Jrrj15
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Jrrj15
-
-
It removed Trojan:Win32/Ircbrute
-
Should I send you the encrypted files?
-
Do you know where I can find one? Im looking for one right now
-
Ok so I did the scan it found 1 malicious item called:
Trojan:Win32/ircbrute do I delete it?
-
-
I could not find C:\Users\JR\AppData\Local\Temp\flashapp.exe
But after I deleted the other one Windows Defend popped up and said it discovered Flashapp.exe so did Windows Defender delete it automatically?
The rootkit said no malicious files found.
-
-
These are the logs from the scan:
RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : JR [Admin rights]Mode : Scan -- Date : 09/16/2013 18:48:05| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Adobe Flash Player v10 (C:\Users\JR\AppData\Local\Temp\flashapp.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : Sairdwjapzacniyl.exe ("C:\Users\JR\AppData\Roaming\Sairdwjapzacniyl.exe" [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3838697379-3348231133-1508603935-1002\[...]\Run : Adobe Flash Player v10 (C:\Users\JR\AppData\Local\Temp\flashapp.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3838697379-3348231133-1508603935-1002\[...]\Run : Sairdwjapzacniyl.exe ("C:\Users\JR\AppData\Roaming\Sairdwjapzacniyl.exe" [-]) -> FOUND[DNS] HKLM\[...]\CCSet\[...]\{2AA24863-DDCC-488C-994E-F58898902720} : NameServer (69.197.169.9,192.95.16.109) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{2AA24863-DDCC-488C-994E-F58898902720} : NameServer (69.197.169.9,192.95.16.109) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++--- User ---[MBR] 3846bd0260d5f51c03f8e21c2924e283[bSP] dc3335843f8b1bf80a7f1a9be4672653 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: Hitachi HTS727575A9E364 +++++--- User ---[MBR] 452f1063821a9da017b29dc4281a65ae[bSP] daf0f34305b3c3b6c4c987776e6a77c5 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_09162013_184805.txt >> -
So heres what happened. Someone on my skype friends list sent me a link and a message saying "When was the last time you saw this picture? [Link] :D"
So when I asked him what it was since hes an idiot and doesn't realize that its a pretty big deal he told me to click it and download it. So (I know its mostly my fault) I clicked it like an idiot that I am because I didnt realize that this kind of stuff happened on skype.
So basically I asked my other friend who's really good with computer and he said it was a botnet (I dont really know much about this stuff). And he told me to download Malwarebytes. Malwarebytes keeps telling me its blocking a potentially malicious website and the site is 94.76.244.133 and this message pops up like every 2 minutes.
Anyone know how to fix this? Thanks in advanced.
Skype virus/botnet (Not 100% sure im a computer noob)
in Resolved Malware Removal Logs
Posted
The program you told me to use doesnt seem to be working. I put it on my desktop and I followed all the instructions you gave but it doesnt seem to be scanning anything the scan only takes like 30 seconds and nothing pops up in the scanned area.