Jump to content

cdhar

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by cdhar

  1. I'm all set now. Thank you very much. Also, an FYI for anyone who reads this... The Java version 8 installers, both 32 and 64 bit, detect old versions and offer to uninstall them. Do not believe them. I double checked via CCleaner and found the old Java 7 still present and I had to uninstall it with CCleaner. The installer did remove the older Java version 6. Thanks again MrCharlie
  2. Thank you very much for providing such a fast solution!

  3. Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! ThreatTrack Security VIPRE Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java 6 Update 37 Adobe Flash Player 15.0.0.189 Adobe Reader 10.1.12 Adobe Reader out of Date! Mozilla Firefox (Firefox,. Firefox out of Date! Google Chrome 37.0.2062.124 Google Chrome 38.0.2125.104 Google Chrome DECRYPT_INSTRUCTION.HTML.. Google Chrome DECRYPT_INSTRUCTION.TXT.. Google Chrome INSTALL_TOR.URL.. ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  4. Fixlog attached. (And thanks once more for all the help.) Fixlog.txt
  5. https://www.virustotal.com/en/file/13b372bda8db5a659362063805e1b27d1f3ca87cbc463a0e9e39f3acf253104b/analysis/ Note that I copied the file to a thumb drive and scanned it from my PC because the other PC is still sitting in Safe Mode without networking. When I copied it, I got a message that the file had attributes which could not be copied.
  6. One file named: ae8951d.exe size 273k last mod yesterday at 4:45 PM, which is about the time Vipre reported blocking a new virus
  7. Ran ComboFix and it appears to have removed Powelik. Log.txt attached. log.txt
  8. Thanks for the quick response. Will update with ComboFix.txt once it finishes.
  9. Hi, This is Henry. Wife's PC started having problems on 10/21. Vipre AV detected Trojan.Win32.Generic!BT a few times and quarantined. On 10/22 I looked into that and found removal instructions on Malwaretips.com, so followed those, running: TDSSKiller, Rkill, Malwarebytes, Hitman, Emsisoft, ADWcleaner, and JRT as the blog entry instructed (in Safe mode with Networking to get updates). After everything seemed to get cleaned up, rebooted in normal mode, and Malwarebytes started blocking dllhost attempting to contact fff5ee.com and various IPs. Apparently one got through undetected by Malwarebytes and Vipre blocked it. Cleaned up again this morning with Malwarebytes scan, then ran FRST. Transferred logs to this comp (mine - I've got USB Vaccination on) and have attached them below. I did a quick look through these logs and Addition.txt does mention a possible powelik rootkit. Sigh. Thanks in advance for any help. - Henry FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.