Silly_Scott
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Silly_Scott
-
-
Aura,
No, I don't think there are any other issues. Do you guys have any recommended AV to use instead of MS Tools?
Thanks,
Scott
-
Aura,
Here is the cut and paste of that url.
No engines detected this fileSHA-256 6a462dac110015f3e59610202714120c557674019a0196680b72031c50d7c474 File name MsMpEng.exe File size 117.05 KB Last analysis 2017-12-12 00:07:42 UTC Community score +21 Ad-Aware
Clean
AegisLab
Clean
AhnLab-V3
Clean
ALYac
Clean
Antiy-AVL
Clean
Arcabit
Clean
Avast
Clean
Avast Mobile Security
Clean
AVG
Clean
Avira
Clean
AVware
Clean
Baidu
Clean
BitDefender
Clean
Bkav
Clean
CAT-QuickHeal
Clean
ClamAV
Clean
CMC
Clean
Comodo
Clean
CrowdStrike Falcon
Clean
Cybereason
Clean
Cylance
Clean
Cyren
Clean
DrWeb
Clean
eGambit
Clean
Emsisoft
Clean
Endgame
Clean
eScan
Clean
ESET-NOD32
Clean
F-Prot
Clean
F-Secure
Clean
Fortinet
Clean
GData
Clean
Ikarus
Clean
Jiangmin
Clean
K7AntiVirus
Clean
K7GW
Clean
Kaspersky
Clean
Kingsoft
Clean
Malwarebytes
Clean
MAX
Clean
McAfee
Clean
McAfee-GW-Edition
Clean
Microsoft
Clean
NANO-Antivirus
Clean
nProtect
Clean
Palo Alto Networks
Clean
Panda
Clean
Qihoo-360
Clean
Rising
Clean
SentinelOne
Clean
Sophos AV
Clean
Sophos ML
Clean
SUPERAntiSpyware
Clean
Symantec
Clean
Tencent
Clean
TheHacker
Clean
TotalDefense
Clean
TrendMicro
Clean
TrendMicro-HouseCall
Clean
VBA32
Clean
VIPRE
Clean
ViRobot
Clean
Webroot
Clean
WhiteArmor
Clean
Yandex
Clean
Zillya
Clean
ZoneAlarm
Clean
Zoner
Clean
Alibaba
Unable to process file type
Symantec Mobile Insight
Unable to process file type
Trustlook
Unable to process file type
-
Aura,
On the subject of Antivirus, what or who is the best balance of protection and not to resource intensive? EverytimeThis disabled. ;-(
Thanks,
Silly Scott
-
Aura,
I am still with you, busy weekend and did not mess much with the computer. ;-)
here is the output of the report: VirusTotal:
No engines detected this fileSHA-256 9b702515e81ec83275083487b119e9fa6505049c1fc3e3b6b4adc4a39023ae4b File name rk_D1D0.tmp.txt File size 2.84 KB Last analysis 2017-12-11 17:36:01 UTC Ad-Aware
Clean
AegisLab
Clean
AhnLab-V3
Clean
ALYac
Clean
Antiy-AVL
Clean
Arcabit
Clean
Avast
Clean
Avast Mobile Security
Clean
AVG
Clean
Avira
Clean
AVware
Clean
Baidu
Clean
BitDefender
Clean
Bkav
Clean
CAT-QuickHeal
Clean
ClamAV
Clean
CMC
Clean
Comodo
Clean
Cyren
Clean
DrWeb
Clean
Emsisoft
Clean
eScan
Clean
ESET-NOD32
Clean
F-Prot
Clean
F-Secure
Clean
Fortinet
Clean
GData
Clean
Ikarus
Clean
Jiangmin
Clean
K7AntiVirus
Clean
K7GW
Clean
Kaspersky
Clean
Kingsoft
Clean
Malwarebytes
Clean
MAX
Clean
McAfee
Clean
McAfee-GW-Edition
Clean
Microsoft
Clean
NANO-Antivirus
Clean
nProtect
Clean
Panda
Clean
Qihoo-360
Clean
Rising
Clean
Sophos AV
Clean
SUPERAntiSpyware
Clean
Symantec
Clean
Tencent
Clean
TheHacker
Clean
TrendMicro
Clean
TrendMicro-HouseCall
Clean
VBA32
Clean
VIPRE
Clean
ViRobot
Clean
Webroot
Clean
WhiteArmor
Clean
Yandex
Clean
ZoneAlarm
Clean
Zoner
Clean
Alibaba
Unable to process file type
CrowdStrike Falcon
Unable to process file type
Cybereason
Unable to process file type
Cylance
Unable to process file type
eGambit
Unable to process file type
Endgame
Unable to process file type
Palo Alto Networks
Unable to process file type
SentinelOne
Unable to process file type
Sophos ML
Unable to process file type
Symantec Mobile Insight
Unable to process file type
Trustlook
Unable to process file type
-
Aura,
Here is the latest output log file from Rougekilrk_D1D0.tmp.txtler.
-
The Other thing that the application seems to not be able to get rid of is some random reg entry that just reads:
(x64) hkey_local_machine\software|software|description
I have told it to remove this a few times now and it has not been able to do so. :-(
-
Aura,
Right now Roguekiller is fixated on msmpeng.exe which seems to be part of windows defender.
Currently running out of the c:\programe files\microsoft security client\MsMpEng.exe
Is there a way to confirm or is this a known thing. What is your recomendations?
Thanks,
Scott
-
Aura,
I am still finding one or two issues with the RougeKiller app. I reboot and scan again and I finds a different one. Strange.... Is there any harm in running more than one scanner/cleaner at the same time? Besides the obvious problem with taking a longer time to finish either scan due to the resource issues.
-
Aura,
Yes I am still with you. I removed the items listed above and updated the java. I then used the program and update the application I wanted to update. One of them was my k-lite drivers which seem to have been taken over by some group that have inserted some malware of their own and it took some effort of running the last two programs a few times and rebooting. To ensure all the bad stuff is gone. Let me run those a few more times and see if I get any hits.
Silly Scott
-
Aura,
Here is the Fixlog.txtFixlog.txtAddition.txtFRST.txt
For good measure I went ahead and re-ran the FRST64 tool again and posted the logs.
Regards,
Silly Scott
-
Aura,
Spybot Search and Destroy was one of the two applications I was using to help control my machine before I enlisted your help. It is now off, was it doing something funny? Or was it more bad than good? The fix is running, I am running it remotely and it sometimes drops my connections to itself and I just wait for it to come back. :-( Other than acting a little slower than before the event and the fan seems to run a lot more than before. I am not sure if that was because the cpu was running all the malware in the back or not. I am hopeful that this stops and it starts to behave better. At least well enough and long enough to make me feel comfortable to get the files and apps off it before reloading, if it is needed.
I will let you know how the fix list runs shortly.
Regards,
Silly Scott
-
Aura,
Let me know if there is anything else you can think of or if you think we have this clean up. Thank you for your help in getting me to a place where the root tool kit will work. Now I have learned something new. Well I hope I don't have to use this knowledge again, but I often get laptops from family and friends in worse condition than this.
Silly Scott.
-
Aura,
Here are the FRST log files. I re-ran the Malwarebytes again (FRST.txtAddition.txtnothing found) then ran FRST64.
I think my bitdefender threat prompt I was getting on shut down was due to another malware programe I had installed before I enlisted your services. since then I have removed to such programs that help me get the pc under control until I could request your help. I think with your help we have it cleaned up pretty good.
-
-
Aura,
It was a pain to get the mbar.cmd to run out of the windows environment. It finally ran, rebooted. It fully loaded into windows and was able to load both Malwarebytes and AV. I updated both and ran them. I rand the mbar one more time and it caught some more items. you will see two log items. I then updated and ran malwarebytes a few times. It now runs clean with now errors. Let me know what logs you may want to see if I got everything. Have you heard of any of these files messing with bitlocker or providing some sort of bitlocker prompt when rebooting?
-
Sorry Aura,
I must have got distracted by a shiny thing before getting to the bottom of the email. I did not see the link and instruction. I will have to do that this evening since I am at work and the computer is at home. Sorry and thanks for keeping with me.
Silly Scott
-
Hello,
Still with you.
-
Downloaded file that was invected and webpages hijacked. I have been able to clean the machine up enough to use it again, but malwarebytes and MS security esse. have been deactivated and I have yet to be able to clean the hijacked webpages up and most of the other items. I am not able to run malware bytes or AV. I have two other programs that seem to help keep issues at bay for now.
Thanks,
Silly Scott
Unable to restart Malwarebytes, Av deactivated
in Resolved Malware Removal Logs
Posted
Aura,
No, I don't think there are any other issues. I think you can close this case, thanks for all your help!
Thanks,
Scott