1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adware? Any Help Is Appreciated

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Ian Hutchinson, Feb 15, 2017.

  1. Ian Hutchinson

    Ian Hutchinson Private E-2

    Hey guys, HOOAH
    how we doing I am wondering what next? Ran the gambit of malware removal. Here's the logs any help much appreciated. Just ever so often malwarebytes will pop up with website blocked and weird pop ups in explorer. Computer has been blocked etc. ransomeware? GOD BLESS YOU GUYS!!!
     

    Attached Files:

  2. Ian Hutchinson

    Ian Hutchinson Private E-2

    ...and so here is some screenshots of some programs that look suspicious in programs folder
     

    Attached Files:

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it remove these items:

    ¤¤¤ Processes : 5 ¤¤¤
    [VT.Unknown] aliso.exe(1028) -- C:\Program Files (x86)\xtra\aliso.exe[-] -> Found
    [VT.Win32:Adware-gen [Adw]] FTYVN32K2.exe(1180) -- C:\Program Files\FTYVN32K2T\FTYVN32K2.exe[-] -> Found
    [VT.Win32:Adware-gen [Adw]] 9N28KHEZR.exe(2076) -- C:\Program Files\9N28KHEZRT\9N28KHEZR.exe[-] -> Found
    [Tr.Zusy] rundll32.exe(2416) -- C:\Windows\SysWOW64\rundll32.exe[7] -> Found
    [Suspicious.Path|VT.Unknown] voxdff.dll(2416) -- C:\Users\1\AppData\Local\voxdff.dll[-] -> Found

    ¤¤¤ Registry : 16 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\IM -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\IM -> Found
    [Suspicious.Path|Tr.Zusy|VT.TR/Proxy.mvssw] (X64) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | voxdff : rundll32.exe "C:\Users\1\AppData\Local\voxdff.dll",voxdff [-] -> Found
    [VT.Win32:Adware-gen [Adw]] (X64) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | jATs9vijmL : "C:\Program Files\FTYVN32K2T\FTYVN32K2.exe" [-] -> Found
    [VT.Win32:Adware-gen [Adw]] (X64) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | 1lF4crq0VN : "C:\Program Files\9N28KHEZRT\9N28KHEZR.exe" [-] -> Found
    [Suspicious.Path|Tr.Zusy|VT.TR/Proxy.mvssw] (X86) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | voxdff : rundll32.exe "C:\Users\1\AppData\Local\voxdff.dll",voxdff [-] -> Found
    [VT.Win32:Adware-gen [Adw]] (X86) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | jATs9vijmL : "C:\Program Files\FTYVN32K2T\FTYVN32K2.exe" [-] -> Found
    [VT.Win32:Adware-gen [Adw]] (X86) HKEY_USERS\S-1-5-21-1944683437-656232810-1531868174-1000\Software\Microsoft\Windows\CurrentVersion\Run | 1lF4crq0VN : "C:\Program Files\9N28KHEZRT\9N28KHEZR.exe" [-] -> Found

    Then rerun Hitman and have it remove all that it finds.

    Reboot and rescan with both RogueKiller and Hitman and attach the new logs.
     
    Ian Hutchinson likes this.
  4. Ian Hutchinson

    Ian Hutchinson Private E-2

    I cant begin to express my gratitude Tim, you have saved me so many times. Its amazing the support Majorgeeks give.
    If your ever in Tulsa come down to Tulsa Glassblowing School and take some lessons from me!
    YOU GUYS ROCK!
     
  5. Ian Hutchinson

    Ian Hutchinson Private E-2

    Quick question how do I decipher what to delete on rogue killer, I think I got em all but there are still some left? All or selective
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just rerun it and attach the log for me to see.
     
    Ian Hutchinson likes this.
  7. Ian Hutchinson

    Ian Hutchinson Private E-2

    Alrighty here we go, than you in advance!
     

    Attached Files:

  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and have it remove the one item it found. Reboot and tell me how things are running now.
     
    Ian Hutchinson likes this.
  9. Ian Hutchinson

    Ian Hutchinson Private E-2

    God Blessed Awesome! Thank You Tim! Your Awesome
     
  10. Ian Hutchinson

    Ian Hutchinson Private E-2

    Sorry got busy at work, just got home....
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
  12. Ian Hutchinson

    Ian Hutchinson Private E-2

    ok so i think everything is good, last check? Hitman come out clean....
     

    Attached Files:

    • RK3.txt
      File size:
      6.1 KB
      Views:
      4
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It's clean. You can do the final clean up now.
     
    Ian Hutchinson likes this.
  14. Ian Hutchinson

    Ian Hutchinson Private E-2

    ok last, last run and question....
    these are still there in the folders but dont show up on Rogue Killer. Why is that?
    VT.Unknown] aliso.exe(1028) -- C:\Program Files (x86)\xtra\aliso.exe[-] -> Found
    [VT.Win32:Adware-gen [Adw]] FTYVN32K2.exe(1180) -- C:\Program Files\FTYVN32K2T\FTYVN32K2.exe[-] -> Found
    [VT.Win32:Adware-gen [Adw]] 9N28KHEZR.exe(2076) -- C:\Program Files\9N28KHEZRT\9N28KHEZR.exe[-] -> Found
    [Tr.Zusy] rundll32.exe(2416) -- C:\Windows\SysWOW64\rundll32.exe[7] -> Found
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Where did they come from? Delete them.
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds