marcusironfist
Members-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by marcusironfist
-
Still the same. Still showing Explorer.exe with a 2nd entry in Task Manager, growing as high as 2.5gig of ram used, and still seeing the mbam pop-up warnings of blocked website access. I can understand the idea of advertisements being displayed while the ad-supported application is in use, but for explorer.exe to be accessing websites when no apps are open (beyond the system apps residing in the toolbar beside the clock) does not make any sense at all. At this point, I'm ready to just kill the Windows 7 completely and reformat with a copy of Linux (which I prefer to use on my other machines I've had over the years). I never had anything like this happen while running XP either.
-
Well, that reset trick had a partial effect: after rebooting, I still have the 2nd explorer.exe showing in task manager, but it doesn't grow as fast (or as "fat" in memory usage) as before. And I still see websites appearing in the IE history that I did not visit. Also, for some reason the mbam protection icon is no longer showing on the task bar, and when I click to run the main app, it never opens.
-
Here is the fixlog. Fixlog.txt Just so we are on the same page, what you had seen in those previous logs (I took a moment to explore the contents of both log files after uploading them, while waiting for your reply) is that utorrent had an entry in the system's registry for two of the user accounts on the machine. At no time during the course of this process, nor more recently than the preceding week, has the utorrent app actively been running, and it was definitely never running while any of the requested scans were being processed. Also, the other night I completely uninstalled utorrent and peerblock in order to keep them from being an issue in further discussions. That being said, I still get the constant pop-up notices from mbam protection and constant entries in the Internet Explorer history list for pages I have not opened myself.
-
I do not get involved in piracy. I use the peerblock program solely to block unwanted advertisement and suspected malware sites from being accessed during browsing. My children have used this machine in the past and it has been helpful in keeping them from seeing or clicking on sites not appropriate for their ages. The only time i use torrents is when i am downloading a new linux dvd image, as it is faster than waiting for a download from a web page.
-
Here is the protection log. mbam_protection_log_20141127.txt Oddly enough, the hijack, whatever it is, seems to be directly linked to the wireless network driver. Everytime I disable the driver, the problem disappears. Everytime I enable the driver, even if I don't have the wireless connected to the router yet, the hijack goes crazy trying to connect to sites.
-
Ok, I just got home from work. I am using my phone to enter this reply while my laptop is temporarily network nullified. Based on my minor discovery right before i left for work (lack of internet connection puts the "beast" affecting my machine to sleep), I am rerunning the FRST test then the combofix test with all network adapters in disabled mode, keeping the computer internet free (and hopefully unhindered) for the duration of the testings.
-
Unfortunately, the laptop I am using did not come with a master restore disk, instead the manufacturer used a restore partition method (the drive is sectioned as 3 partitions, the main boot, one for the restore data, and one with "tools"). I am worried that the restore patition may be infected as well. One thing I noticed right after posting those logs was that turning off the network connection to the router (and therefore all internet access), the process of explorer.exe that was so bloated actually reduces down to almost no activity or memory usage.
-
Here is the log. Fixlog.txt As I was posting this reply, my screen went black several times, and task manager again shows explorer.exe at 2.7 gig of ram in use. Additionally, between the time I posted the logs from the re-run of FRST (around 12:15am my time) and the time I woke up this morning (around 9:30am my time), my internet explorer history list had several hundred entries for sites I did not visit myself...
-
I've been having a lot of trouble with my laptop recently, in particular I have been seeing an entry of explorer.exe in Task Manager that uses more than 2gig of ram on a 4gig machine (see image posted at http://imagebin.ca/v/1hvsujNzvIQz ). After searching for info (an old friend always said "Google is your friend when you have questions"), I came across the Bleeping Computer website and ran the rkill app, which reported no findings. However, when I installed and ran MBAM, what started as a list of 52 items exploded into 847 by the time the heuristic scan completed. I have attached the xml version of the scan log since the log viewer function would not allow me to export the report as a normal text file. mbam-log-2014-11-24 (23-08-40).xml Since the completion of that major scan, I am getting pop-up notices regarding several ip addresses attempting to be contacted by explorer.exe (5.149.250.194, 193.169.244.219, and 195.42.102.24). mbam_protection_log_20141125.txt After reading some other posts from this forum, I have already run scans with TDSSKiller: TDSSKiller.3.0.0.41_24.11.2014_23.55.34_log.txt (run without loaded modules option) TDSSKiller.3.0.0.41_25.11.2014_00.05.08_log.txt (run with loaded modules option) And also with FRST64: FRST.txt Addition.txt Any assistance you can provide would be much appreciated.