Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Task manager doesn't work and Defragmenter Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Task manager doesn't work and Defragmenter Malware

Unread postby wattsup » April 9th, 2011, 4:54 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

09/04/2011 21:53:01
mbam-log-2011-04-09 (21-53-01).txt

Scan type: Quick scan
Objects scanned: 180614
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570B576555236A098 (Malware.Trace) -> Value: SRS_IT_E8790570B576555236A098 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790774B37655523FAB91 (Malware.Trace) -> Value: SRS_IT_E8790774B37655523FAB91 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Harry\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\programdata\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\Temp\~nsu.tmp\whitesmokewriter.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Jazz\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\uninstall.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\whitesmoke registration.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery\scanquery.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\programdata\scanquery\scanquery117.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
wattsup
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 1:48 pm
Advertisement
Register to Remove

Re: Task manager doesn't work and Defragmenter Malware

Unread postby wattsup » April 9th, 2011, 5:20 pm

Files\Folders moved on Reboot...
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. C:\Users\Harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
wattsup
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 1:48 pm

Re: Task manager doesn't work and Defragmenter Malware

Unread postby Gary R » April 9th, 2011, 7:05 pm

The OTL log doesn't look as I'd expect it to look, did you run OTL before of after MBAM, and did you run it with the script I gave you to run ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Task manager doesn't work and Defragmenter Malware

Unread postby wattsup » April 9th, 2011, 7:13 pm

I did it as you instructed and it all seemed to go ok. It asked me to reboot so I did and when it came back on there was no log. So i tried to find it on my system and thought I had, obviously not. I'll have another look, do you know where it is likely to be saved?

Sorry about this.
wattsup
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 1:48 pm

Re: Task manager doesn't work and Defragmenter Malware

Unread postby wattsup » April 9th, 2011, 7:31 pm

I have just noticed however, that Task Manager is now working. I hadn't thought to check but you've certainly done something right as it seems to be working perfectly.

If you think that there are more problems to be sorted I will more than happily continue with this as you clearly know whats best.

I would however like to stop and say a huge thank you for the help you've given me so far.
wattsup
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 1:48 pm

Re: Task manager doesn't work and Defragmenter Malware

Unread postby Gary R » April 10th, 2011, 1:23 am

MBAM reset your Task Manager, which is strange since I'd scripted it to be reset using OTL, so it shouldn't have needed re-setting. It's because of this and some other things that I'd like to see what OTL actually did.

You'll find the log created by OTL in C:\_OTL\Moved Files it is of the form MMDDYYYY_HHMMSS.log (where MDYHMS represent the date and time it was created).

Please post it for me.

I'd also like you to run an online scan for me please.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Task manager doesn't work and Defragmenter Malware

Unread postby wattsup » April 10th, 2011, 4:37 am

Thats what I thought the log was and its the one I posted earlier,


Files\Folders moved on Reboot...
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. C:\Users\Harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

There is nothing else in that file at all and I've searched my system for anything similar and there is nothing.
wattsup
Regular Member
 
Posts: 16
Joined: April 7th, 2011, 1:48 pm

Re: Task manager doesn't work and Defragmenter Malware

Unread postby Gary R » April 10th, 2011, 7:53 am

OK, just run the E-Set scan as I asked in my last post and post me the log please.

Also can you run a new scan with OTL using the instructions below please ....

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • E-Set log
  • New OTL.txt
  • New Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Task manager doesn't work and Defragmenter Malware

Unread postby Gary R » April 13th, 2011, 5:37 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware