narlo56
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by narlo56
-
-
DDS & ATTACH files included.
Windows 7 x64
Malwarebytes (latest installed)
McAfee (latest installed)
Neither one caught the problem.
I only have access to the system now in Safe Mode as it appears my profile is infected.
This is a business laptop.
-
Well the post is gone now and I can't see the options. But I would like a free option.
-
would you please, if you have time, help me remove this vicious malware/trojan/virus. Malwarebytes didn't stop it and nothing I've done so far seems to work. My profile has been infected but I have access to SAFE Mode via an admin login.
Windows 7 64Bit
-
I want to attempt to clean this computer. I am fully aware that the experts recommend reformatting and reinstalling the OS, but I really don't have that option at this point in time because I work remotely and the infected laptop is a corporate machine.
-
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mlevine [Admin rights]
Mode : Scan -- Date : 09/17/2012 11:48:00
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc]
[sUSP PATH] ciscod.exe -- C:\Users\mlevine\AppData\Local\Cisco\Cisco HostScan\bin\ciscod.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][bLACKLIST DLL] HKLM\[...]\Run : nkbcir ("C:\Windows\System32\rundll32.exe" "C:\Users\mlevine\AppData\Roaming\nkbcir.dll",FromReadWriteObject) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.60.0.15:80) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
64.46.36.178 www.google-analytics.com.
64.46.36.178 ad-emea.doubleclick.net.
64.46.36.178 www.statcounter.com.
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD PM810 2.5" 7mm 128GB ATA Device +++++
--- User ---
[MBR] acea7cec790a4f0bad980e02d2cc5bee
[bSP] 6e10b56411ce35bb11a4e92f91b14a33 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122003 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Malwarebytes Pro version 1.65.0.1400 build date 09/07/2012 5:04:41 PM
Symptoms:
- Cannot enable malicious website blocking
- cannot VPN into my company - they've check and the issue is my laptop
System
Windows 7 Enterprise x64
8GB Ram
119 GB SSD hard drive
Thank you in advance for helping diagnose and correct the issues.
Mike
- Cannot enable malicious website blocking
New FBI Virus/Malware/Trojan
in Resolved Malware Removal Logs
Posted
I've run Rogue Killer (latest version) and it did not detect any issues.