Help please. Malware won't let me install malwarebytes and internet isnt working now.

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Work your way thru what you can of the below:

READ & RUN ME FIRST - Malware Removal Guide

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bsdriver -> Found
• [PUP|VT.PUP.Optional.Shopperz.BrwsrFlsh] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cherimoya (system32\drivers\cherimoya.sys) -> Found
• [PUP|VT.PUP.Optional.ModGoog] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc) -> Found
• [PUP|VT.PUP.Optional.ModGoog] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc) -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdriver -> Found
• [PUP|VT.PUP.Optional.Shopperz.BrwsrFlsh] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cherimoya (system32\drivers\cherimoya.sys) -> Found
• [PUP|VT.PUP.Optional.ModGoog] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc) -> Found
• [PUP|VT.PUP.Optional.ModGoog] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc) -> Found
• [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\SmartPurple\SmartPurple64.dll [x] -> Found
• [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\SmartPurple\SmartPurple32.dll [x] -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for these entries on the file tab please...

• [PUP][File] C:\Windows\System32\drivers\bsdriver.sys -> Found
• [PUP][Folder] C:\Program Files (x86)\globalUpdate -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Are you able to run any of the other tools in the Read and Run Me First now?

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Run RogueKiller again (just a scan) and attach log. Let me see what remains.

Were you able to run MGTools.exe?

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Do this if you can:

Please download Combofix to your desktop. Please refer to these instructions prior to running.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

SystemLook

Please download SystemLook from one of the links below appropriate for your operating system and save it to your Desktop.
Download 32 Bit
Download 64 Bit

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  dnsapi.dll

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: Make sure you download the correct version for your PC. Only the correct version will work.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.


Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Also at this point, I want to double check the status of things by having you run another scan with FRST like in my last message and attach the new FRST.txt and Addition.txt logs.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Don't forget this part:

Also perform a fresh scan (scan only) with Hitman and attach the new log.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

And once more, re run RogueKiller, scan only, and attach log.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Run Systemlook again like you did before in post#10 and attach log. FRST is still reporting the file missing yet I replaced it....

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bsdriver -> Found
• [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdriver -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for this one on files tab....

• [PUP][File] C:\Windows\System32\drivers\bsdriver.sys -> Found

When it is finished, there will be a log on your desktop.
Attach it to your next message. (How to attach)





Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Windows\System32\drivers\bsdriver.sys
C:\Windows\system32\Drivers\cherimoya.sys
C:\PROGRA~1\SHOPPE~1\Lalhiqm.ba

:reg
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bsdriver]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdriver]
:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



NOTE: This script was written specifically for this user for use on this particular computer. Running this on another machine may cause damage to your operating system.


Download Fixlist.txt

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Then attach the below logs:

Fixlog.txt


Run a scan with FRST like you did in post#12 and attach the new FRST.txt
Run a new scan with RogueKiller - attch that log too please.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Grr, it's stubborn!! Continue on with the other steps....

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

I have to go to sleep soon. I am asking colleagues for assistance with this. In the mean time:


Delete any RogueKiller logs or fixlists's/fixlogs etc that may be cluttering your desktop.

Follow as much of this self help guide as you possibly can, skipping any steps that do not work (remember you can try running Malware Bytes in safe mode if necessary)
attach any logs you were able to get, and let me know how you get on.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

I don't understand that because the first thing I did was to replace it with a fresh copy.

Follow the instructions here to run the System File Checker

https://support.microsoft.com/en-gb/kb/929833

Then see if Malware Bytes will run.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Good evening.

Did you try System File Check?

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Which ones was it not able to fix? Will Malware Bytes now run?

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

That's good news!

See the sticky thread here to see how to attach the Malware Bytes log in it's proper format.

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

Are you still with me, metalmilitia?

 

Re: Help please. Malware won't let me install malwarebytes and internet isnt working

It's not dangerous and the instructions in the READ & RUN ME and the Using MGtools instructions even warn you about issues with browsers saying this. You should have downloaded and run it and attached the log.