Jump to content

Rizaldus

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

355 profile views
  1. Thank you! I've attached the files you've requested below. I'll just enumerate just in case you get confused with my naming (sorry about that.): You might notice some pirated software in the first scan logs, but they are no more in the latest scans as my friend asked me to remove them. Malwarebytes_3.txt FRST_latest.txt Addition_latest.txt AdwCleaner[S03].txt Malwarebytes_FIRST_Detection.txt AdwCleaner[C00].txt
  2. Sorry about the double-post, but I don't see any "edit" option available. I'm currently in 800 x 600 as my Nvidia drivers are completely wiped from DDU, and it could be that I'm just having a hard time seeing this. If anyone needed logs, I am very much glad to resend as I have almost all of the logs from before. And I was also re-reading few posts regarding this issue as well saying that they found the solution in redistributable files, do you guys think it would be plausible? Or would you guys know how to check?
  3. Hello everyone, I was planning to post this topic a few days before hand. But took a while before I got an email from Malwarebytes for a new account registration and remembered I had this old account. 🙂 Recently I was hit with a Bitcoin Mining virus that masked itself as NVidia, didn't do much damage as it was handled as soon as it hit me. A friend of tried to help me with ridding the virus from my PC as a final shot before I reformat the PC. We've been successful so far, but the only thing left is when this all began. The first symptoms of the virus I noticed was that, everytime I went on Task Manager, it would close whenever I clicked on "More details." Mind you it is completely functional in the less detailed version, but as soon as I hit "More details." It stops and then closes. My computer is shown as clean from all different sorts of programs such as Malwarebytes, Malwarebytes Anti-Rootkit, Roguekiller, Spybot, and we've already analyzed with FRST. Going so far to use DDU to uninstall my NVidia drivers completely. Which worked! When this all happened, the virus made a separate "hidden folder" in "C:/ProgramData" called "Nvidia Corporation." After DDU, it is gone completely and no traces of it from any scans. But the only thing left is the Task Manager. I'm not sure what else to do.. Any help is appreciated. :)
  4. So I've plugged in the External HDD, I disabled autorun before I plugged it in although I have this feeling that the rootkit has already latched onto my pc. Here is the GMER log(Scan for External HDD): GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-10-06 13:45:00Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465.76GBRunning: 00jz3806.exe; Driver: C:\Users\ANGEL&~1\AppData\Local\Temp\kxldrkob.sys---- System - GMER 2.1 ----SSDT 91A539AE ZwCreateSectionSSDT 91A539B8 ZwRequestWaitReplyPortSSDT 91A539B3 ZwSetContextThreadSSDT 91A539BD ZwSetSecurityObjectSSDT 91A539C2 ZwSystemDebugControlSSDT 91A5394F ZwTerminateProcess---- Kernel code sections - GMER 2.1 ----.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A45339 1 Byte [06].text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A85EEC 4 Bytes [AE, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A86248 4 Bytes [B8, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A8628C 4 Bytes [B3, 39, A5, 91] {MOV BL, 0x39; MOVSD ; XCHG ECX, EAX}.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A86308 4 Bytes [BD, 39, A5, 91].text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A8635C 4 Bytes [C2, 39, A5, 91] {RET 0xa539; XCHG ECX, EAX}.text ... ---- User code sections - GMER 2.1 ----.text C:\Program Files\Garena Plus\ggdllhost.exe[2740] ntdll.dll!DbgUserBreakPoint 76EC40EC 1 Byte [C3].text C:\Program Files\Garena Plus\ggdllhost.exe[2740] ntdll.dll!DbgBreakPoint 76EC40F0 1 Byte [C3]---- EOF - GMER 2.1 ----Avira Anti-Rootkit Log(Scan for PC): aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST SoftwareRun date: 2014-10-05 07:50:21-----------------------------07:50:21.370 OS Version: Windows 6.1.7601 Service Pack 107:50:21.370 Number of processors: 2 586 0x6B0207:50:21.373 ComputerName: FAMILYCOMPUTER UserName: PC07:50:23.084 Initialize success07:50:23.154 VM: initialized successfully07:50:23.176 VM: Amd CPU virtualization not supported 07:52:03.244 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-507:52:03.247 Disk 0 Vendor: WDC_WD5000AAKX-22ERMA0 17.01H17 Size: 476940MB BusType: 1107:52:03.463 Disk 0 MBR read successfully07:52:03.466 Disk 0 MBR scan07:52:03.469 Disk 0 Windows 7 default MBR code07:52:03.474 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 204807:52:03.479 Disk 0 Boot: NTFS code=107:52:03.485 Disk 0 scanning sectors +97677107207:52:03.552 Disk 0 scanning C:\Windows\system32\drivers07:52:13.509 Service scanning07:52:27.898 Service MEMSWEEP2 C:\Windows\system32\534D.tmp **HIDDEN**07:52:52.045 Modules scanning07:53:28.176 Disk 0 trace - called modules:07:53:28.210 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 07:53:28.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ff798]07:53:28.231 3 CLASSPNP.SYS[8839f59e] -> nt!IofCallDriver -> [0x85012c10]07:53:28.248 5 ACPI.sys[87dae3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x8507c908]07:53:28.255 Scan finished successfully07:57:38.137 Disk 0 MBR has been saved successfully to "C:\Users\PC\Documents\MBR.dat"07:57:38.148 The log file has been saved successfully to "C:\Users\PC\Documents\aswMBR.txt"
  5. So a few months ago I stumbled upon a rootkit which was annoying, and made the computer unbearable to use! I accidentally plugged both my iPhone and External Hard Disk to move some files. Now I know that my External Hard Disk is now infected, but I have some valuable items like photos that I have backed up. Is there a way to clean up/remove the rootkit from the Hard Disk without also infecting my PC? Also, is my iPhone infected with rootkit too?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.