Saving Hijacked Sister

MamaLoca · Oct 17, 2018

My sister has been having trouble with her laptop and asked me to take a look see. It gave an error message on startup about Conduit and decided to head straight over here. I've followed the Read Me First thread and am including my results. I restarted just before posting here and did not get the error message.

Thank you for any help you can provide.
MamaLoca

dr.moriarty · Oct 17, 2018

Please remove all detections found in the AdwCleaner, HitmanPro, and RogueKiller logs. Then re-run each application and attach the updated logs to your next reply.

MamaLoca · Oct 19, 2018

Hello dr.moriarty I ran the scans and cleaned as you advised. I wasn't sure so I re-ran all the programs and saved the log files.
Things seem better, I will use for a while and see.
Thank you for your help

MamaLoca · Oct 19, 2018

The computer seems to be working better

dr.moriarty · Oct 19, 2018

You're welcome.
That's looking alot better. I would like for you to run the below before I give you the "All Clear" -

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press the Scan button.

It will make a log (FRST.txt) in the same directory the tool is run from.

The first time the tool is run, it also makes another log (Addition.txt).

Upload both logfiles to your next reply.

MamaLoca · Oct 19, 2018

Here you are.

dr.moriarty · Oct 19, 2018

Your logs look good! If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Win 7/8/10 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Win 7/8/10, do the below:

Refer to the instructions for your Windows version in this link: Disable And Enable System Restore

For Windows 8/8.1/10 system restore see this link: Win 8 System Restore - How to enable/disable

What we want you to do is to first disable System Restore to flush restore points some of which could be infected.

Then we want you to Enable System Restore to create a new clean Restore Point.

After doing the above, you should work through the below link:

How to Protect yourself from malware!

Safe surfing!

MamaLoca · Oct 19, 2018

Thank you very much for all of your help.

Cheers!

dr.moriarty · Oct 19, 2018

You're welcome.

Log in or Sign up

Saving Hijacked Sister

MamaLoca Private E-2

Attached Files:

MGlogs.zip

AdwCleaner[S00].txt

HitmanPro_20181017_1035.log

Malwarebytes.txt

RKiller.txt

dr.moriarty Malware Super Sleuth Staff Member

MamaLoca Private E-2

Attached Files:

AdwCleaner[S02].txt

HitmanPro_20181019_1048.log

Malewarebytes.txt

MGlogs.zip

rk_9BDC.txt

MamaLoca Private E-2

dr.moriarty Malware Super Sleuth Staff Member

MamaLoca Private E-2

Attached Files:

Addition.txt

FRST64.txt

dr.moriarty Malware Super Sleuth Staff Member

MamaLoca Private E-2

dr.moriarty Malware Super Sleuth Staff Member