Malwarebytes Wont Install Help Please.....malware Present

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wllz63, Oct 3, 2017.

Page 2 of 2
  1. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you follow method two to install MBAM? Did you follow the instructions precisely?
     
    TimW, Oct 6, 2017
    #51
  2. wllz63

    wllz63 Private E-2

    ok its not doing anything still stuck on the anaylse line... do we stop it and rerun it?
     
    wllz63, Oct 6, 2017
    #52
  3. wllz63

    wllz63 Private E-2

    this is from safe mode mgtool log
     

    Attached Files:

    wllz63, Oct 7, 2017
    #53
  4. wllz63

    wllz63 Private E-2

    ok method 1 we were able to install both programs. we clicked on malwarebytes and it installed. same for mgtool. went to safe mode. went to run malwarebytes and it would do nothing... open up task manager and there would be 3 process of malwarebytes and it wouldnt open. would manually have to close the process. so went to the mgtools got that to run and sent the log. in the mean time saw your message on the post about were we following instruction to the "t". so we went back and redid step 2 copied files and then started in safemode... still couldnot get mbam to execute. so at this point not sure what to do. in task manager setup we found gplyra in the startup. so disabled that for now. let me know ill be up early hope to get the fixed.
     
    wllz63, Oct 7, 2017
    #54
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please go to add/remove programs and uninstall:
    s5m
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.
    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.
    Code:
    :Processes
explorer.exe
:Services
SecurityHealthService
gplyra
:files
C:\WINDOWS\tasks\JaSZgvLfgwdeDbT.job
C:\WINDOWS\tasks\jJKowXmxzIFxIuj.job
C:\WINDOWS\system32\tasks\efUEhcuJwHYJuW
C:\WINDOWS\system32\tasks\IBUpd2
C:\WINDOWS\system32\tasks\JaSZgvLfgwdeDbT
C:\WINDOWS\system32\tasks\JaSZgvLfgwdeDbT2
C:\WINDOWS\system32\tasks\jJKowXmxzIFxIuj
C:\WINDOWS\system32\tasks\jJKowXmxzIFxIuj2
C:\WINDOWS\system32\tasks\LSjUFtTofwjkxN
C:\WINDOWS\system32\tasks\System HealerPeriod
C:\WINDOWS\system32\tasks\System HealerStartUp
C:\WINDOWS\system32\tasks\SystemHealer Monitor
C:\WINDOWS\system32\tasks\SystemHealer Run Delay
C:\WINDOWS\system32\tasks\SystemHealer Task
C:\WINDOWS\system32\tasks\{0F7E0F47-7E7E-087D-0911-08080E78110A}
C:\WINDOWS\system32\tasks\{1CE17C39-93FF-48DF-B339-BA10EB4F2E22}
C:\Users\Annette\AppData\Roaming\76cce9c4cc3e4891afe412379a9cc833
C:\Users\Annette\AppData\Roaming\et
C:\Users\Annette\AppData\Roaming\excdir
C:\Users\Annette\AppData\Roaming\gplyra
C:\Users\Annette\AppData\Roaming\inkscape
C:\Users\Annette\Desktop\HitmanPro_20171003_1647.log
C:\Users\Annette\Desktop\HitmanPro_20171003_2256.log
C:\Users\Annette\Desktop\HitmanPro_20171003_2325.log
C:\Users\Annette\Desktop\HitmanPro_20171003_2349.log
C:\Users\Annette\Desktop\HitmanPro_20171004_1832.log
C:\Users\Annette\Desktop\HitmanPro_20171004_2012.log
C:\Users\Annette\Desktop\HitmanPro_20171004_2117.log
C:\Users\Annette\Desktop\HitmanPro_20171005_1945.log
C:\Users\Annette\Desktop\HitmanPro_20171005_2140.log
C:\ProgramData\1506974420
C:\ProgramData\2d6223c0-3db1-0
C:\ProgramData\2d6223c0-3f85-1
C:\ProgramData\326e133250304cdd9018b2994e03314c
C:\ProgramData\937bf904-08a3-0
C:\ProgramData\937bf904-3a75-1
C:\ProgramData\DP45977C.lfl
C:\ProgramData\hgf.3dew
C:\Program Files (x86)\AvMVIUoBwtUn
C:\Program Files (x86)\CKCpTyVyQIE
C:\Program Files (x86)\TQoarIXzU
C:\Program Files (x86)\s5
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp
C:\WINDOWS\SysNative\drivers\56fd6c7e5abb46787c3cc26a520bd3af.sys
C:\WINDOWS\TEMP
C:\Users\Annette\AppData\Local\Temp
:Commands
[purity]
[ResetHosts]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.
    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7,or Win8 don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).
    Rerun Hitman.

    Then attach the below logs:
    C:\MGlogs.zip
    Hitman log
    OTM log
     
    TimW, Oct 7, 2017
    #55
  6. wllz63

    wllz63 Private E-2

    here is the otm logs.
     

    Attached Files:

    wllz63, Oct 7, 2017
    #56
  7. wllz63

    wllz63 Private E-2

    here is everything.... let me know
     

    Attached Files:

    wllz63, Oct 7, 2017
    #57
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your latest logs indicate that you did not uninstall s5m!

    Your HJT log also indicates that you did not fix:
    O4 - HKLM\..\Run: [booster] "C:\Users\Annette\AppData\Local\PCBooster\booster.exe" -o pool.supportxmr.com:5555 --user=49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C --pass=WORKER64 --keepalive --background --donate-level=1

    Download OTCby Old Timer and save it to your Desktop.

    Double-click OTL.exe to start the program.
    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code
    Code:
    :processes
:killallprocesses
:otl
O4 - HKLM\..\Run: [booster] "C:\Users\Annette\AppData\Local\PCBooster\booster.exe" -o pool.supportxmr.com:5555 --user=49YfoE2xWHG1vywX2xTV8XZzBzB1E2QHEF9GtzPKSPRdK5TEkxXGRxVdAq8LwbA2Pz7jNQ9gYBxeFPHcqiiqaGJM2QyW64C --pass=WORKER64 --keepalive --background --donate-level=1
:services
gplyra
excdir
et
:files
C:\Users\Annette\AppData\Roaming\et
C:\Users\Annette\AppData\Roaming\excdir
C:\Users\Annette\AppData\Roaming\gplyra
C:\Users\Annette\AppData\Roaming\inkscape
C:\ProgramData\1506974420
C:\ProgramData\2d6223c0-3db1-0
C:\ProgramData\2d6223c0-3f85-1
C:\ProgramData\326e133250304cdd9018b2994e03314c
C:\ProgramData\937bf904-08a3-0
C:\ProgramData\937bf904-3a75-1
C:\ProgramData\hgf.3dew
C:\Program Files (x86)\AvMVIUoBwtUn
C:\Program Files (x86)\CKCpTyVyQIE
C:\Program Files (x86)\ICBaloCIDxXU2
C:\Program Files (x86)\s5
C:\Program Files (x86)\TQoarIXzU
C:\WINDOWS\SysNative\drivers\56fd6c7e5abb46787c3cc26a520bd3af.sys
C:\Users\Annette\AppData\Local\PCBooster
C:\WINDOWS\tasks\JaSZgvLfgwdeDbT.job
C:\WINDOWS\tasks\jJKowXmxzIFxIuj.job
C:\WINDOWS\system32\tasks\efUEhcuJwHYJuW
C:\WINDOWS\system32\tasks\JaSZgvLfgwdeDbT
C:\WINDOWS\system32\tasks\JaSZgvLfgwdeDbT2
C:\WINDOWS\system32\tasks\jJKowXmxzIFxIuj
C:\WINDOWS\system32\tasks\jJKowXmxzIFxIuj2
C:\WINDOWS\system32\tasks\LSjUFtTofwjkxN
C:\WINDOWS\system32\tasks\System HealerPeriod
C:\WINDOWS\system32\tasks\System HealerStartUp
C:\WINDOWS\system32\tasks\SystemHealer Monitor
C:\WINDOWS\system32\tasks\SystemHealer Run Delay
C:\WINDOWS\system32\tasks\SystemHealer Task
C:\WINDOWS\system32\tasks\{0F7E0F47-7E7E-087D-0911-08080E78110A}
C:\WINDOWS\system32\tasks\{1CE17C39-93FF-48DF-B339-BA10EB4F2E22}
C:\Program Files\Reimage
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
C:\ProgramData\Reimage Protector
C:\rei
C:\Users\Annette\AppData\Local\Mindspark_Interactive_Net\EliteUnzip.exe_StrongName_gzmrfrrkrve1wghp1nel3iobez4nojnd
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
C:\Windows\Reimage.ini
C:\Windows\System32\Tasks\ReimageUpdater
C:\Windows\System32\Tasks\System HealerPeriod
C:\Windows\System32\Tasks\System HealerStartUp
C:\Windows\System32\Tasks\SystemHealer Monitor
C:\Windows\System32\Tasks\SystemHealer Run Delay
:reg
[-HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL]
[-HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}]
[-HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}]
[-HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
[-HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
[-HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1]
[-HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine]
[-HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKLM\SOFTWARE\Classes\WOW6432Node\AppID\REI_AxControl.DLL]
[-HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}]
[-HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
[-HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
[-HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor]
[-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair]
[-HKLM\SOFTWARE\Reimage]
[-HKLM\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.mindspark.eliteunzip_aa]
[-HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\EliteUnzip_RASAPI32]
[-HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\EliteUnzip_RASMANCS]
[-HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe]
[-HKLM\SYSTEM\ControlSet001\Services\ReimageRealTimeProtector]
[-HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector]
[-HKU\S-1-5-21-3730457624-2241265431-985006982-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.]
[-HKU\S-1-5-21-3730457624-2241265431-985006982-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKU\S-1-5-21-3730457624-2241265431-985006982-1001\Software\Reimag]

:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

    Download TFC by OldTimer to your desktop.
    Double-click TFC.exe to run it.

    Right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.



      • Click the Start button to begin the cleaning process.
      • Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
      • Please let TFC run uninterrupted until it is finished.
    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista ,Win7 or Win8, Win10, don't double click, use right click and select Run As Administrator).

    It might be helpful if you would open task manager and get me a screen shot of the processes tab.
     
    Last edited: Oct 7, 2017
    TimW, Oct 7, 2017
    #58
  9. wllz63

    wllz63 Private E-2

    ok will get right to it... and as for the s5m my wife sat right here and we both say it delete... and as for the hjl file u wanted me to fix, it was not a file.lime.that there were 4 -04 hklm lines and 2 were hklm and not the line u sent to me...
     
    wllz63, Oct 7, 2017
    #59
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Oct 7, 2017
    #60
  11. wllz63

    wllz63 Private E-2

    very frustrating.... i go to a web page i get to the otc download, it ask open/save I click the arrow to save as and the only option i have is to save as a .txt file, so i go to the link you sent and it opens the page and same results. so what the heck do i do know. it is getting the best of me...
     
    wllz63, Oct 7, 2017
    #61
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Click open. You do not get an option to run?
     
    TimW, Oct 7, 2017
    #62
  13. wllz63

    wllz63 Private E-2

    ok i got the link to install but after it was done there was a crap load of stuff ,norton poped up and then a blue screen poped said restart in 10 seconds
     
    wllz63, Oct 7, 2017
    #63
  14. wllz63

    wllz63 Private E-2

    ran unhackme finally. found 2 malware but wouldnt fix them. everything else it found it fixed. one file was lsdihpc.exe
     
    wllz63, Oct 7, 2017
    #64
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you get me the requested logs?
     
    TimW, Oct 7, 2017
    #65
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Where you able to run the fix in OTL??? Please give me as much information as possible about what is happening.
     
    TimW, Oct 7, 2017
    #66
  17. wllz63

    wllz63 Private E-2

    ok was able to finally get to install OTL and TFC. Ran Otl and have attached the log. I could not get Tfc to install no matter what I tried. wasnt given the app is blocked. just wouldnt open whether I double clicked on it or right click and run as admin. it wont let me copy processes in notepad, i saved it as a jpg and attached it
     

    Attached Files:

    wllz63, Oct 7, 2017
    #67
  18. wllz63

    wllz63 Private E-2

    here are all the screen shots from task manager
     

    Attached Files:

    wllz63, Oct 7, 2017
    #68
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The screen shots are too small to read. Could you attach the OTL log as well as a new MGLogs.zip?

    And see if you can run:

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista,Seven,Eight or 10, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
     
    TimW, Oct 7, 2017
    #69
  20. wllz63

    wllz63 Private E-2

    ok sorry some things I can get to work some I cant and its not helping you... I will try to download programs and my web pages will freeze. or I cant get the dowloads to download... so then I have to reboot and by the time I get to one of your request the computer does the same thing.... freeze up or wont let me run programs.... As you can see I have attached the OTL log as well as the MGtools log, I was able to get both of those to run this morning.... I downloaded junkware removal tool and after I send you these logs I will run that.
    I am having an issue also with the windows button it will not open when I click it, cannot use the quick search or microsoft edge.... it did this a few days ago then went back to normal now it is at it again.
    The unhackme program that you had me run is down in the taskbar flashing that I have 5 malicious entries, I am also gpoing to run it and send what info I can to you in the next hour..
     

    Attached Files:

    wllz63, Oct 8, 2017
    #70
  21. wllz63

    wllz63 Private E-2

    ok went back after sending you the logs and ran unhackme... found 2malware that it will not fix: c:\users\annette\appdata\local\vdizcxs\lsdihpc.exe and coakishsvc.exe those are the same ones day after day that are in the taskmanager processes and cant not be removed or stoped.... My wife had installed norton and mcafee before we had even contacted for help... I can not get them to open nor can I get them to shutdown. so when I got to run the junkfile removal tool you wanted me to do it wont open, not sure if those 2 programs are holding me up.... I will wait to hear back from you on what to do.
     
    wllz63, Oct 8, 2017
    #71
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click OTL.exe to start the program.
    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code
    Code:
    :processes
vdizcxs
coakishsvc
:killallprocesses
:otl
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
:services
lsdihpc
coakishsvc
vdizcxs
:files
C:\Program Files (x86)\McAfee
C:\Program Files (x86)\Norton Security
C:\Program Files (x86)\NortonInstaller
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan
C:\ProgramData\NortonInstaller
C:\ProgramData\Norton
C:\ProgramData\McAfee Security Scan
C:\ProgramData\McAfee
C:\Users\Annette\AppData\Roaming\Spy Emergency
c:\users\annette\appdata\local\vdizcxs\lsdihpc.exe
c:\users\annette\appdata\local\vdizcxs\coakishsvc.exe
C:\Users\Annette\AppData\Local\vdizcxs\vdizcxs.exe
C:\Users\Annette\AppData\Local\vdizcxs\lsdihpc.exe
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"="C:\\Program Files\\NETGATE\\Spy Emergency\\SpyEmergency.exe"=-

[-HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\RunOnce\ApprovedByRegRun2\AntiRepl]
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista ,Win7 or Win8, Win10, don't double click, use right click and select Run As Administrator).
    The last OTL log you attached was empty, but MGLogs shows the removal. Attach the new MGLog.zip.
    Now see if you can run JRT. And also rerun Unhackme.
     
    Last edited: Oct 8, 2017
    TimW, Oct 8, 2017
    #72
  23. wllz63

    wllz63 Private E-2

    here is the otl log
     

    Attached Files:

    wllz63, Oct 8, 2017
    #73
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That looks hopeful. Please get me the new MGLogs.zip and tell me if Unhackme is still reporting issues.
     
    TimW, Oct 8, 2017
    #74
  25. wllz63

    wllz63 Private E-2

    trying to get the mglogs but the darn thing is hung up or something... i have just been letting it do its thing but its been doing it for 15 minutes....stuck at "64 bit windows os found the operation completed successfully". thats like a minute into it and now its been 15 min and hasnt gone any futher
     
    wllz63, Oct 8, 2017
    #75
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Right click start, run,
    and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.
    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
     
    TimW, Oct 8, 2017
    #76
  27. wllz63

    wllz63 Private E-2

    I was able to run mgtools finally.... log attached. I did run unhackme an it found those same 2 files but this time it cleaned everything up and so far since has not notified me of any issues coming back...... can not get JRT to run. am going to run what you just sent me entered first line
    cd \mgtools and it changed to c:\mgtools
    then did getrunkey and it says access is denied
    tried shownew and it says access is denied
     

    Attached Files:

    wllz63, Oct 8, 2017
    #77
  28. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Those files are still showing in HJT.

    Please do the following:

    Right click start, run and type in cmd. When the command prompt opens:
    copy/paste the following command into the box and press OK:

    cmd /c del /F C:\Users\Annette\AppData\Local\vdizcxs\vdizcxs.exe

    A blank command window will open on your desktop, then close in a minute or two. This is normal.

    Now do the same for:

    cmd /c del /F C:\Users\Annette\AppData\Local\vdizcxs\lsdihpc.exe

    Then rerun Unhackme and tell me if they are still being reported.

    Also, after the above, try to run this:
    http://www.majorgeeks.com/files/details/clamav.html
     
    Last edited: Oct 8, 2017
    TimW, Oct 8, 2017
    #78
  29. wllz63

    wllz63 Private E-2

    well tried both cmd lines and both say access denied
     
    wllz63, Oct 8, 2017
    #79
  30. wllz63

    wllz63 Private E-2

    clamav will download but will not install.
     
    wllz63, Oct 8, 2017
    #80
  31. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am afraid we will have to reset your PC> Please right click on the start menu, click on settings. When that pane opens ... at the bottom right will be update and security. Click on that and on the left side will be recovery. Click on that and you will have the option to keep your files and folders.
     
    TimW, Oct 8, 2017
    #81
  32. wllz63

    wllz63 Private E-2

    ok before I do that do I have to save everything... or will that option to sace files and folders keep all her pictures and files for her scrapbooking?
     
    wllz63, Oct 8, 2017
    #82
  33. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, it should. But try this first: Right click the start menu and choose file explorer. When that opens, click on this pc. Then click on your C: drive and in the address bar, click it and it should change to a C: prompt. Copy in this file:
    C:\Users\Annette\AppData\Local\vdizcxs\vdizcxs.exe

    If it finds it, right click and choose properties then security. You should see a box where you can click on your user name and give yourself full permissions.

    Try that and let me know how you get on.
     
    TimW, Oct 8, 2017
    #83
  34. wllz63

    wllz63 Private E-2

    nope when I paste it in and hit enter it says access denied. when I go and fint the folder and try to open it it says access denied
     
    wllz63, Oct 8, 2017
    #84
  35. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I was afraid of that. Your only choice now is a reset. Sorry.
     
    TimW, Oct 8, 2017
    #85
  36. wllz63

    wllz63 Private E-2

    I'm not worried about resetting as long as those files are saved then it's not a big deal
     
    wllz63, Oct 8, 2017
    #86
  37. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are worried about your files and pictures...transfer them to the flash drive first.
     
    TimW, Oct 8, 2017
    #87
  38. wllz63

    wllz63 Private E-2

    we are going to move everything tonight ... then ill do a full restore. ill let you know when its done... probably tomorrow sometime. And I want to thank you for your hard work. my wife would like to send you something if you would let us.
     
    wllz63, Oct 8, 2017
    #88
  39. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome. I am sorry we couldn't clean out the malware. I have never encountered a virus this pervasive. There is no need to send me anything. We do it to try to help people.

    Do let me know how you get on.
     
    TimW, Oct 8, 2017
    #89
  40. wllz63

    wllz63 Private E-2

    Hi Tim, first off thanks for all your help.. I'm Annette, Steve's Wife. I wonder if you can help with something. I think some of our problem is that Cortana is missing from the pc. I had NO permissions for anything at all. I was able to finally run windows troubleshooter on many things tonight after figuring out how to give back some permissions ... I followed major geeks help about reinstalling cortana, with this in registery: Get-AppXPackage -Name Microsoft.Windows.Cortana | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)AppXManifest.xml} but it says something like ap not installed. I'm lost .. I cannot do a recovery or reset (restore) on the pc. It does nothing when I try. I cannot use the search or get to shut down or any of that on here unless I use the Windows X combinations. thank you
     
    wllz63, Oct 9, 2017
    #90
  41. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you reboot, do you see a small circle with a line in it at the bottom of the screen? If you press the shift key and click on that ... what happens? Do you get Troubleshooting? If so, can you click on that to get to reset?
     

    Attached Files:

    Last edited: Oct 9, 2017
    TimW, Oct 9, 2017
    #91
  42. wllz63

    wllz63 Private E-2


    if you are talking a little "power" circle..I "barely" get to see it. I tried, 4 times clicking it as you described, I see shut down and two other options, doesn't look like "troubleshooting" is one of the options, idk...it is here and gone IN A FLASH of an eye. I do see "Reg Run Partizan" when i reboot (and it says something else but that's gone superfast also).. not sure if I should be seeing that. I'm about ready to throw this pc out the window :)
     
    wllz63, Oct 9, 2017
    #92
  43. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am going to give you a link on how to reinstall Windows 10. But you will have to download the installation media to a clean computer and transfer it to a USB drive. Then you will need to access your computers bios by hitting F2 as soon as it starts to boot up. Once in the bios, you will have to change the boot order to USB first device. Then plug in the USB drive and reboot. Follow the instructions> this will remove everything....so make sure you have saved your files and pics to a flash drive to transfer later. ( Just click on installation media to reinstall Win10)

    https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options
     
    TimW, Oct 9, 2017
    #93
  44. wllz63

    wllz63 Private E-2

    ok, thank you.. I did read that website but it was 4am, I will do that today and or later and let you know how things go. thank you again Annette
     
    wllz63, Oct 9, 2017
    #94
  45. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem....do let me know. :)
     
    TimW, Oct 9, 2017
    #95
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds