Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Problems with ramsomware help  (Read 7238 times)

0 Members and 1 Guest are viewing this topic.

Londoncab

    Topic Starter


    Newbie

    • Experience: Experienced
    • OS: Windows 7
    Problems with ramsomware help
    « on: February 10, 2014, 07:36:57 AM »
    I download some software and when i ran it, it popped up a message "Your system has been blocked" and it asks me to do something to unlock it, like if i have to pay to unlock it but i can't, so i downloaded the anti-virus and ran' em, here are their logs

    Malware Bytes anti Malware:

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.09.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Administrador :: WILLIAM-PC [administrator]

    Protection: Enabled

    10/02/2014 11:38:34
    mbam-log-2014-02-10 (11-38-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246689
    Time elapsed: 21 minute(s), 51 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1188 -> Delete on reboot.
    C:\ProgramData\House Of Soft\GS.Enabler\GS.Enabler.exe (PUP.Optional.MultiPlug.A) -> 1940 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 13
    HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1824435291 (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\do-searchSoftware (PUP.Optional.DoSearch.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Data: C:\ProgramData\WPM\wprotectmanager.exe -service -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.DoSearch.A) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1386097941&from=smt&uid=ST3750640NS_5QD2TNFYXXXX5QD2TNFY) Good: (iexplore.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/web/?type=ds&ts=1386097941&from=smt&uid=ST3750640NS_5QD2TNFYXXXX5QD2TNFY&q={searchTerms}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Quarantined and repaired successfully.

    Folders Detected: 2
    C:\Users\William\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.

    Files Detected: 27
    C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Delete on reboot.
    C:\ProgramData\House Of Soft\GS.Enabler\GS.Enabler.exe (PUP.Optional.MultiPlug.A) -> Delete on reboot.
    C:\Users\William\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
    C:\Users\William\Desktop\165-DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-1951184886-2967497289-119817121-1000\$RQO02FS.exe (PUP.Optional.Tarma) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\setup.exe (Riskware.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\smt_do-search_201311131701.exe (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\fullpackage_temp\Baofeng.exe (PUP.Optional.NationZoom.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\fullpackage_temp\package1.zip (PUP.Optional.NationZoom.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\MircosoftStudio\Baofeng.exe (PUP.Optional.NationZoom.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\MircosoftStudio\NewGdp.exe (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\Temp\MircosoftStudio\package1.zip (PUP.Optional.NationZoom.A) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\DAEMON Tools Lite (1).exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\DAEMON Tools Lite.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\Fraps.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\FreeMahjongGamesSetup-d5LsHSR.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\SoftonicDownloader_para_java-se-development-kit.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\Starbound_U7_Angry_Koala_by_Bhuito_Complete (1).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\Starbound_U7_Angry_Koala_by_Bhuito_Complete.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
    C:\Users\William\Downloads\wow64 windows 7__3516_i337853956_il2319868.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.

    (end)

    Ok, the following one is AdwCleaner log.

    # AdwCleaner v3.018 - Relatório criado 10/02/2014 às 12:14:38
    # Atualizado 28/01/2014 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuário : Administrador - WILLIAM-PC
    # Executando de : C:\Users\Administrador\Downloads\adwcleaner.exe
    # Opção : Examinar

    ***** [ Serviços ] *****


    ***** [ Arquivos / Pastas ] *****

    Pasta Encontrado C:\Users\Administrador\AppData\Local\torch
    Pasta Encontrado C:\Users\William\AppData\Local\SwvUpdater
    Pasta Encontrado C:\Users\William\AppData\Local\torch

    ***** [ Atalhos ] *****


    ***** [ Registro ] *****

    Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Google Chrome v32.0.1700.107

    [ Arquivo : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ Arquivo : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1144 octets] - [10/02/2014 12:14:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1204 octets] ##########

    And the last one is the Security Check log.

     Results of screen317's Security Check version 0.99.79 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Java 7 Update 51 
     Java SE Development Kit 7 Update 15
     Google Chrome 32.0.1700.102 
     Google Chrome 32.0.1700.107 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbamgui.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C: 
    ````````````````````End of Log``````````````````````[/u]

    That's all
    Please someone help, i can't access my PC with that message preventing me from using the task-bar or any other kind of program like task manager!!! :(
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Problems with ramsomware help
    « Reply #1 on: February 10, 2014, 12:14:13 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message
    ********************************************
    Could you please run MBAM again to make sure everything was cleaned?
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's
    Pages: [1]   Go Up
    « previous next »