Jump to content

kahdah

Experts
  • Posts

    4,024
  • Joined

  • Last visited

Everything posted by kahdah

  1. Hello stefan2014 Welcome to Malwarebytes. ===================== Hi I do not see anything malicious in your logs. Has this been an issue before have you been able to update mbam before? I do see remnants of Norton on the machine. Please download and run their removal tool from here : http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US Reboot once that completes and let me know if it continues to be an issue. Also if that does not work try to disable the Trend Micro firewall and then it should be able to access the updates. Let me know.
  2. Hello cookeab Welcome to Malwarebytes. ===================== Download This file. Note its name and save it to your root folder, such as C:\. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled. Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "Yes" to begin the scan. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and copy/paste the contents in your next reply. Exit the program and re-enable all active protection when done.
  3. Great if it is all wrapped up then I will have this thread closed.
  4. Great. =======Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there. ======Next====== Double click on OTL to run it. Click on the Cleanup button at the top. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. This will remove itself and other tools we may have used. ====== Delete\uninstall anything else that we have used that is leftover. After that your all set. ===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance=== Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes. How did I get infected in the first place? Also this one by Tony Klein. If your computer is slow Things you can do if your computer is slow. PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security. File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc... ===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased=== Malwarebytes Antimalware superantispyware ===Free antivirus links=== This is antivirus and antispyware. Microsoft Security Essentials This is free antispyware protection and Antivirus protection. AVG free This is just antivirus protection. Antivir This is antivirus and antispyware protection. Avast
  5. Thermal paste is cheap local computer shop's vary call and get a price that is all I can tell you.
  6. Ok I would take it to a service shop then and have them check it\do it.
  7. Yes it is gone your logs are clean. Use it for a day or 2 then rescan with mbam after updating it and let me know if it still detects anything and we will wrap it up.
  8. You are welcome. Please install the latest version of adobe reader. It can be found here > http://get.adobe.com/reader/ ================================== =======Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there. ======Next====== Double click on OTL to run it. Click on the Cleanup button at the top. You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. This will remove itself and other tools we may have used. ===============Update Java=============== Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop. Scroll down to where it says "(JRE) then click on it Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version. ==== Delete\uninstall anything else that we have used that is leftover. After that your all set. ===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance=== Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes. How did I get infected in the first place? Also this one by Tony Klein. If your computer is slow Things you can do if your computer is slow. PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security. File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc... ===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased=== Malwarebytes Antimalware superantispyware ===Free antivirus links=== This is antivirus and antispyware. Microsoft Security Essentials This is free antispyware protection and Antivirus protection. AVG free This is just antivirus protection. Antivir This is antivirus and antispyware protection. Avast
  9. Ok Download OTL to your desktop. Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output. Under the Standard Registry box change it to All. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  10. Ok let's move on then. Please download to your Desktop: Dr.Web CureIt After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. Once the short scan has finished, Click on the Complete scan radio button. Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though) On the File types tab ensure you select All files Click on the Actions tab and set the following: Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report Infected packages Archive = Move, E-mails = Report, Containers = Move Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move Do not change the Rename extension - default is: #?? Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\ Leave prompt on Action checked [*]On the Log file tab leave the Log to file checked. [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log [*]Log mode = Append [*]Encoding = ANSI [*]Details Leave Names of file packers and Statistics checked. [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size. [*]On the General tab leave the Scan Priority on High [*]Click the Apply button at the bottom, and then the OK button. [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button. [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete. [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails. [*]Click 'Yes to all' if it asks if you want to cure/move the files. [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples) [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list [*]Save the report to your Desktop. The report will be called DrWeb.csv [*]Close Dr.Web Cureit. [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply.
  11. Yes it is normal for that to happen immediately after running Combofix. Please do the following: Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  12. Ok. The reason it keeps respawning is because it has patched a system file. We will repair it in the following script. 1. Please open Notepad Click Start , then Run type in notepad in the Run Box then hit ok. 2. Now copy/paste the entire content of the codebox below into the Notepad window: KILLALL:: FCopy:: c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll|c:\windows\System32\user32.dll File:: c:\windows\ativpsrm.bin c:\Windows\temp\mrtBB12.tmp\stdrt.exe 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply: Combofix.txt
  13. Hello humanoid Welcome to Malwarebytes. ===================== Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
  14. Great go ahead with the mbam and eset scan and post hose logs when they are completed. Then we can wrap it up.
  15. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKCU..\Run: [Awasu] File not found O36 - AppCertDlls: rdpcdt32 - (C:\WINDOWS\cscrrsm.dll) - C:\WINDOWS\cscrrsm.dll () [2010/09/23 14:48:01 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\cscrrsm.dll :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply. ================================Malwarebytes' Anti-Malware================================= Please update\run Malwarebytes' Anti-Malware. Double Click the Malwarebytes Anti-Malware icon to run the application. Click on the update tab then click on Check for updates. If an update is found, it will download and install the latest version. Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley. ================================Online scan================================= * Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Check next options: Remove found threats and Scan unwanted applications. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt Copy and paste that log as a reply to this topic
  16. Great please open OTL and click on Run scan and post the new log that opens. Also let me know of any remaining issues.
  17. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following :OTL [2010/04/07 00:16:40 | 000,015,802 | -HS- | C] () -- D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\C6158646 [2010/04/07 00:16:40 | 000,015,802 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\C6158646 [2010/02/23 20:54:15 | 000,013,094 | -HS- | C] () -- D:\Documents and Settings\Matt & Katie\Local Settings\Application Data\Xi7h20PI0 [2011/01/18 13:40:53 | 000,054,016 | ---- | C] () -- D:\WINDOWS\System32\drivers\qmqb.sys [2011/01/17 17:35:32 | 000,054,016 | ---- | C] () -- D:\WINDOWS\System32\drivers\pdcqgjh.sys [2011/01/17 08:49:37 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Kyelikerevaf.dat [2011/01/17 08:49:37 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Iyidites.bin :Commands [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply. ================================Malwarebytes' Anti-Malware================================= Please update\run Malwarebytes' Anti-Malware. Double Click the Malwarebytes Anti-Malware icon to run the application. Click on the update tab then click on Check for updates. If an update is found, it will download and install the latest version. Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley. ================================Online scan================================= * Go here to run an online scannner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Check next options: Remove found threats and Scan unwanted applications. Click Scan Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt Copy and paste that log as a reply to this topic
  18. Looking at your system now, one or more of the identified infections is a backdoor Trojan\Rootkit. If this computer is ever used for on-line banking, I suggest you do the following immediately: 1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. 2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. ============== 1. Open notepad and copy/paste the text in the codebox below into it: http://forums.malwarebytes.org/index.php?showtopic=72948 Driver:: geqttm Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\geqttm] RegLock:: [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] Collect:: D:\WINDOWS\System32\drivers\geqttm.sys D:\WINDOWS\System32\drivers\qmqb.sys D:\WINDOWS\System32\drivers\pdcqgjh.sys 2. Save the above as CFScript.txt 3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 4. During this run Combofix will collect and automatically upload some sample files. You will see it say Combofix needs to upload some samples. If it fails to do that do the requested steps at the bottom of this post to manually upload the samples. 5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply: Combofix.txt =========== Note:: If Combofix fails to upload anything please do the following: Go to Start > My Computer > C:\ Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip Click Here to upload the submit.zip please.
  19. You don't need an account just copy and paste the results. HiJack This! Forum Policy For you this means Bit Torrent please uninstall that program from add and remove programs.========== It has been a few days since you ran Combofix please do the following. Delete your version and visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
  20. Do you have a combofix log? If so post it but do refrain from doing anything further unless instructed to do so. Please submit the following files to one of these online file scanners. (All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit) D:\WINDOWS\System32\drivers\geqttm.sys D:\WINDOWS\System32\drivers\qmqb.sys D:\WINDOWS\System32\drivers\pdcqgjh.sys Jotti File Scan VirusTotal File Scan This will produce a report after the scan is complete, please copy and paste those results in your next post.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.