MichaelN
Honorary Members-
Posts
28 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by MichaelN
-
I have Malwarebytes Premium 3. As this should render my AVG unnecessary I am considering uninstalling it. I assume this will free up resources. Is this ill advised?
-
FYI C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}>attribA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429aA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\kwq.tmpA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\oiyg.tmpA H I C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ok.tmp I removed the Hidden attribute from the files and they showed this in dir Directory of C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 12/09/2014 06:41 PM 316,744 8afc49b02429a11/25/2014 10:45 AM 0 kwq.tmp11/26/2014 08:59 PM 0 oiyg.tmp11/20/2014 02:54 PM 0 ok.tmp The date of 11/20 is about the time I started getting problems. I removed the folder and files within. Any idea what it has been doing? What has been exposed, etc?
-
Disabled Windows Sidebar and Gadgets Downloaded and ran Zoek, This was a little weird. I couldn't download the exe but got the zip and rar. When I tried opening them in Winzip, it crashed. I got them open in WinRar but it reported "unexpected end of archive". In it was zoek.exe.com. zoek.exe.pif and zoek.exe.scr which I wasn't expecting. I ran the com as admin. I had put the script in a text file to make sure I didn't skip steps. Zoek automatically found the script and asked to run it. I wasn't expecting that either. Anyway, it rebooted then displayed the log file attached. Ran Software removal tool. It said it found nothing then reset the Chrome browser. (Note that I have to occasionally use ie too) Monitoring behavior. Nothing odd thus far. I will report back after observing for several hours. This post was posted from a different PC. zoek-results.log zoek-results.log
-
MrC, ComboFix ran successfully in safe mode, log attached. TFC ran successfully. No reboot required. Something is still trying to connect to malicious sites that at least some are being blocked. Occasionally dllhost instances are appearing and disappearing in task manager. Extra instances of explorer.exe appear in task manager and one will use up gigs of memory. Thanks for your assistance, Michael ComboFix.log