Jump to content

pedrobicalho

Members
  • Content Count

    9
  • Joined

  • Last visited

About pedrobicalho

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Ran other tests and nothing was detected. System is responding ok! I think you can close this topic now. Thanks again Kevin. Pedro
  2. Kevin, logs are attached. TDSSKiller found Rootkit.Boot.DarkGalaxy.a. I selected "cure" as instructed and got the message "Can´t cure MBR. Write standard boot code?". Selected "Yes" and then rebooted....during Windows load I got and error message on cmd screen.....but then everything loaded fine (and I got the impression that load time was a little faster). Just ran my AV on boot sector, and everything was clean. I´ll post back after I run some other tests, but I think it worked!! Thank you so much for your assistance Kevin! TDSSKiller.3.1.0.28_17.09.2019_17.59.08_log.txt TDSSKiller.3.1.0.28_17.09.2019_17.49.47_log.txt
  3. Kevin, Logs attached. It´s strange because during the scan, my AV software detects the Rootkit with a message saying that Malwarebytes Anti-Rootkit is trying to acess the file, than I get a message that the file was deleted. But the next time I boot the system, the Rootkit is still there. Malwarebytes Anti-Rootkit didn´t detect anythig. mbar-log-2019-09-17 (14-02-21).txt system-log.txt
  4. My AV software stills detects the the Rootkit Agent on the startup scan (MBR sector)....😕
  5. Kevin, Please find attached: 1 - Fixlog.txt (FRST log) 2 - Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/16/19 Scan Time: 7:19 PM Log File: 098b8786-d8d0-11e9-a5aa-d0bf9c01a728.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.625 Update Package Version: 1.0.12399 License: Free -System Information- OS: Windows Server 2012 CPU: x64 File System: NTFS User: SERVIDOR\Administrador -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 217899 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 5 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) 3 - AdwClaner log: # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-04-2019 # Database: 2019-08-27.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-16-2019 # Duration: 00:00:01 # OS: Windows Server 2012 Standard # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\WinZip\WinZip Smart Monitor ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner_Debug.log - [5385 octets] - [16/09/2019 16:57:16] AdwCleaner[S00].txt - [1450 octets] - [16/09/2019 16:58:23] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## 4 - Microsoft Malicious Software Removal Tool: Microsoft Windows Malicious Software Removal Tool v5.75, August 2019 (build 5.75.16236.1) Started On Mon Sep 16 19:32:56 2019 Engine: 1.1.16200.1 Signatures: 1.299.474.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Mon Sep 16 19:37:12 2019 Return code: 0 (0x0) Fixlog.txt
  6. Hi Kevin, So, I did what you instructed me and here is the result: https://www.virustotal.com/gui/file/8d49a4e7f2ca1239311f6b1d69ebf3e95735da9e0cdfbe8235a28e256cbaf6c9/detection Thanks,
  7. Hi kevinf80! I´ve been away in a business trip and will be back at my office tomorrow. I´ll try you solution the moment I get there and will get back to you as soon as I can. Thanks in advance for your reply!
  8. Here's a photo of the detection screen (AV software)
  9. Hello! My antivirus software has detected and infection (Win32/Rootkit.Agent.OCL) in my company server. Could you please give me any tips on how to remove it? I ran Farbar Recovery Scan Tool as instructed, files are attached. I couldn´t configure Farbar to generate the files in english (my OS is in Brazilian Portuguese), so if that is a a problem let me know so I can try again. Thanks! FRST.txt Addition.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.