Jump to content

User_Hostile

Members
  • Content Count

    13
  • Joined

  • Last visited

About User_Hostile

  • Rank
    New Member
  1. I've got a three-tier backup system. The last tier is air-gapped and never connected to a computer being restored unless the recovery disk is running. As for why I have three-tier backup rather than just one? College senior project report. In those days, floppies were the USB sticks of their day. I made two backups against the original because my gut told me to (and floppies were cheap). When I got ready to print out my report (100 pages or so), I found the original was bad, so I went to the first backup and ... it too, was bad. Sweating, I found the 2nd backup was still good and made two more copies. My printout was good, and I graduated. Good lesson to learn, since then in the last 35 years, I've five or six cases where the a backup has gone wrong and that second copy saved my skin. Anyway, I'll skip the battle, my project awaits. Thanks.
  2. Fair enough; I finally caught on to what you actually stating. Toss me a "duh, that was obvious" token--I deserve it. My hope was to 1) identify what is was that hit me, 2) determine approximately what time the infection occurred, and 3) where it came from, to ensure it doesn't happen again. This is literally the first time I've ever been infected and I've used personal computers for 40 years.* So, I guess my number finally came up. : > ( But per your recommendation, I'll cherry-pick the files I need, and forgo the TRONing against the malware. Thanks for your help and effort---truly appreciate it, User Hostile *This is called Cybergeezerhood when you reach this milestone.
  3. Also, Reflect is paid for. I believe the alleged rootkit is located on the C:\ drive, and I wish to restore to the last backup and engage in a battle of wits with said malware.
  4. Sorry, I meant to re-image the disk. Not a literal image. Sorry for the confusion
  5. Macrium Reflect 7.2. I'm presuming the C:\ drive is all I need to restore.
  6. I posted earlier about a possible rootkit infection on one of computers on my network, which per the results indicated that one did not exist. Now I'm ready to go after the machine where the alleged rootkit resides. After much frustration, I finally restored my main machine back to mid-January which I believe is malware free. Now, I have backups all the way to early February and I would like to restore the computer to this image, because I lost a critical design & BOM list I need for a project. However, I expect the malware resides on this particular image and start the whole debacle over again. This time around, however, I can isolate the rest of the network while I battle the beast. But before I start, I have two-and-half questions: 1) Just to ensure that the current image is malware free, should I scan "clean" image first to provide an instruction baseline to work from? From there, I can then mount the suspected malware image (the very last backup) using the same instructions to begin the removal of the alleged rootkit 2) While uploading the "FRST.txt" and "Addition.txt" files is supposedly safe with respect to privacy, I use people's names for each account, which given my name and others can be Googled very quickly and result in very specific information as to my identity. Can I send you the aforementioned files as is, but keep them publicly inaccessible? 2.5) Failing that, I can map the account names one-for-one with a more neutral generic name? If I receive a "fix" file from you, I can restore the original names to ensure compatibility when running the FRST application again. Thanks.
  7. Okay, thank you. I've got a couple more of these machines that need a looky-loo, but I have other things to attend to now. See you tomorrow. And thanks for help as well as the snark, "Please do not do any more self-medication on this machine". It provided much needed laugh. Regards, User Hostile
  8. The F: drive I believe is a copy of an old computer getting long in the tooth. I think when it was upgraded to a new machine, the old C:\drive disk was removed from the old computer with the idea of 1) reuse and 2) ability to transfer any files that might have been missed during the upgrade.
  9. Per your request. Screwed up and left the browser open. It found six objects in the meanwhile, and they were quarantined. Closed the browser and rescanned with AdwCleaner; hence the second file. mea culpa. I note AdwCleaner is requesting me to 'Run Basic Repair'; should I? I ran ESET (see attached file). Surprised to see it find a piece of 'Conduit' herpesware. This first got added to the machine when I downloaded a media player seven or eight years ago. Pernicious little bugger. Tried removing it; finally had to go into the registry and kill it like HAL 9000. Even then, I had to configure my gateway router to block the beast from trying to sneak in. AdwCleaner[C00].txt AdwCleaner[S01].txt ESET Scan (2020.02.09.103650).txt
  10. Per your request. Included the 1st and 2nd Malwarebytes scans with rootkit scan switched 'on'. As you can see, Microsoft found a couple of items, but not sure if this was false positive or not. Malwarebytes didn't see anything per the GUI. msert.log Malwarebytes 2nd Scan.txt Malwarebytes 1st scan.txt
  11. Last week, I noticed my computer slowing down gradually. Eventually, the cursor would lock up and the disk light would stay on continuously. Figured there was an infection, so decided to re-image (Macrium Reflect) but got the ol BSOD because I'd switched to Win10 without updating the recovery disk. But I can deal with that later. In the meanwhile, two other Win 7 machines (as well as one of NASs seem to be infected both Linux boxes). This particular machine seems to be running normally, but when I try do down load the Malwarebytes Rootkit remover, I get an error window stating: "Could not create file "C:\Users\[use your imagination]Desktop\mbar\mbar.exe". Which seems very suspicious. Or is it? Previously, I've installed it and have never seen this error window pop-up before. I also use Malwarebytes as well as ESET Internet Security, as well as Spybot and the scans have turned up nothing. So how can I tell I've been infected or not?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.