Jump to content

User_Hostile

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Everything posted by User_Hostile

  1. I removed the RAM disk, and as you predicted the FRST program ran smoothly and quickly. I've attached the resulting files one last perusal just to ensure that there are no surprises lurking. The machine is still hanging up, but far less frequently, and no longer requires a re-image, just a cold reboot and it's good for a few sleep cycles before hanging again. I still can get my work done, and that's the point of resolving this issue. My machine is hitting my own 'end-of-life' schedule (ten years), so I will likely replace it in the next few months, and use it for something else (as I've backed everything back up on the cloud). This will be my last posting, as I've now got a handle on this. I really appreciate the effort you expended to find out what was giving my machine "seizures" and was relieved to know that the most likely culprit was my laziness (which I can live with) rather than malware (which is almost impossible to bring those who write this evil to justice). It really meant a lot to me you took the time out to help resolve this problem. I've been working with PCs for almost 40 years, and this was the first time I really got flummoxed and couldn't find a loop-hole or work around. Of course, I started during the days of 8086/DOS and started losing interest after the Pentium/WinNT, since it was becoming a full-time hobby just to keep up with the nuts and bolts of it, but the knowledge carried forth til now. So my sincerest gratitude for your efforts. User_HostileFriendly Addition.txt FRST.txt
  2. I'm slowly getting rid of the files (along with the older security software). As I'm a critical worker, I don't have much time for most of the week. But as soon as I finish removing the files, I'll run the FRST again. I've been doing some runs with it, but it keeps hanging, when it starts searching for "other areas" so it requests whether or not to wait or kill it--which is the latter.. I've only had one hang up of the machine which did not require a re-image, so me thinks that deleting the old stuff is making an impact. I am running a RAM disk with about 4 GB. I use it to launch and cache the web browsers sometimes.
  3. Added the NIR to my exclusion list. See the files below. FRST quit the first time, and I had to kill the process which gave me a Sort-BSOD. But upon the reboot, FRST ran fine. See attached. FRST.txt Addition.txt
  4. Here you go. The two PUPs are old files. NIR always sets off false positives, but I've used it since August. Possible malware, but I've used NIR software for years with no discernible problems. The problem with the machine developed around late February New&ImprovedMB (2020.04.13).txt Quarentine followup (2020.04.13).txt
  5. Interesting occurrence, rebooted my machine. It started a file check & recovery operation. After a few minutes the computer locked up with the disk light remaining on. Rebooted, and again, the machine did a file check & recovery operation. So after the Desktop showed up, I immediately ran FRST64.exe with a scan followed by a fix. The scan completed successfully, yet fix is still rolling along with the log terminating at Google policy. But the machine doesn't lock up. Some process or processes are being killed by FRST64.exe that induce the lockup from what I can tell. See attached. Fixlog.txt FRST.txt Addition.txt
  6. Updated to Win 10, but got the black screen. After three hours, I shut it down, and powered up again. Ran Farbar again, and still have the same problem. Hangs on the Google policy. See attached, it took about eight minutes. Fixlog.txt
  7. This a Windows 7 machine. I've got an upgrade to Win 10--if necessary, I can invoke that.
  8. FBAR continues to slog along, but the Fixlog.txt file seems to hang at eight minutes, with theseclosing texts: "C:\ProgramData\Temp" => ":5C321E34" ADS not found. "C:\ProgramData\Temp" => ":CB0AACC9" ADS not found. "C:\Windows\system32\GroupPolicy\Machine" => not found HKLM\SOFTWARE\Policies\Google => not found Fixlog.txt
  9. I mean to say, I ran it for seven hours before performing the reboot while the program was running. Referring to file creation, it took about 13 minutes between the start and finish of the Fixlog.txt file
  10. Rebooted, probably seven hours, but Windows Task Manager indicated normal operation and running one of six core processors at almost the max. See attached file. Fixlog.txt
  11. How long should FRST64.exe run for? (I'm hitting five hours). Is this dependent on the overall number of files?
  12. Per your request. Malware Check (2020.04.06).txt FRST.txt Addition.txt AdwCleaner[C00] (2020.04.06).txt
  13. About the end of February I started to notice that my machine started acting funny, so I assumed that it was some kind of malware. So I restored an image my machine from early January and the same behavior occurred. Then I ran a restoration of my machine from early December. Same bug appeared. The behavior only occurs after I've put my machine into sleep mode for a total of two times. What happens then is I note the disk light starts flashing more and more. The response of the machine becomes increasingly slower and slower until the cursor no longer moves and the disk light stays on steady. At that point, the machine locks up. Rebooting the machine results in a very slow bootup and a much quicker lockup. I've restored the disk image five times, so i've dialed in the symptoms. So, presuming this is malware what steps to i need to remove it? I've backed up my important files, so if it requires a disk wipe, I''m fine with that. But I'd rather identify the bug and remove it and rebuild it from there.
  14. I've got a three-tier backup system. The last tier is air-gapped and never connected to a computer being restored unless the recovery disk is running. As for why I have three-tier backup rather than just one? College senior project report. In those days, floppies were the USB sticks of their day. I made two backups against the original because my gut told me to (and floppies were cheap). When I got ready to print out my report (100 pages or so), I found the original was bad, so I went to the first backup and ... it too, was bad. Sweating, I found the 2nd backup was still good and made two more copies. My printout was good, and I graduated. Good lesson to learn, since then in the last 35 years, I've five or six cases where the a backup has gone wrong and that second copy saved my skin. Anyway, I'll skip the battle, my project awaits. Thanks.
  15. Fair enough; I finally caught on to what you actually stating. Toss me a "duh, that was obvious" token--I deserve it. My hope was to 1) identify what is was that hit me, 2) determine approximately what time the infection occurred, and 3) where it came from, to ensure it doesn't happen again. This is literally the first time I've ever been infected and I've used personal computers for 40 years.* So, I guess my number finally came up. : > ( But per your recommendation, I'll cherry-pick the files I need, and forgo the TRONing against the malware. Thanks for your help and effort---truly appreciate it, User Hostile *This is called Cybergeezerhood when you reach this milestone.
  16. Also, Reflect is paid for. I believe the alleged rootkit is located on the C:\ drive, and I wish to restore to the last backup and engage in a battle of wits with said malware.
  17. Sorry, I meant to re-image the disk. Not a literal image. Sorry for the confusion
  18. I posted earlier about a possible rootkit infection on one of computers on my network, which per the results indicated that one did not exist. Now I'm ready to go after the machine where the alleged rootkit resides. After much frustration, I finally restored my main machine back to mid-January which I believe is malware free. Now, I have backups all the way to early February and I would like to restore the computer to this image, because I lost a critical design & BOM list I need for a project. However, I expect the malware resides on this particular image and start the whole debacle over again. This time around, however, I can isolate the rest of the network while I battle the beast. But before I start, I have two-and-half questions: 1) Just to ensure that the current image is malware free, should I scan "clean" image first to provide an instruction baseline to work from? From there, I can then mount the suspected malware image (the very last backup) using the same instructions to begin the removal of the alleged rootkit 2) While uploading the "FRST.txt" and "Addition.txt" files is supposedly safe with respect to privacy, I use people's names for each account, which given my name and others can be Googled very quickly and result in very specific information as to my identity. Can I send you the aforementioned files as is, but keep them publicly inaccessible? 2.5) Failing that, I can map the account names one-for-one with a more neutral generic name? If I receive a "fix" file from you, I can restore the original names to ensure compatibility when running the FRST application again. Thanks.
  19. Okay, thank you. I've got a couple more of these machines that need a looky-loo, but I have other things to attend to now. See you tomorrow. And thanks for help as well as the snark, "Please do not do any more self-medication on this machine". It provided much needed laugh. Regards, User Hostile
  20. The F: drive I believe is a copy of an old computer getting long in the tooth. I think when it was upgraded to a new machine, the old C:\drive disk was removed from the old computer with the idea of 1) reuse and 2) ability to transfer any files that might have been missed during the upgrade.
  21. Per your request. Screwed up and left the browser open. It found six objects in the meanwhile, and they were quarantined. Closed the browser and rescanned with AdwCleaner; hence the second file. mea culpa. I note AdwCleaner is requesting me to 'Run Basic Repair'; should I? I ran ESET (see attached file). Surprised to see it find a piece of 'Conduit' herpesware. This first got added to the machine when I downloaded a media player seven or eight years ago. Pernicious little bugger. Tried removing it; finally had to go into the registry and kill it like HAL 9000. Even then, I had to configure my gateway router to block the beast from trying to sneak in. AdwCleaner[C00].txt AdwCleaner[S01].txt ESET Scan (2020.02.09.103650).txt
  22. Per your request. Included the 1st and 2nd Malwarebytes scans with rootkit scan switched 'on'. As you can see, Microsoft found a couple of items, but not sure if this was false positive or not. Malwarebytes didn't see anything per the GUI. msert.log Malwarebytes 2nd Scan.txt Malwarebytes 1st scan.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.