Jump to content

Fatdcuk

Honorary Members
 View Profile  See their activity

  • Posts

    20,705

  • Joined

 Content Type 

Posts posted by Fatdcuk

    Infected with UAC and cant use Rootrepeal

    in Resolved Malware Removal Logs

    Posted

    Hi ya Jay,

    CLB\Alureon rootkit has now left the building according to ComboFix :)

    Just want to check for something amo so please run Rootrepeal again.

    Download Rootrepeal>>>

    http://rootrepeal.googlepages.com/

    Extract the file and run rootrepeal.exe

    Click on report tab on the bottom right of the software then press scan

    Put at check(Tick) in all box's except the 2 SSDT option's then press OK

    Place a check(Tick) in drive to be scanned(Usually you will only have to select C).

    Please save the logfile generated and copy and paste the contents of that log into your next reply.

    trojan.tdss removal help

    in Resolved Malware Removal Logs

    Posted

    Ok then lets try another angle of attack then.

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    Infected with UAC and cant use Rootrepeal

    in Resolved Malware Removal Logs

    Posted

    Hi and welcome to the MBAM forums :D

    Lets skip to plan B and see if this angle of attack works.

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    Rootrepeal is not running as it should

    in Resolved Malware Removal Logs

    Posted

    Hi ya,

    I have snipped PM advice as would be confusing :D

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    A-Squared tries to pull a quick one

    in Malwarebytes News

    Posted

    Makes you wonder what that person was thinking (or apparently not thinking).

    Is very straight forward, a2 are struggling to get their product into an already saturated market so anything goes......

    They cant establish in the core market as the big AV's have that sewn up so they are pushed out to the security forums for an entry point.

    They see our growth and success and would like to emulate it.

    MBAM is red and A2 is blue , the figures make very depressing reading for a2/Emsisoft

    http://www.google.com/trends?q=a+squared%2...=ytd&sort=1

    lol at Mr ex employee claims that a2 has a greater pressence in Germany than MBAM..google trends dose'nt agree ;)

    Judging by a series of recent events around the security boards,bogus tests by a2, F/P's against MBAM and now these PM's then they really are scraping the bottom of the barrel to get noticed.

    If they want to emulate MBAM then all they have todo is start cutting it in the realworld....shills always remind us about their stellar detection rates but their tech sucks at removing the real gnarlly stuff.

    Maybe if their dev's department spent less time hacking our technology and database and concocting crass PR campaigns to get attention then they might have more time to improve their own software :angry:

    JMHO but if a company has to resort to these kind of tactic's to get their software noticed, then really the software cant be doing a good job of selling itself in the first place.Afterall,their free version has been around for sometime now....

    A-Squared tries to pull a quick one

    in Malwarebytes News

    Posted

    Kudos for direct action, whatever it was.

    Now all the rest of the sec comm vendors need is a name so they can avoid hiring him\her. ;)

    Named and hopefully shamed!

    http://forum.emsisoft.com/Default.aspx?g=p...p;m=32702#32702

    Mike Christenson, the person responsible for the PM you quoted, is no longer part of Emsi Software GmbH. He was fired today (actually yesterday) as soon as we became aware of the mails and PMs he was sending out.

    Rootkit in Registry; unremoved

    in Resolved Malware Removal Logs

    Posted

    Hi ya and welcome to the MBAM help forums :)

    If the file UACqfwowxdapamixevdy.sys has been removed by MBAM then this is just the orphaned service key.The malware changed the permissions on the key to make it hard to remove.

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    Trojan.Agent found in Install.exe

    in Malwarebytes for Windows Support Forum

    Posted

    Hi Ktulu,

    I too have seen many times malware called setup.exe located on the Rootdrive and i believe that is why out heuristic's aggresively hit PE files located there.

    The downside being is i have seen a few cases where people have chosen to save legitimate setup.exe's to rootdrive instead of more tradition location for installers(My Documents,Desktops & Temps).

    As far as re-occuring files that we delete then they respawn then there will almost certainly be something else active that is respawning them and not a failure to delete on our behalf.

    At this point our advice being to post in our HJT help forum so an expert can help troubleshoot and remedy the issue with specialist tools :)

    http://www.malwarebytes.org/forums/index.php?showforum=7

    Overclick problem

    in Resolved Malware Removal Logs

    Posted

    Yes MBAM realtime protection module in the Pro version is designed to block what we remove.

    Looking back at your infection,it would not have got installed had our PM been guarding it :)

    That said although we have extremely high detection and removal rates unfortunetly no software can guarantee to detect all malware all the time and that is the nature of the beast today.

    What you can do is practice safe surfing habits that reduce the likelyhood of an encounter in the first place so will leave you with my clsoing canned speech but seriously there is some really useful info in there :D

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :)

    uacinit.dll Problems

    in Resolved Malware Removal Logs

    Posted

    Ok then i will lock this topic as resolved :)

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :D

    uacinit.dll Problems

    in Resolved Malware Removal Logs

    Posted

    Ok you,

    Apologies for comboFix but it coded to undo change's that certain malware infections make.

    E.G a lot of fake alert trojans will take your desktop image and replace it with a warning message that you are infected etc

    Going by memory it resets your system clock but by the whole it is not considered to be bad side effects.

    How is the computer behaving now ?

    uacinit.dll Problems

    in Resolved Malware Removal Logs

    Posted

    Thats a lot better, UAC Rootkit just got nailed :)

    Just a couple more logs to check before we can sound the all clear :)

    STEP 01

    Please visit this webpage for instructions for downloading ComboFix to your
    DESKTOP
    :

    Please ensure you read this guide carefully and install the Recovery Console first.

    NOTE!!:
    You must save and run
    ComboFix.exe
    on your DESKTOP and not from any other folder.
    Also,
    DO NOT
    click the mouse or launch any other applications while this is running or it may stall the program

    Additional links to download the tool:

    http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

    Note:
    The
    Windows Recovery Console
    will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click
      Yes
      to allow ComboFix to continue scanning for malware.

    • When the tool is finished, it will produce a report for you.

    • Please post the
      C:\ComboFix.txt
      along with a
      new HijackThis log
      so we may continue cleaning the system.

    Help! Infected & MAB crashes when trying to remove

    in Resolved Malware Removal Logs

    Posted

    Hi ya,

    That file was legitimate...I hate it when M$ dont verify their own files as this is usually the domain of malware trying to pretend to be legitimate system file but alas not the case here.

    After some heavy duty researching I cant find any malware underneath the surface with my tools.

    The HIDEC.exe process which is used to hide windows/command box's was probaly installed by one of your resident softwares.Something has corrupted this process and now i believe that is the root of the command box's opening up with browser use etc

    As to what is causing the issue's again, it might be damaged software installs, damaged OS or software conflicts.Unfortunetly i cant diagnose that across board and if the patient was in front of me i would attempt to uninstall software's and reinstall them to see if that made any difference + attempt to get OS repair install.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.