Jump to content

Xettu

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Note:I'm not an expert. Did you get anything from the Malwarebyte scan? If its getting worse to the point where you can't use your computer, you can try reinstalling windows. Not sure, hope someone with greater knowledge will help you. Hope it works out for you.
  2. Actually, I do have a concern. I learned that pum.dns is actually a trojan. Will it do anything to me?
  3. I don't have any concerns. Thank you for this attention to this matter. It was a pleasure speaking to you.
  4. Here are the logs. Thank you for helping. Also, should I uninstall Rougekiller and FRST after this? I heard programs may conflict with eachother and I have many programs right now.Addition.txt FRST.txt
  5. I wish I got MBAE sooner. It would've saved me from getting trojans. haha I have a question, can Malwarebytes detect spyware?
  6. Thank you for replying. I downloaded Malwarebytes Anti-Exploit and am liking the program so far. Should I download superantispyware? I have a lot of programs right now and hear they can conflict with eachother. Will Avast, Malwarebytes, Malwarebytes Anti-exploit, Rougekiller, and superantispyware work together?
  7. Right now, I have Avast Free, Malwarebytes Premium, and RougeKiller. Should I add any programs? I am thinking of adding Malwarebytes Anti-Exploit, and superantispyware. Are they good options?
  8. Hello Dave. Thank you for replying. I'm just really upset they hacked me. And yes, it did happen. I posted about it on a forum. Because people know my IP adress now, should I delete this post immediately? I don't want people knowing my location.
  9. Hello. Yesterday, I got infected with an IRCBot Backdoor. Malwarebytes detected it and quarantined it. To make sure, I made an account here for extra help. I downloaded RougeKiller and here's what I found. RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Richard [Administrator]Mode : Scan -- Date : 01/19/2015 19:04:46 ¤¤¤ Processes : 1 ¤¤¤[suspicious.Path] sh_installer.exe(5688) -- C:\Users\Richard\AppData\Roaming\Enigma Software Group\sh_installer.exe[x] -> Killed [TermProc] ¤¤¤ Registry : 8 ¤¤¤[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: NVIDIA JBOD 465.76G +++++--- User ---[MBR] bceca8cb81d6fc821cdea0a7a5f62c04[bSP] 6b0c872cdc523322c3eb2d9ef0633fd2 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. ) ============================================RKreport_SCN_01192015_185524.log Please tell me if there is anything dangerous. Also, the Engima Software is Spyhunter I already uninstalled it. What is really interesting is this...[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found There are IP's here.The IP 75.153.176.1 got me a location of Quebec, Canada. I am unable to find the ones starting with 192.Because of these hackers, I went through a painful day and lost $30.Should I take revenge, or are these innocent people's IP? Also, should I delete these viruses? Thank you for reading. I hope you can help me on this.
  10. Interesting, There are IP addresses there. Are they the people who hacked me?
  11. I am having trouble with downloading Farbar. My Avast keeps blocking it, saying it has Win32 Evo Gen virus. It doesn't let me open the download.
  12. Sorry for not trusting you. This is the Rougekiller log. Apparently my spyhunter installer is a virus. I will be posting the Farbar log. RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Richard [Administrator]Mode : Scan -- Date : 01/19/2015 18:55:25 ¤¤¤ Processes : 1 ¤¤¤[suspicious.Path] sh_installer.exe(5688) -- C:\Users\Richard\AppData\Roaming\Enigma Software Group\sh_installer.exe[x] -> Killed [TermProc] ¤¤¤ Registry : 8 ¤¤¤[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F19E28F5-00FD-42EC-BE4B-63F56AB56A3F} | DhcpNameServer : 192.168.1.254 75.153.176.1 [uNITED STATES (US)] -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: NVIDIA JBOD 465.76G +++++--- User ---[MBR] bceca8cb81d6fc821cdea0a7a5f62c04[bSP] 6b0c872cdc523322c3eb2d9ef0633fd2 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. )
  13. I hope I get a reply, I am losing my peace of mind from this backdoor virus.
  14. My Avast is blocking the downloads. I really don't want to lose my computer. Are these downloads trustworthy? I'm guessing this is serious by your reply. Can you tell me why it's serious? I really want to know what is happening to my computer.
  15. Yesterday I did something very stupid and clicked on a fake link. Because of that, I lost $30 worth of ingame items on steam. When I scanned with Malwarebytes, I found 3 viruses. 2 said IRCBot backdoor virus and 1 was a hijack cmd or something (look at the file). I quarantined the malware and deleted it. Is my computer safe now? Should I download Superantispyware? I have Avast and Malwarebytes right now. If my computer isn't safe, should I reinstall windows? (File name is proof because I sen't this to Valve for proof about my hijacked items.)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.