Jump to content

greenbackyard

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About greenbackyard

  • Rank
    New Member
  1. thanks for this wonderful article. I have two questions is it necessary use DelFix to clean up? and after I use FRST for first time Something happened that my computer switched from a blue theme to glass I love that I just want to know if FRST did it or maybe the malware made changes to my computer? that's all you can close the topic and thank you once again for the help you've provided.
  2. I mean every site which explains how to remove mserver.exe is blocked on my pc who was infected but on my other computer that was not infected these sites work normally whatever It looks like the virus was finally deleted system idle high cpu is about not use cpu I first thought that some advanced malware was hiding in system idle I know that today malwares can do anything but I'm sure he was cleaned I want to say thanks a lot Aura or Yoan You helped me a lot thank you again
  3. websites which they mention mserver.exe still blocking from this pc not from my other pc usp20.dll He is no longer in the place where he was i guess that was deleted cpu uses high but for now on system idle process I'm going to stop some services to check is that softwares or miner. also mserver.exe can not be found in the registry I hope it's finally over. This is the only thing I find in registry searching mserver
  4. yes dxapi.sys from C:\Windows\system32\drivers and Dxapi.sys from C:\Windows\system32 I tried to clean it again with malwarebytes and manual but he returned This is a very bad virus.
  5. also i have open more than 7 svchost.exe which are associated with this virus when I try to kill one of them they auto back is that normal?
  6. There is two files Dxapi.sys https://www.virustotal.com/#/file/13c2b598b11700ef55c3040d34f88a0f73174cdee7389c470cc6c5a3055fc22c/detection dxapi.sys https://www.virustotal.com/#/file/067531833f90241a181ef082d85cff74336d68dab0aade4393c1f35cd662daae/detection
  7. Hey Aura, yes its back still using high cpu blocking websites where it is mentioned mserver.exe with this "This site can’t provide a secure connection" ERR_SSL_PROTOCOL_ERROR other sites work normally something has changed for now I can not find it mserver.exe or svghost but usp20.dll he back again look at that language also It's the folder where usp20.dll is "search-ms:displayname=Search%20Results%20in%20System32&crumb=filename%3A~<usp20.dll%20OR%20System.Generic.String%3Ausp20.dll&crumb=location:C%3A%5CWindows%5CSystem32" It looks like encrypted o
  8. Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018 Ran by korisnik (05-05-2018 07:44:29) Run:2 Running from C:\Users\korisnik\Desktop Loaded Profiles: korisnik (Available Profiles: korisnik & postgres & LOL) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CMD: dir /a C:\Windows\system32 DeleteKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrxsmb22 HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe",", HKU\S-1-5-21-163330404-1245726229-
  9. Fix result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018 Ran by korisnik (05-05-2018 07:44:29) Run:2 Running from C:\Users\korisnik\Desktop Loaded Profiles: korisnik (Available Profiles: korisnik & postgres & LOL) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CMD: dir /a C:\Windows\system32 DeleteKey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrxsmb22 HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe",", HKU\S-1-5-21-163330404-1245726229-
  10. Hi, I got this error when I try to paste can i upload fixlog on pastebin or add here attach file?
  11. Hello Aura, thanks for your reply. I'm done with scanning I looked at the malwarebytes log file and I see many files that I did not download my question is, there a any chance my computer is infected with a downloader or a trojan? It can explain that every time I delete virus it returns. here are the files report.txt FRST.txt Addition.txt
  12. Hello, malwarebytes users i have one problem with virus I hope someone can help me. The problem is the following "I have other viruses too, but they are not a problem" The problem is the virus I got a few days ago I'm not a malware analyst or anything like that but I managed to connect these viruses svghost.exe, mserver.exe and usp20.dll this files make other files and changes in registry i delete it but they back after i restart my pc, including registry I scanned them with malwarebytes some detect as viruses and remove but after restart, they come back again I see they use 100% CP
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.