GyroRev

Members

View Profile See their activity

Posts
1
Joined
November 13, 2017
Last visited
November 13, 2017

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by GyroRev

Rootkit Infection High Level Windows 10

GyroRev posted a topic in Resolved Malware Removal Logs

Pulling my hair out. Somewhere some $*%^ is responsible for wasting my time. I wish I could give a swift kick to their nether-regions. Just had to get that out. I have what appears to be a rootkit infection that is prohibiting me from any type of malware/antivirus install, including malwarebytes, it's anti rootkit software, as well as executing mbar.exe or mbamdor.exe in the unzip package meant to bypass using the anti rootkit installer. I am at a standstill as this infection continues to pillage my machine. Please help. I would like to buy a subscription to malwarebytes but am at a standstill. Additional symptoms include: 1) In google chrome address bar once entering text for a google search a redirection to bing.com happens, momentarily I notice the following address ( extension.citypage.today/?affID=970801784&q=exporting ) 2) The following I exported from the ESET NOD32 scans that may be of interest <?xml version="1.0" encoding="UTF-8"?> -<ESET> -<LOG> -<RECORD> <COLUMN NAME="Time">9/3/2017 10:50:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 5:19:10 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 7:39:39 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://www.support.microsoft9002bfrmsclffc8275.com.s3-website.eu-central-1.amazonaws.com</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">761BEA759DAA7FB0BE22C3A57BABE6B0B6248F39</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/11/2017 8:18:39 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/14/2017 9:42:27 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/15/2017 9:00:23 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://rkrlroen.greenworldlp.com/install?vnpksbnm=rkrlroen&libfbfti=hsszzhdb&bohbakdm=mhabztzs</COLUMN> <COLUMN NAME="Threat">JS/Chromex.Submelius.D trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">4149272F85A262C85F8BBAFB0A21B7DBDD12EBD5</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/19/2017 10:53:46 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/26/2017 1:29:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/30/2017 5:05:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/8/2017 2:14:49 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/11/2017 7:42:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/16/2017 10:09:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/20/2017 8:02:47 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/23/2017 1:25:59 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/26/2017 7:51:11 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\0G52W29J\sam_IC[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">CA7EDF9F768F218254421D588C934E449604539E</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:28 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\4F7ZYHKL\sci0[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQH trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">4F93521E78FF089A3B7EC105EC0454547C3B1585</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:25 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:46 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\TVFWQJDO\sci1[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">33D4FEE23CEA73F97B5FDF007B5BB04EF2740D10</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:17:01 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/29/2017 8:07:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 10:46:41 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 12:22:16 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://screenaddict.thewhizproducts.com/?chid=307&oid=624&subid=OPsrUvAh-h0&pubid=93855</COLUMN> <COLUMN NAME="Threat">JS/Adware.AztecMedia.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">8E2AAC64EC36923E088EE83D766DE8F58E883FE2</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/9/2017 3:22:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=102bf61837baccc6a2fc670ca6cce1&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E823E5F1D6EE760C236BC1B52EA8708E67580B12</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/10/2017 12:27:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/11/2017 2:40:41 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://computer-52ca2.stream/view?a=AZ&pagex=0&s1=qmHgUo4gNNywKrtSqmGfaN6Ycb7aeOH3pDC6EKpQR7sCaJl0dqJQ56grG94vYGBS2XGaWoQvdofcCD6BZWAAsA,,&os=Windows&browser=Chrome&isp=Mci Communications Services inc. Dba Verizon Business&ip=71.105.31.67</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">19392EDDE5C73BAAF4EE026DE507C782A889A918</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/12/2017 10:07:10 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=1020615d6a7f568ed7e5f2c4edf113&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E0B281ABFF26B62047544EDEE3E8426704AD02F0</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 4:08:56 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 5:23:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=10278e43faf02ca461531c8465cb76&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">79A25F1E8939496AAD1E4F4A1951CB7650121CC6</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> </LOG> </ESET>
- November 13, 2017
- 3 replies
- - rootkit
  - infection
  - (and 1 more)
    Tagged with:
    
    rootkit
    
    infection
    
    the requested resource in use

Sign In

GyroRev

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by GyroRev

Rootkit Infection High Level Windows 10

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information