Jump to content

Ratrec

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Samoa, California, USA
  1. My record was on my friend's computer in June 2012. He had a total of 2,493 infections, most of which were PUMs and those annoying Trojan.Agent.** infections. For some reason, his went away with a single scan, now, mine won't go away at all. I've heard higher records from some of my friends, but most I found implausible, like 11,000+.
  2. This has also started happening. The IP it was trying to access is in Brazil. Please help, I have been getting no replies and I need this resolved ASAP.
  3. Also, I found this weird autorun.inf in the root C:\ folder. [AutoRun];JRmsE;yFHE ahvLoqWQkguXvomdbHfaFeivcJGNsheLl\opeN\DEfault=1;opEn =qhia.exe ;SHeLl\opEN\cOmmand= qhia.exe;vGmdnsHell\eXpLore\CommAnD=qhia.exe ;sheLl\AUtoplAy\CoMmAnd= qhia.exe Since I know autorun.inf is sensitive, should I delete this? Or what?
  4. Please help. I really need to get this resolved as it's also infected my other HDD.
  5. Sorry for the very late reply. Here's my rkill log: Possibly Patched Files. * C:\Windows\Explorer.EXE Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * BFE (BFE) is not Running. Startup Type set to: Manual * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * MpsSvc [Missing Service] * iphlpsvc [Missing ImagePath] * SharedAccess [Missing ImagePath] * BFE => . [incorrect ImagePath] Searching for Missing Digital Signatures: * C:\Windows\System32\UxTheme.dll : 332,288 : 05/20/2012 09:03 AM : 8bf20c54ffb37cfb960f708ffa813fa7 [NoSig] +-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 08:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 08:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl] * C:\Windows\explorer.exe : 2,388,992 : 02/25/2011 01:19 AM : c9d975c050d804ad315c7e22d7679a5d [NoSig] +-> C:\Windows\SysWOW64\explorer.exe : 2,616,320 : 02/25/2011 00:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2,872,320 : 11/20/2010 10:24 PM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/25/2011 01:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/26/2011 01:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2,616,320 : 11/20/2010 10:24 PM : 40d777b7a95e00593eb1568c68514493 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/25/2011 00:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/26/2011 00:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 05/24/2014 04:50:56 PMExecution time: 0 hours(s), 0 minute(s), and 56 seconds(s)
  6. Ever since March, I've noticed some of my processes (normal processes for the most part) that don't normally use a lot of CPU have been using 25% CPU usage and the ones that do use 25% + their normal usage, making gaming difficult. I ran a Malwarebytes scan and it found a C:\qhia.exe, marked as Trojan.Malpack.Gen and a few files in %temp% with file names that are 4-letter randomness or something started with 'win' and then a random series of letters and numbers. It's really annoying, and so I followed the instructions in the original 'I'm infected' thread and my Farbar log is attached. Anything anyone can suggest that could be helpful to my situation?FRST.txt
  7. Over the past week or so, I noticed that these weird processes starting with 'win' were using an abnormally high amount of CPU for a random process (exactly 25%) so I just ended them. I found that they are located in %temp%, so I thought I may just be able to delete them. Not quite... they're open in something. I also noticed that their filesizes are different, but now I can't seem to get them to appear, I can't show it at the moment. After about 3 days of it, I noticed it did something new. Now, it started making other processes use 25%, like Skype, or Chromium (basically, what Google took Chrome off of). This was really annoying. So, I downloaded Sysinternal's Process Explorer, and found that these mysterious CPU-hogging processes were running under the process trees of my programs. About that time, I decided to run Malwarebytes's Anti-Rootkit, as the normal anti-malware seemed to not detect them. Sure enough, the anti-rootkit found the processes. I jumped in joy and restarted my computer. That joy was short-lived, as now the processes seem to be using 25% for no apparent reason, but at least those weird 'win' processes are sparse. Process Explorer by Sysinternals no longer detects those mysterious processes under the process trees of the normal programs. So, anything I can do now? I really hate this high CPU usage, and I would like to know how to solve this annoying issue. Thanks, Ratrec
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.