Jump to content

sparta

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. HI Malwarebytes support can some one reply pls to my issue. I had same issue few months back so this time also i did full format and re install again after this post but infection came back. after i install any software even if downloaded the file a new from internet like firefox etc. actually system stopped working at all so used a old image backup to restore windows 10 clean image on computer also formated other drivers before doing so, but as it happens in past this time again the infection came back. So when just it was working fine ran autoruns and saved the entries and ran again when it got infected on its own and save entries again, how ever it is to mentione here that other exe were not opening at all but autoruns.exe ran fine if run without admin previledges. I have made a vmware machine of the infected system which behaves in the same way. if u want i can share the autoruns before and fater the infection Or i can share the whole Vmware virtual machine if u want (Several GB) malwarebytes did not install in normal mode access denied to exe msi etc. so boot into safe mode and installed malwarebytes and ran scan but nothing was found. however normal boot mode started working after taking high cpu usage and no longer denies exe msi, i have uninstalled all extra software to make vmware machine light. but the malwarebytes does not detect anything even after update. frst and malwarebytes logs attached from vmware as system is not longer working hence using vmware on ubuntu. kindly do reply back. if some one can. regards. Addition.txt FRST.txt malwarebytes report.txt
  2. Hi i have a persistent malware infection in win10x64 (latest updates till aug 2018) i have did clean install several times (i have other drive as well that has data which was not formatted) but after working for some time infection returns usually after reboots or installing software or doing windows update etc. following happens 1)avast antivirus does not detect any thing but continously uses around 10% CPU. 2)installed malwarebytes, but some times it works other times malware protection and ransomware protection turnf off by own and do not turn back on. if i run chamleon with malwarebytes windows open, it says malwarebytes not installed and tries to install it but fails and all files are deleted from malwarebytes folder, then if i manually insall malwarebytes it installs but alfter reboots same issue. 3)bitdefender antivirus does not detect any thing. 4)comodo antivirus also does not detect any thing but uses 25% cpu. 5)Avira antivirus also does not detect anything. if computer goes to sleep or if it is restarted, then the password of computer gets changed by malware i have to reset using 3 secret questions (win10x64). 6)if malwarebytes is able to work then ok otherwise taskmanager or any other app says you dont have permissions etc. Also System tries to go udp pot 137 log copy of outpost firewall blocked logs SYSTEM OUT UDP 131.253.61.86 137 SYSTEM OUT UDP 131.253.61.82 137 SYSTEM OUT UDP 131.253.61.64 137 SYSTEM OUT UDP 13.107.4.52 137 SYSTEM OUT UDP 104.27.128.190 137 SYSTEM OUT UDP 104.20.94.33 137 SYSTEM OUT UDP 74.125.24.188 137 hence now formatted system and reinstalled win10x64 (i have other drive as well that has data which was not formatted)and installed emsisoft antimalware, it also does not detect any thing. ran Autoruns and the found detected viruses by virustotal. entries of virustotal show some files are infected but that has been detected by one antivirus company only. I copes all these files to a folder and zip them and ran analysis on virustotal https://www.virustotal.com/#/file/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9/details and hybridanalysis as well https://www.hybrid-analysis.com/sample/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9 , they said infected. uploaded on of the files to hybridanalysis.com and ran on win7x64 it also said infected. but not detected by MB. Also when the infection first started display driver told to be corrupt etc and now or then intel display componets asked for some permissions to ntoskernel etc and wifi stopped working and dns service took large CPU percentage, with only bitdefender installed at that time. so went to wifi adapter and put manual IP and dns. then it worked. however it used to work without that in past. As avast was taking high cpu and not detecting anything so renamed its folder (in safe mode) in programfiles but did not uninstall it. Also ran the aswmbr.exe avast rootkit tool earlier but it gave BSOD when trying to read xbox drivers(like xinputhid.sys shown as virus by virustotal.com (https://www.virustotal.com/#/file/682d1f32dd1bbeb031d5129ce40d9c77d3c6cf4fb5979f1918b2482af617b5be/detection) https://www.hybrid-analysis.com/sample/682d1f32dd1bbeb031d5129ce40d9c77d3c6cf4fb5979f1918b2482af617b5be) and showed for a split second that that file was locked so used ubuntu to delete all the xbox drivers thinking they might be infected, used autoruns to remove them from loading in drivers and services. (deleted xboxdrivers included as zip). it still did not run fine and gives BSOD in end. so installed malwarebytes but it got disabled by its own on reboots. So installed emsissoft but it did not detect anything. however automatic password changes stopped and malwarebytes also works everythime now guess it can not handle malware without emisoft support. Also I have many portable apps from portableapps.com but some of them work other do not at all however they can be seen in taskmanager. for those who work emsissoft saays it looks like malware but i says it to trust it only then it runs. is it normal. portable apps are on drive other than system drive. Also if i disable emsisoft malware and malwarebytes (as i did for frst scan), and then restart emsisoft then SERVICES.EXE wants access to exe's of emsissoft according to outpost firewall. and when access is granted emsisoft window open but hangs with coursor busy and no other program opens as well. so basically every window that is already open will be working but as you try to do something that program hangs as well. and i have to restart. and malwarebytes did not start even. also my firewall tells my browser want direct disk access Dr0 so i disallow it. frst scan included. do u have a rootkit scanner that can be run from usb like offline scan. Also can emsisoft be asked to report on UAC automatically if the services have been disabled. pls let me know what can be done next. regards. Addition.txt AdwCleaner[S00].txt FRST.txt Infected files.zip MB threat scan summary.txt xbox deleted files.zip
  3. Thanks for replying back let almighty heal her faster, about the issue i had one rule to allow udp for dns for svchost.exe and another rule to block all other udp connections for svchost except for dns one when i disable 2nd rule dhcp client stops high cpu usage also installed bitdefender and it detected rusy virus in windows/temp after that system is running fine. Thanks for response again.
  4. Thanks a lot for replying but computer stopped working at all had to delete every thing and install new. Installed bitdefender av and outpost firewall with custom rules. Internet works now but the dhcp service uses 50% cpu when connected to internet. if i disable the firewall dhcp usage comes down to zero. Also no dhcp cpu usage when internet is not connected. Any thoughts on this. Sorry for replying after long time as i was trying to fix pc.
  5. I have same issue as mentioned above . also now the internet only works in safe mode using ethernet not on wifi and on normal boot internet does not work on ethernet or wifi. diagnostics say wifi/etehrnet does not have valid ip configuration.Also some usoclient.exe runs in command promt for split second after logon in normal mode. have to update malwarebytes and kav in safe mode and then use in normal mode. also the frst.exe was updated in safe mode and then run scan as administrator in safe mode. pls let me know how to fix this malware or trojan whatever this is. pls give me all steps.waiting for reply. Addition.txt AdwCleaner[C0].txt AdwCleaner[S0].txt FRST.txt Malwarebytes log29092017.txt
  6. After reboot Malwarebytes did not respond nor did it run but in taskmanager it takes 50 % cpu. so reinstalled Kaspersky antivirus removed avast removed Malwarebytes and reinstalled Malwarebytes. now it runs but does not detect any thing. pls let me know further steps to fix .waiting for reply......
  7. yes I have removed Kaspersky antivirus and comodo internet security now. only avast antivirus & outpost firewall +Malwarebytes trial left. what to do next?
  8. Ho Porthos thanks for replying. yes reinstalled from the image backup of windows partition have removed those entries now have premium trial running threat scan will post log in few minutes. malwarebyteslog.txt
  9. using win 10 x64 pro. malwarebytes 3.2 it started few weeks back when i used some privacy tools from "https://fdossena.com/?p=w10debotnet/index_1703.frag" to stop win 10 privacy. then nothing happend for few days but suddenly winlogon.exe was detacted as malware unwanted by comodo internet security. Afterwards kaspersky antivirus components got demaged by own. I have the comodo firewall as well with password for settings. suddenly autostart apps failed to start except few. malwarebytes did not find anything on scan but kept using high cpu. once even malware bytes stopped running access to the folder deined etc error. so reinstalled windows. but d drive with downloads exe msi was not formattted. works ok for few days then again same isses as above. suddenly the password of comdo is reset automatically it does not ask for any password to change settings. so installed avast antivirus but it also did not detect an=thing run usb scan from bitfender it found some "Rusy" virus but wheni updated definetions and scan again it did not find any thing. internet also stopped working started network troubleshooting wizard. it said windows firewall is blocking. so installed windows firewall control and removed all the entries from firewall and disabled it using windows firewall control. still dns service and dhcp service use high cpu. disabled dns service but dhcp still uses high cpu when connecting to internet. and internet does not work. So reinstalled the windows again. now isntalled outpost firewall and made rules for svchost etc in firewall. it blocks some connections logs are as under SVCHOST.EXE OUT UDP 239.255.255.250 1900 VIVALDI.EXE OUT TCP Logan 1001 SVCHOST.EXE IN UDP 192.168.0.1 1901 N/A IN IGMP 192.168.0.1 * Block IGMP 0 36 SVCHOST.EXE OUT UDP 224.0.0.252 5355 SVCHOST.EXE OUT TCP 157.56.77.140 443 Blocked by IP Blocklist 0 0 SVCHOST.EXE OUT TCP 157.55.240.89 443 Blocked by IP Blocklist 0 0 Attack detection log is as below:- Init log session 2017/09/13 10:32:20 attack detection: enabled 2017/09/13 10:32:20 IDS level: Low Security 2017/09/13 10:54:01 IDS level: Maximum Security 2017/09/13 11:22:34 detected scan packet: 50124; packet recv TCP 74.120.8.14:443 -> 192.168.0.12:50124 (40) [ ACK ] 2017/09/13 11:22:34 Attack SINGLE_SCAN_PORT (50124) detected from 74.120.8.14 {host not blocked} [00000000] 2017/09/13 11:22:36 detected port scanning: 50124, 50131, 50123; packet recv TCP 74.120.8.14:443 -> 192.168.0.12:50123 (40) [ ACK ] 2017/09/13 11:22:36 Attack SCAN (50124, 50131, 50123) detected from 74.120.8.14 {host blocked for 5 min} [000000CB] 2017/09/13 11:22:36 Show PROTECT alert sound: C:\PROGRA~1\Agnitum\OUTPOS~1\warning.wav 2017/09/13 11:27:36 intruder 74.120.8.14 unblocked [000000CB] 2017/09/13 11:34:27 IDS level: Optimal Protection 2017/09/13 13:07:16 [~] deinit data... ------------------------------------------------------------------------------- Init log session 2017/09/13 13:09:43 attack detection: enabled 2017/09/13 13:09:43 IDS level: Optimal Protection 2017/09/13 14:00:57 detected scan packet: 49747; packet recv TCP 74.120.8.12:443 -> 192.168.0.12:49747 (40) [ ACK ] 2017/09/13 14:44:46 detected scan packet: 50124; packet recv TCP 172.217.7.3:443 -> 192.168.0.12:50124 (95) [ PSH ACK ] 2017/09/13 19:08:24 detected scan packet: 51256; packet recv TCP 172.217.10.227:443 -> 192.168.0.12:51256 (52) [ SYN ACK ] 2017/09/13 19:13:01 detected scan packet: 51313; packet recv TCP 107.167.110.216:443 -> 192.168.0.12:51313 (40) [ ACK ] 2017/09/13 19:21:07 detected scan packet: 51435; packet recv TCP 172.217.11.34:80 -> 192.168.0.12:51435 (52) [ SYN ACK ] 2017/09/13 20:12:36 detected scan packet: 51597; packet recv TCP 54.192.38.92:443 -> 192.168.0.12:51597 (71) [ PSH ACK ] 2017/09/13 20:12:39 detected scan packet: 51603; packet recv TCP 54.192.38.67:443 -> 192.168.0.12:51603 (71) [ PSH ACK ] 2017/09/13 20:12:41 detected scan packet: 51587; packet recv TCP 54.230.38.179:443 -> 192.168.0.12:51587 (71) [ PSH ACK ] 2017/09/13 20:12:55 detected port scanning: 51603, 51605, 51604, 51607, 51606, 51624, 51627; packet recv TCP 54.192.38.67:443 -> 192.168.0.12:51627 (71) [ PSH ACK ] 2017/09/13 20:12:55 Attack SCAN (51603, 51605, 51604, 51607, 51606, 51624, 51627) detected from 54.192.38.67 {host blocked for 60 min} [000002DE] 2017/09/13 20:12:55 Show PROTECT alert sound: C:\PROGRA~1\Agnitum\OUTPOS~1\warning.wav 2017/09/13 20:13:01 detected scan packet: 51615; packet recv TCP 117.18.237.29:80 -> 192.168.0.12:51615 (40) [ FIN ACK ] 2017/09/13 20:53:06 [~] deinit data... 2017/09/13 20:53:06 intruder 54.192.38.67 unblocked [000002DE] 2017/09/13 20:53:22 [~] deinit... ------------------------------------------------------------------------------- Init log session 2017/09/14 08:57:45 attack detection: enabled 2017/09/14 08:57:45 IDS level: Optimal Protection ------------------------------------------------------------------------------- Init log session 2017/09/14 09:01:51 attack detection: enabled 2017/09/14 09:01:51 IDS level: Optimal Protection 2017/09/14 10:13:41 detected scan packet: 60411; packet recv UDP 176.103.130.131:53 -> 192.168.0.12:60411 (98) 2017/09/14 10:13:41 detected scan packet: 57089; packet recv UDP 176.103.130.130:53 -> 192.168.0.12:57089 (122) 2017/09/14 12:06:19 detected scan packet: 54269; packet recv TCP 216.58.220.14:80 -> 192.168.43.221:54269 (748) [ PSH ACK ] 2017/09/14 12:06:20 detected scan packet: 54224; packet recv TCP 204.79.197.200:443 -> 192.168.43.221:54224 (40) [ RST ACK ] 2017/09/14 12:09:17 detected scan packet: 54220; packet recv TCP 62.128.100.108:443 -> 192.168.43.221:54220 (40) [ RST ACK ] 2017/09/14 12:09:18 detected scan packet: 54219; packet recv TCP 38.113.165.68:443 -> 192.168.43.221:54219 (40) [ RST ACK ] 2017/09/14 12:17:54 detected scan packet: 54447; packet recv TCP 45.33.17.126:443 -> 192.168.0.12:54447 (78) [ PSH ACK ] 2017/09/14 12:19:03 detected scan packet: 54468; packet recv TCP 172.217.7.195:443 -> 192.168.0.12:54468 (95) [ PSH ACK ] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> now i have made a standard account in windows and use it instaed of admin account. now kaspersky as earlier says components have corrupted full scan does not detect any thing also malwarebytes does not detect any thing.comodo does not detect any thing, avast does not detect any thing but does not start full system scan even after 30 min of initiation. Also after infection installed ubuntu in dual boot with windows 10 using windows bootloader. pls help me fix this persistent infection. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.