Jump to content

ryan112

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,114 profile views
  1. here is that log Results of screen317's Security Check version 0.99.49 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.3.300.270 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (14.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. Here is the log, nothing was detected. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ryan :: RYAN-PC [administrator] 8/30/2012 6:00:43 PM mbam-log-2012-08-30 (18-00-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 215902 Time elapsed: 1 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Here is the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03 Ran by SYSTEM at 2012-08-30 17:47:04 Run:1 Running from G:\ ============================================== C:\$Recycle.Bin\S-1-5-21-3712767961-524144549-1632925410-1001\$8138788db4fba314e5656480f1071709 moved successfully. ==== End of Fixlog ==== And no more antivirus popups!!!! You are a life saver!! I had a paper to write and my computer was slow and unuseable and now i can finish it! All appears to be fixed and the computer speed is back up to normal. Please PM me with a price that you think is a fair donation for your services. I really appreciate the time you have put in to help me remove this trojan.
  4. Here is the FRST log, I am kind of sceptical now on if this is in fact a zeroaccess trojan beacause the MBAM log claims the trojans to be PHEXGen6 and FakeAlert trojans. Thanks again for the help. FRST.txt
  5. Sorry for posting so many posts constantly but i just took a video of the persistent alert I have been getting. not sure if it will help but here is a link to the video:
  6. The FRST.txt file is too large to post, Can i delete any parts of it to trim the size?
  7. Heres my FRST64 results. I also want to saay thank you very much for the speedy replies, you are a life saver. I am also going to attach the results of the initial malwarebytes scan from when I first suspected the Trojan FRST.txt is too long to post (it wont allow me to post it) so it is attached search.txt: Farbar Recovery Scan Tool Version: 29-08-2012 03 Ran by SYSTEM at 2012-08-29 23:52:20 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== Initial MBAM scan log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ryan :: RYAN-PC [administrator] 8/29/2012 9:07:18 AM mbam-log-2012-08-29 (09-07-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 215120 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Data: C:\Users\Ryan\AppData\Local\{DECDE18E-DDDF-C0AF-B4C0-201193972013}\syshost.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Ryan\AppData\Local\{DECDE18E-DDDF-C0AF-B4C0-201193972013}\syshost.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully. C:\Users\Ryan\AppData\Local\Temp\623826251.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. (end)
  8. Just FYI that last post was someone else if you didn't notice, krapplejax, could you post in a new topic so our solutions don't get mixed up please? I have not yet run the next step because I'm looking for a flash drive. Thanks
  9. RogueKiller V8.0.0 [08/26/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ryan [Admin rights] Mode : Scan -- Date : 08/29/2012 14:27:27 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] d7f603ea72e3711e123f506a7e354770 [bSP] fb4624978d70e832a15a5a84fcfdc753 : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 694656 Mo 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1422862336 | Size: 20646 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  10. I suspected I had some kind of virus last night after a wierd slow-down on the web. I ran a full scan and nothing was found, however after the scan messages from my antivirus keep popping up saying that a trojan has been removed. They pop up every 5-10 seconds and have not stopped for about 12 hours now. The popup claims the trojan to be a zeroaccess trojan located in C://$Recycle.Bin\ and then there is just a nonsensical alphanumeric file name. I ran MBAM and it said that there were 3 files removed however after a restart the popup persisted. I have McAfee antivirus and 64-bit Windows 7. The Log files from dds are attached. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.