Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by janeman

  1. I think the danger is gone. Thank you Yoan for your help. Fixlog.txt
  2. I sent a new one. Maybe it was caused by performing a scan with another program (ESET) when I scanned with FRST.
  3. I just checked the one I sent: (No log file) It's weird, and unlike the first one I sent to you couple of days ago. I'll do another scan.
  4. - Both HitmanPro and CCleaner, keep finding "tracking cookies". - As for the 5 objects found in Roguekiller in my previous post, should I delete them too, or they are false positives? - I ran EmsisoftEmergencyKit and cleaned the followings: C:\FRST\Quarantine\C\Windows\System32\drivers\vmrqtwad.sys.xBAD Rootkit.SmartService (A) C:\Windows\System32\config\systemprofile\AppData\Local\vmtdnlh\vmtdnlh.exe Gen:Variant.Razy.227680 (B) C:\Users\USER\AppData\Local\utcomdl\download\PornoHub.3gp.apk Android.Trojan.Downloader.KZ (B) - I also ran MBAR, it cleaned the followings (I think the 2nd was responsible for preventing me from starting anti-rootkits programs): C:\Users\AppData\Local\utcomdl\download\flashupdate.exe (Trojan.MalPack) C:\Windows\System\config\systemprofile\Appdata\Local\vmtdnlh\vmazkpr.exe (Adware.Yelloader) Now I don't see (msdpguvsrv.exe) in: C:\windows/Temp, but the "tracking cookies" problem persists. - The new FRST logs were sent to you in PM.
  5. - AdwCleaner: # AdwCleaner - Logfile created on Wed Feb 07 15:55:04 2018 # Updated on 2018/18/01 by Malwarebytes # Database: 02-06-2018.1 # Running on Windows 8.1 Enterprise (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* - RogueKiller: It found: (PUP.uTorrentAds) utorrentie.exe (Which I deleted) I included <MalPE Analysis (BETA)> in the scan and rescanned, it found: [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-964639153-3020507707-3992377369-1001\Software\IM -> ??? [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-964639153-3020507707-3992377369-1001\Software\IM -> ??? [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pxldapow (\??\C:\Users\USER\AppData\Local\Temp\pxldapow.sys) -> ??? [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> ??? [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> ??? Should I delete them too, or they are false positives? - Tracking Cookies keep apearing again (ex: opencandy, DoubleClick.net, and others) although I cleared Firefox cache and all cookies then also deleted (cookies.sqlite) after closing Firefox. So I ran the program (rkill.exe) which found the followings: Checking HOSTS File: * HOSTS file entries found: # fix for traceroute and netstat display anomaly tracking.opencandy.com.s3.amazonaws.com media.opencandy.com cdn.opencandy.com tracking.opencandy.com api.opencandy.com api.recommendedsw.com installer.betterinstaller.com installer.filebulldog.com d3oxtn1x3b8d7i.cloudfront.net inno.bisrv.com nsis.bisrv.com cdn.file2desktop.com cdn.goateastcach.us cdn.guttastatdk.us cdn.inskinmedia.com cdn.insta.oibundles2.com cdn.insta.playbryte.com cdn.llogetfastcach.us cdn.montiera.com 20 out of 35 HOSTS entries shown. Please review HOSTS file for further entries. How can I delete all tracking cookies terminaly?
  6. - I can't see (msdpguvsrv.exe) in Task Manager anymore. HOWEVER IT IS STILL FOUND IN: C:\windows/Temp - Malwarebytes didn't detect anything. This is the Export Summary: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/6/18 Scan Time: 7:57 PM Log File: da976c0a-0b5e-11e8-9edd-a0d3c153b825.json Administrator: Yes -Software Information- Version: Components Version: 1.0.188 Update Package Version: 1.0.2785 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: OOG\USER -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 401518 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 40 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) - Malwarebytes Anti-Rootkit can be opend now, I extracted it then opened it, it gave me a window saying: Probable rootkit activity detected Registery value "Applnit_Dlls" has been found, which may be caused by rootkit activity. Note: Press "No" buttin if you're not sure. If this tool crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appeare again. Should I click Yes?
  7. Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018 Ran by USER (06-02-2018 18:43:22) Run:1 Running from C:\Users\USER\Desktop Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 18:43:23 ====
  8. Hello I seem to have an infection on my windows 8.1 with at least a ((Rootkit.Smartservice)) and a (Trojan). I'd appreciate your help. Multi (Windows Process Manager) tasks used to appear in Task Manager, but not anymore after I changed their permissions. However, everytime I start my Windows I find in Task Manger a process called (msdpguvsrv.exe), sometimes being the first task for CPU and Disk. It is Located in C:\windows/Temp, I managed to stop it with a program but it won't get deleted or quarantined. I also find in C:\windows/Temp, a folder called (msidntfs), within it are 2 files (cert.db, SecureTrust Network Root CA 2.cer). I don't know if that is related. Within the Windows folder I found The Malware (AutoKMS_VL_ALL) Folder, and The (autokms_vl_all.exe) Malware File, and deleted them. My current situation is.. - EmsisoftEmergencyKit: Rootkit.SmartService : C:\Windows\System32\Drivers\vmrgknqt.sys Gen:Variant.Razy.227680 : C:\Windows\System32\config\systemprofile\AppData\Local\vmtdnlh\vmtdnlh.exe Android.Trojan.Downloader.KZ : C:\Users\USER\AppData\Local\utcomdl\download\PornoHub.3gp.apk - Avast anti rootkit: Service rtkoep C:\Windows\system32\drivers\vmrgknqt.sys **LOCKED** 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffcf8006880770] 3 CLASSPNP.SYS[fffff8000094cabb] -> nt!IofCallDriver -> [0xffffcf800686eb20] 5 hpdskflt.sys[fffff80000e9542b] -> nt!IofCallDriver -> [0xffffcf80061b4e50] 7 ACPI.sys[fffff800004025f1] -> nt!IofCallDriver -> \Device\0000002e[0xffffcf80061987f0] - Malwarebytes: now doesn't detect any problem - AdwCleaner: now doesn't detect any problem - Zemana AntiMalware: now doesn't detect any problem - hitmanpro: now doesn't detect any problem, but _except one time_ it hangs on 99% or sometimes less - mbar: doesn't start - gmer: doesn't start - Kaspersky tdss killer: doesn't start - RogueKiller: doesn't start, and give a message "Windows cannot access the specified device, path, or file"
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.