DR_Smith
Members-
Posts
15 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Hi Ron, I really want to thank you, I work in computer/network security, but not as a malware expert. PC and laptops get compromised and they are just re-imaged. It's the quick way to an end, but you never find root cause or how these little devils operate. I try to run an image of my machines once a week and keep scanning. Linux is my main laptop's OS, but I need MS for a few things. I'll install uBlock as you recommended. Thank you!!!!!!!!!!!!!!!!!!!
-
Hi Ron, I have scanned the laptop again after remove it and rebooted a couple of times in between each scan. I think there are 2 factor that contribute to this: 1. I have installed the advanced version (auto detect version of Malwarebytes). 2, I think it;s related to me running Spybot. I can prove this out because I have a couple of clean scans and reboots and all looks well. I believe if I run Spybot, Ill get a detection and if I scan with Malwarebytes will pick up another set of reg. keys. I can get you a snapshot of those reg. keys so you can see. I'll also run Spybot to see if there is a problem after or during the run. Now that I have the paid version of Malwarebytes, I might de-install the other anti-virus/malware software. I do like that Spybot blackholes bad sites ad IP's by including the them in the hosts file and directing them to 127.0.0.1. Thanks!!!!
-
Hi Ron, Ran Farbar and I have attached the FRST.txt and Addition.txt. Let me know if you see anything. I took a quick look nothing obvious, but I'll look again. Looks like there may be a problem because first the problem was with SuperAntiSpyware and now with Spybot. It would be nice if this were a false positive, but I think not. Let me know what you need. Thank you!!!! Addition.txt FRST.txt
-
Hi Ron, I ran the scan and I get "congratulations no malware found". I tried to run the update for SuperAntiSpyware and the update still doesn't work. There are 2 types of updates just like Malwarebytes, the usual one that happens everytime I run a scan and then the periodic update that happens occasionally. It is the latter that fails to update. So I get the usual signatures, but when the periodic update tries to update the version, that fails. Is it possible the Malwarebytes cleanup of the initial problem could have damaged something with SuperAntispyware code? I was going to uninstall SuperAntispyware and try to reinstall and see what happens, but I'm waiting for the ok that things look good as far as eradicating the initial infection. Thank you for your help in resolving this problem!!!!
-
Just checked a Windows 7 machine on a separate isolated by a firewall segment running both Malwarebytes and SuperAntiSpyware. No troubles. So it looks like it not related to the 2 applications clashing. I did notice that an update to SuperAntiSpyware failed. (maybe unrelated. Ran Malwarebytes and removed the problem. Rebooted and ran Malwarebytes again. No trouble found. Now running Farbar tool. Again thanks for the troubleshooting info. At work we just re-image, but you never learn too much by doing that.
-
Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/4/19 Scan Time: 12:31 PM Log File: 63edaf15-3ea3-11e9-beb2-a01d4868da35.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.9536 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Andy-HP\Andy -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 384266 Threats Detected: 12 Threats Quarantined: 0 Time Elapsed: 20 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 6 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6433], [249733],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6433], [249733],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE, No Action By User, [6433], [249769],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE, No Action By User, [6433], [249769],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6433], [249843],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6433], [249843],1.0.9536 Registry Value: 6 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|DEBUGGER, No Action By User, [6433], [249733],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE|DEBUGGER, No Action By User, [6433], [249733],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE|DEBUGGER, No Action By User, [6433], [249769],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE|DEBUGGER, No Action By User, [6433], [249769],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|DEBUGGER, No Action By User, [6433], [249843],1.0.9536 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE|DEBUGGER, No Action By User, [6433], [249843],1.0.9536 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)