Jump to content

Mess

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrC, it has not come back so far! Let's close this topic. In case it has come back, I will send you a DM. Thank you very much for your help and expertise!! Realy glad my laptop is clean again !
  2. Please see the attached log files. The coin-miner is not active now ! Will see if it stays away. Fixlog.txt
  3. Please see the attached log files. RKreport0_D_06192013_081103.txt RKreport0_S_06192013_080839.txt FRST.txt
  4. Updated RK to the latest x64 version, that's alright I hope?
  5. See the attached file. I've not yet run RK. RKreport16_S_06172013_02d1939.txt
  6. Unfortunately the coin-miner is not gone! The WindowsLogonS folder is back again. Do you have a suggestion?
  7. It seems okay now! Let's wait a couple of hours and see if it says away.
  8. Hi MrC! I didn't know ComboFix didn't run on W8. I installed it because I saw another topic where it was advised (that was of course before I started this topic). I've run the FRST tool and it came up with the attached log file. It says it requires a manual reboot, so I will do that now. I tried to stop the coin-miner process (2x: shell.exe and macromedia.exe), this window came up: Will reboot now.. Fixlog.txt
  9. Please see the attached txt files. FRST.txt Addition.txt
  10. I can not delete all the files, these are left: Is there a way to remove them? Maybe in Safe mode, or with a program?
  11. I would say this whole WindowsLogonS folder is dubious:
  12. shell.exe: https://www.virustotal.com/nl/file/e6cf011c84faae7ccb22a2f2ac4cd50e612b8d054baa1013aa1a958aeb1cf659/analysis/1371307952/ macromedia.exe: https://www.virustotal.com/nl/file/e6cf011c84faae7ccb22a2f2ac4cd50e612b8d054baa1013aa1a958aeb1cf659/analysis/1371307897/ I can't upload hwxtesuug.exe, it says it is being used. There was 1 other file in the same directory, xsytzecrn.exe: https://www.virustotal.com/nl/file/4e566e395d5a443d2fab59c0b71ca0cf4ec93fcb2fa01948cf8a2141ecc5cae4/analysis/1371308101/ usft_ext.exe.vbs: https://www.virustotal.com/nl/file/8bb3b016db91f3090da3769ca0d0c1e09bd01be86a869f320606f0f37c4a34d0/analysis/1371308095/
  13. It found two threats and neutralized them. See attached log. Coin-miner still active in Taskmanager. cureit.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.