Poweliks Trojan Help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by helpmeplease2, Aug 19, 2016.

  1. helpmeplease2

    helpmeplease2 Private E-2

    Hello. My mother called and said her laptop occasionally launched windows asking for her to update Adobe Flash. I went over and updated Flash and anything else I could think to update. A few days later it did it again. I picked up her laptop and played with it for a couple days. I had zero issues. She had taken a screen shot of one of the requests so I got into her Internet History to try to determine what she was doing at that time and day. I did not see these kind of specifics but noticed a lot of History she would not have visited. I downloaded and ran Hitman Pro. It detected the Poweliks Trojan. I went to Symantec and ran the fix. It did not resolve it. I came to MajorGeeks and followed all the Read and Run directions. I am not sure if she still has the Trojan. I have attached the logs. Thank you in advance, April
     

    Attached Files:

    helpmeplease2, Aug 19, 2016
    #1
  2. helpmeplease2

    helpmeplease2 Private E-2

    Sorry, here is the system information.
     

    Attached Files:

    helpmeplease2, Aug 19, 2016
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, helpmeplease2

    Please upload the Hitman Pro log.
     
    dr.moriarty, Aug 19, 2016
    #3
    helpmeplease2 likes this.
  4. helpmeplease2

    helpmeplease2 Private E-2

    Ok. The second time I ran it, following the site instructions, it did not find anything. I will attach the log it created before being instructed by MajorGeeks to run it. I apologize In advance I did not know to uncheck Netcookies at that point.
     

    Attached Files:

    helpmeplease2, Aug 19, 2016
    #4
  5. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Your logs look good.

    How's the pc running?
     
    dr.moriarty, Aug 19, 2016
    #5
    helpmeplease2 likes this.
  6. helpmeplease2

    helpmeplease2 Private E-2

    Well, It seems fine. It has seemed fine all the time I have had it. If it wasn't for the "History" I would not have suspected anything was wrong. I just checked the History and see this in history "jslbeacon.ligit.com." I did not go there nor click a link to there nor see a pop up. When I clicked on a game link to launch in WildTangent games for HP, (which I use on my laptop too without issues but she never uses), Malwarebytes popped up a message that I was being blocked from something malicious.My game play experience went on as usual. I think it said a malicious site but it happened so fast I did not catch it. I looked in Malwarebytes and saw 2 logs which I have attached. Also, just to be sure of my thoughts, I would like to ask if anytime a popup from anywhere may be blocked by any program, it may leave a footprint in the History? Malware bytes is the only program that still saw something when I ran as per Majorgeeks forum instructions. Should I run it again?
     

    Attached Files:

    helpmeplease2, Aug 20, 2016
    #6
  7. helpmeplease2

    helpmeplease2 Private E-2

    Oh, I see I have 4 items in quarantine in Malwarebytes and its set to run again at 2:44am.
     
    helpmeplease2, Aug 20, 2016
    #7
  8. helpmeplease2

    helpmeplease2 Private E-2

    Attached screenshot
     

    Attached Files:

    helpmeplease2, Aug 20, 2016
    #8
  9. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    There's no need to run Malwarebytes' again. The WildTangent Games are bundled with HP products and some malware programs flag them. This has been the case for years. The following partial quote shows the vendor's statement of their software's activity, which some anti-malware programs and pc users object to:

    re: http://www.2-spyware.com/remove-wildtangent.html
    The choice to remove the games is yours.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
    3. If running Vista, Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Go to add/remove programs and uninstall HijackThis.
    5. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. If you are running Win 7/8/10, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    7. After doing the above, you should work through the below link:
    Safe surfing! [​IMG]
     
    dr.moriarty, Aug 20, 2016
    #9
    helpmeplease2 likes this.
  10. helpmeplease2

    helpmeplease2 Private E-2

    Thank you so Much! You guys ROCK!
     
    helpmeplease2, Aug 20, 2016
    #10
  11. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You are welcome.
     
    dr.moriarty, Aug 20, 2016
    #11
    helpmeplease2 likes this.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds