Murofet Malware

This virus hasn't really been seen since 2010. But let's run a few other things.

Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.


Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Well, so far I am not finding any malware. Have ADWCleaner remove what it found.

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

You have Zemana installed, so please run it and attach its log.

 

Nothing there. Hang out for a while and see if you get any notices from you ISP. You did do what I asked you to do in post #4?

 

Good. Guess all we can do at this time is wait and see.

 

You are welcome. Let's leave everything as is until we are sure we can clean up.

 

I think they are wrong....but....

eSet Online Scan.

 

I'd be interested to know what scanner they are using.

 

Download OTL to your desktop.

Double-click OTL.exe to start the program.

• Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

Code:

:processes
:killallprocesses
:files
C:\Users\v\Desktop\COPY HD 500\Dell laptop copy\Users\EDITINGUNIT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\775a696b-350ebb83
C:\Users\v\Desktop\COPY HD 500\Dell laptop copy\Users\EDITINGUNIT\Downloads\Office 2010 toolkit by_moncho6994.rar
C:\Users\v\Downloads\ADOBE\ox\crackadobe.rar   
C:\Users\v\Downloads\Adobe cc\Adobe CC 2015 + Patch Gametime Gameplays.zip       
C:\Windows\Installer\1611bd.msi       
C:\Windows\Installer\MSIA1D9.tmp   
C:\AdwCleaner\quarantine\v1\20180417.223355\1\Downloaded Installers\{06E0CADE-89B2-4EFD-B0AF-0DDCE4400E70}\setup.msi#7B238CD47778005F

:commands
[PURITY]
[EMPTYTEMP]
[REBOOT]

• Then click the Run Fix button at the top.
• Click the OK button.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.

 

Well, let's see if that satisfies them.

Warning about cracked software Cracked Software.

 

There was a trojan associated with one of the files. However, you can't go by malware "names"...as I said earlier, that malware hasn't really been seen for a long time. It is more likely that the cracked software is to blame.

 

Let's do one more online scan:

Using BitDefender Online Scan.

 

No...sorry. Apparently they have taken down their online scanning.

http://support.f-secure.com/enu/home/ols3.shtml#

Run their online scanner.

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

 

You just need to click on their online scanner...it will download ( choose desktop ) and then click it to run.

 

It's ok.....back to waiting.

 

Question .... are you connecting thru a router supplied by Rogers?

 

Any update?

 

Thanks....keep me informed.