC
wpad.dat is to do with server proxies, not sure why you would be getting that.
Open up a Elevated CMD Prompt and type ipconfig /flushdns.
are files encrypted on the pc? Gen:Variant.Crypt.19 (B) was remove from system
also do you torrent stuff?
Scan with Malwarebytes' Anti-Malware
Please download
Malwarebytes Anti-Malware and save it to your desktop.
- Install the progam and select update.
- Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
- Click the Scan tab, choose Threat Scan is checked and click Scan Now.
- If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs and double-click the Scan Log.
- At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
Fix with Junkware Removal Tool
Please download
JRT by Malwarebytes and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions
here.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and let this process run uninterrupted.
- This scan can take a while, depending on your System specs.
- Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to
re-enable your previously switched off
protection software!
Please also
manually reboot your machine after this procedure.
Fix with AdwCleaner
Please download
AdwCleaner by Xplode and save the file to your desktop.
- Right-click on icon and select Run as Administrator to start the tool.
- Follow the prompts and click Scan.
- When finished, please click Clean.
- Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.