Malware removal

Started by MAD4Music, November 22, 2017, 03:38:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MAD4Music

Hello, I recently did an anti virus scan and found malware on my computer, I promptly got rid of it but there is a file in my Local AppData section of my computer called scobnag and one of my Anti Virus, Avast! detected a file in the folder called scobnag.exe  as win32 malware-gen. I did multiple other virus scans after this and they all come up saying my laptop is clear but everytime I boot up my laptop Avast catches this file and says it puts it in the virus chest which I then open and it has nothing in it. I have tried deleting it but it is locked by an administer, which i am on this laptop. I guess I dont fully know what is going on but Im just dont want to have to worry about it. Here are the 3 logs that were asked for:

Here is the AdwCleaner Log

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 22 22:29:34 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-21-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: SwagButton -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########








Here is the log for Malwarebytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/22/17
Scan Time: 8:28 PM
Log File: 7bf4af98-cfd4-11e7-80a5-7c67a2696d55.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3324
License: Trial

-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: LAPTOP-IKM77PG0\michi

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373941
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)




And here is the log for Security Check

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Avast Antivirus       
Kaspersky Anti-Virus   
Windows Defender       
Malwarebytes           
AVG Antivirus         
Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Google Chrome (62.0.3202.94)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Kaspersky Lab Kaspersky Anti-Virus 18.0.0 avp.exe 
Kaspersky Lab Kaspersky Anti-Virus 18.0.0 avpui.exe 
AVG Antivirus AVGUI.exe 
Malwarebytes Anti-Malware mbamtray.exe 
Windows Defender MSASCuiL.exe   
system32 AvastSvc.exe -?-   
AVAST Software Avast AvastUI.exe 
system32 AvastUI.exe -?-   
Kaspersky Lab Kaspersky Secure Connection 2.0 ksde.exe 
Kaspersky Lab Kaspersky Secure Connection 2.0 ksdeui.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]


MAD4Music

Here is a picture of the files in my Local AppData Folder

[attachment deleted by admin to conserve space]

MAD4Music

And the rest of the folders

[attachment deleted by admin to conserve space]

MAD4Music

Ive also tried to destroy these files with like file destroyer before coming here and nothing worked

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You have multiple AV's active on your computer which is a no-no. Windows 10 comes with its own AV called Windows Defender. All other AV's should be disabled/uninstalled.
You should be able to delete those files with Unlocker but I don't feel that is necessary.
You should run AdwCleaner again and select Clean.


You can download and install Unlocker[/URL] .Make sure you decline any free offers so they won't get loaded on your computer.
******************************************************
ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   

    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   

    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   


    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   


    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
Windows 8 and Windows 10 dual boot with two SSD's