Jump to content

Search the Community

Showing results for tags 'Rootkit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Symptoms: 1. Logon results in Malwarebytes displaying a pop-up "unable to load the Anti-Rootkit DDA Driver. Asks if I want to try a reboot. 2. Replying to the boot question in 1. results in a quick pop-up saying : "SDKCreate failed with code 20023". This small window displays for less than a second. 3. Manually bringing up the Malwarebytes screen from a user account shows no Real-time Protection, but from an admin account, shows it as still on (Fully Protected). 4. "Start Malwarebytes Anti-Malware with Window" in Advanced Settings is being turned off on user and admin accounts. 5. My second Windows 10 system, on my LAN, is also infected with the same symptoms. Status: Malwarebytes Antimalware Premium has been running on both systems continuously for about a year. Ran a Custom Scan with Antimalware (with Scan for Rootkits checked) but nothing was found. This is on my faster deskside system. My laptop is still running the Custom scan. Farbar Recover Scan Tool reports (run from a non-admin account) follow: Dan P.S. First attempt to post was rejected as too long. So I'm attaching the files instead. -------------------------------------------------------------------------------------- FRST.txt Addition.txt
  2. Hello, about two days ago I tried to download some music through a site. After he download finished, though, I was bombarded by popups and new search bars, and the usual adware. I instantly ran malware bytes and scanned my system, malwarebytes found about 2 thousand PUP viruses and and several rootkits (look at scanlog 1 file). After the reboot, I then ran malwarebytes again because a search bar remained on my desktop that was obviously a virus. The scan found several more PUP's (look at scanlog 2 file). At first, I thought that it was all over, but then I noticed how many of my desktop icons and permissions had been tampered with, whenever I try to open an app, such as the calculator, the message, "the calculator app can't be opened with a built in administrator account. Sign in with a different account and try again." This is when I discovered that my rootkit was not completely gone. I subsequently researched more scanners that could identify the rootkit, I downloaded avast, and it identified the name of it, Win32:Rootkit-gen. Unfortunately, it was not able to remove it, and gave me the error message, "error: the system cannot find the file specified." I then researched Win32:Rootkit-gen and came across a plethora of anti-rootkit scanner's. I have tried the following: malwarebytes' anti rootkit, Kapersky's TDSS killer, Winders defender online, Avast's anti rootkt, and GMER. All failed, but I must note that when I ran GMER, twice mid way through the scan, an error message that was just a large image and not by microsoft, popped up saying I must restart my computer, and then forcefully restarted my pc. I also ran super anti spyware and found about 300 issues(see super anti spyware log file). Any help would be much appreciated, and I am willing to try all of these programs again, if needed. Also, I have uninstalled my torrenting program. Thanks -Brian scanlog1.txt scanlog2.txt SUPERAntiSpyware Scan Log - 01-13-2016 - 09-53-53.log
  3. Hi, I just used antimalware, rebooted and now i can't use chrome, even if I can actually see i'm connected pinging my modem. There's something locking out all the connections to sites such as Google or Yahoo. Can you please help me restore my connection?
  4. I've been trying to clean a Win7 pc that was hit with a rootkit and multiple viruses. It's been running Symantec Endpoint Protection which logged tons of Trojans being found but couldn't eliminate the problem. Since then, I installed the trial version of Malwarebytes ver 2.2.0.1024 which found and deleted more modules. I activated Scan for Rootkits and kept scanning. After multiple clean scans, I activated the option to Run Malwarebytes Advanced - , Enable Safe Protection Early Start. After selecting that option, I restarted Windows and Malwarebytes started early but it only displayed a white box with nothing inside regarding the operation being run. This message was also displayed: I received the same error mentioned in this posting: https://forums.malwarebytes.org/index.php?/topic/175443-mbam-premium-was-unable-to-load-anti-rootkit-driver-error-20025/?hl=20025 I left it open for 30 minutes with no change, I opened task manager, ended the Malwarebytes application and the desktop was displayed again. After running another scan, Malwarebytes logged the following: Rootkit.0Access was quarantined. How do I make sure it's clean without a Clean install of Windows?
  5. I have today turned on my computer, and the malwarebytes anti malware opened saying that it could not load the dda drive to scan root kits. So i googled this and found this forum with some information to restart the computer which i did several times (also said by the program) which did not help. The message kept appearing. So i installed the malwarebytes anti rootkit, and did a scan and it said there was no suspicious malware. So i again opened the malwarebytes anti malware, it still gave me that message. So i restarted again. What i notice during this porcess is that it gave a smaller window for like one second something like error.. Then bunch of numbers. Another thing is that i was on the non adminstrator account. So i decided to remove the anti malware and reinstall. Then i opened it again and there was no error message. Scanned for rootkits and other stuff. There was no malware. So i went to the adminstrator account. Then i opened the anti malware, then there was no message. Then i closed it and several minutes later i reopened it and got the same message! So i have right now downloaded the beta anti rootkit scanner again to this account and am running the scan. I am really confused as the message appears sometimes then does not appear. The anti rootkit from the same company and the scanner which when it did not give the message indicates no rootkit. Is this due to the rootkit preventing the scanners to scan for it? I am very confused. What should i do next?
  6. I am wondering if it's something to do with the fact that I have the standalone MBAR anti-rootkit app on my machine? I run it manually every so often and it has not detected anything (extra insurance, I suppose) MBAM and my AV all seem to be running and updating fine, and I'm not seeing anything I'd consider anomalous. If I need to remove MBAR, should I consider reinstalling MBAM?
  7. I believe that my explorer.exe has been compromised by a new version of Poweliks, every time I start up my computer after a few moments a large number of comhost and windows presentation processes show up in my process list and cause my CPU usage to skyrocket from 5% to 80%-99%. In my attempts to remove the malware I booted my computer in safe mode and found with some tinkering that the problems only happen when i run explorer.exe and connect to the internet. Ontop of this i have also noticed briefly upon shutting down my computer that advertisements will show up as the computer turns off, likely running in the background the entire time. At this time i believe that explorer.exe is the only compromised process as it is the only one that triggers the other programs. I decided to compare my computer's symptoms with reported malware and i think that Trojan.Poweliks is the most likely culprit. I decided to try and run avast, i found that avast refuses to open. So I went and downloaded the installer for Malwarebytes and found that upon running the installer it would simply refuse to start the installation process, no error code or anything, it just wouldn't run. Next I looked on the forums to try and figure out how to get MBAM to install, found a topic saying that chameleon would work, it didn't. After that i tried getting ADW cleaner, it ran just fine but couldn't detect any problems, should've figured as much in hindsight as this is a rootkit infection. Having exhausted these options i found Malwarebytes Anti-Rootkit BETA and decided it was worth a shot, like with MBAM, MBAR wouldn't run. So here i am hoping that someone can help me finally get rid of this thing, it's been on my computer since yesterday and i just want it gone. Thank you for taking the time to help
  8. Hi Ii want to check that my pc is no longer infected
  9. Hello, COMODO Cleaning Essentials found this: http://s15.postimg.org/bla5k6z7e/Sn_mek_obrazovky_426.jpg Addition.txt FRST.txt
  10. I just did a full scan of my other laptop with Malwarebytes Anti-malware and got the following detection "Unknown.Rootkit.VBR" "Physical Sector" "Master Boot Sector on Volume #0" As per the image below. The laptop is an HP Compaq running Windows 7 Professional (x64). It is fully updated with MS patches except for those related to the Windows 10 Upgrade & the associated telemetry updates. In addition I have used the group policy editor to stop the Windows 10 upgrade via Windows update as it had downloaded & tried several times to install Windows 10 even though I had not even reserved it with the GWX tool. These are all gone now as well as the 6GB Win 10 download. The default browser is Firefox, which is the latest version as are all plugins such as Java and Flash fully updated. The system is actively protected with a fully updated version of Kaspersky Internet Security 2015. The scan with Malwarebytes was a full scan resulting in a detection of: Physical Sectors: 1Unknown.Rootkit.VBR, Master Boot Record on Drive #0, , [6a2e3c5d9d1d5d40f76f1e803d65c7d7], (as per the attached scan result mb result.txt) A couple of weeks ago I was using the laptop watching a movie. It overheated and then shut down automatically. I then stripped it down to check the fan and the heatsink to make sure the cooling system was ok. After reassembling the system and restarting I got a Smart warning of HDD failure. I removed the HDD and backed up all data to an external drive and made images of the partitions with acronis true image. I replaced the HDD with a new 500GB drive and re-imaged the system. On restarting on the new drive I got a similar warning then a warning about a corrupted boot sector. After running check disk and checking the active system partition and boot flles and then correcting the BCD file with bootice so that it directed to the Windows partition the system then booted ok once I had re-hidden the active boot system partition. Incidentally I then also did the same for the original HDD and that also then booted ok. Upon testing with HP tools at boot both drives showed no fault or error. I decided to continue using the new HDD which is where the rootkit has been detected by malwarebytes. Both Kaspersky & tdsskiller scans come up as clean. The partition layout is as per the attached picture below. The active partition is labelled SYSTEM and is an HP factory primary partition (NTFS) containing the boot files and BCD file that directs to the Windows partition. The other primary partitions are the Recovery partition (NTFS) and the HP Tools Partition, which is FAT32. The C- Windows partition and the Files partition are part of a logical drive, both NTFS. Boot Ice has the following Info regarding the drive structure When I ran Testdisk as per the picture below it has something about "Bad sector Count" This is the testdisk log (ignore the 2TB attached external drive): Tue Sep 8 23:10:28 2015 Command line: TestDisk TestDisk 7.0, Data Recovery Utility, April 2015 OS: Windows 7 (7601) SP1 Compiler: GCC 4.8, Cygwin 1007.34 Compilation date: 2015-04-18T13:01:55 ext2fs lib: 1.42.8, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20120504, curses lib: ncurses 5.9 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=500107862016 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdb)=2000398934016 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=500107862016 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive1)=2000398934016 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C:)=102164856832 disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\D:)=2000396746752 filewin32_getfilesize(\\.\E:) GetFileSize err Incorrect function. filewin32_setfilepointer(\\.\E:) SetFilePointer err Incorrect function. Warning: can't get size for \\.\E: disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\F:)=375809638400 Hard disk list Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63, sector size=512 Disk /dev/sdb - 2000 GB / 1863 GiB - CHS 243201 255 63, sector size=512 Drive C: - 102 GB / 95 GiB - CHS 12420 255 63, sector size=512 Drive D: - 2000 GB / 1863 GiB - CHS 243201 255 63, sector size=512 Drive F: - 375 GB / 350 GiB - CHS 45689 255 63, sector size=512 Partition table type (auto): Intel Disk /dev/sda - 500 GB / 465 GiB Partition table type: Intel Analyse Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63 Geometry from i386 MBR: head=255 sector=63 NTFS at 0/32/33 Info: size boot_sector 407545, partition 407552 NTFS at 58136/44/21 FAT32 at 60787/106/56 Info: size boot_sector 210944, partition 210944 FAT1 : 32-849 FAT2 : 850-1667 start_rootdir : 1668 root cluster : 2 Data : 1668-210943 sectors : 210944 cluster_size : 2 no_of_cluster : 104638 (2 - 104639) fat_length 818 calculated 818 NTFS at 25/159/7 Info: size boot_sector 199540729, partition 199540736 NTFS at 12446/149/56 Current partition structure: 1 * hid. HPFS/NTFS 0 32 33 25 126 37 407552 Bad sector count. 2 E extended 25 126 38 58136 44 20 933548032 3 P HPFS - NTFS 58136 44 21 60787 106 55 42592256 4 P FAT32 LBA 60787 106 56 60800 140 12 210944 [HP_TOOLS] 5 L HPFS - NTFS 25 159 7 12446 117 23 199540736 X extended 12446 117 24 58136 44 20 734005248 6 L HPFS - NTFS 12446 149 56 58136 44 20 734003200 #1441750659 Disk /dev/sda - 500 GB / 465 GiB - CHS 60801 255 63 1 : start= 2048, size= 407552, Id=17, * 2 : start= 409600, size=933548032, Id=05, E 5 : start= 411648, size=199540736, Id=07, L 6 : start=199952384, size=734005248, Id=05, X 6 : start=199954432, size=734003200, Id=07, L 3 : start=933957632, size= 42592256, Id=07, P 4 : start=976549888, size= 210944, Id=0C, P I have attached both logs from Farbar recovery scan tool, but have yet to use malwarebytes to remove the detected possible rootkit. Please can you help me determine if this is a real rootkt infection or maybe a false positive or is it some corruption of the boot sector? If I use malwarebytes to remove this I'm worried the system might not be bootable at restart? I've used bootice to make a backup of the MBR and PBR's for the partitions. I'm just a bit stuck as to whether this bad sector count is maybe caused by the rootkit or the detection is a false positive as a result of some corruption in the boot sector or partition table. Any help here would be appreciated. FRST.txt Addition.txt mb result.txt
  11. Well ... hello there, Malwarers ... I was wondering if anyone here could tell me what the freak has happened to my computer that caused my Windows 10 to not startup properly anymore? This morning I'd received a prompt of some kind from Malwarebytes regarding some rootkit scan feature that if I were to get it, I must first restart. So, I did. Turns out, this is bloody well the worst decision I've ever made because when my computer did start back up ... it just loaded into its Automatic Repair module which had nothing that would work for my computer expect the Reset PC option (which has deleted a NUMBER of valuable files (and no, I do not care to read any 'well, you should've backed them up' bullcrap, so please and thank you, withhold that nonsense)). A part of me feels like I should take on the mentality of 'Malwarebytes caused this, so I'm no longer going to use it' ... but that doesn't fit my style. In all ado, could someone here please tell me what is the cause of this and if it was maybe in fact inevitable? Many thanks for any help and/or info, ~ JBJblaze
  12. Scanned system using Malwarebytes Anti-Malware v2.1.6.1022, there were no problems. I then installed the new update (v2.1.8.1057) and it gave me a Malware Threat indicating Unknown.Rootkit.VBR, Location: Physical Sector #0 on Volume #2. I removed the threat and rebooted. The system gave me an error indicating there was no operating system. After running several diagnostic programs, it showed that my Windows volume had been wiped completely. It was now only Unallocated Space. Fortunately, I had an image of the volume I made on Sunday, June 28 which I restored using TeraByte's Image for Windows. Thank God that worked! Whatever you do, do not remove the Unknown.Rootkit.VBR. For further information, I am dual booting Windows 7 Professional using TeraByte's BootIt Bare Metal. One volume is on a 240GB OCZ Vertex 3. The BootIt program resides on this SSD using 5MB. The second version of Win7 is on a Samsung 850 EVO (500GB SSD). Each SSD is on its own separate SATA 3 port and neither volume can be accessed from the other but are hidden from one another.
  13. Hello everyone! questions :: Malwarebytes Anti-Malware has rootkit tool. What is the difference between this software and Malwarebytes Anti-Rootkit Beta? There is need to use the two software, one complementing the actions of another? When using the Beta? Grateful for the attention!
  14. Referring to my original topic here: https://forums.malwarebytes.org/index.php?/topic/166965-anti-rootkit-malware-scanning-working-for-administrator-only/ The computer in question is a Lenovo T420s Thinkpad laptop running Windows 7 Home Premium with a Intel Core i7-2620M processor at 2.70GHz and 8GB of DRAM and a 128GB SSD. Essentially, I believe my computer is still somewhat infected because: 1. When scanned with the MBAM free trial premium (?) version (which I have 6 hours left as of this writing) as an administrator, rootkit scanning went through and took 5+ hours to scan all my drives. It found one item and quarantined it. See attached screen shot pic of what was quarantined - it was removed after I took the screen shot. 2. Just noticed that MBAM is disabled to start with Windows ... re-enabled it in the settings check box and hopefully it will start with Windows. Will attempt to load MBAM with a standard account to see if the problem persists. Tried to copy and paste the FRST and Addition text files here but they are too large for this space. Therefore, I have no choice but to attach it - instead of copying and pasting as suggested originally. Please Help. FRST.txt Addition.txt
  15. Hi, First time here. On one of my computers - a laptop, I have 3 accounts. 2 administrators and 1 standard user. Recently, it seems that I have experienced an episode of vanishing files - rootkits? Since then, I have had a new installation of Malwarebytes free trial and on both administrators accounts, the recent / current scan was clean. However, when I try to engage Malwarebytes on the standard user account, Malwarebytes will not start unless I disabled rootkit scan. The exact description of the situation is that a pop up window with a message that asks me to either disable rootkit scan or reboot and then try restarting Malwarebytes again after reboot comes up every time. All this time the standard use is the only user logged onto the computer. Obviously, after rebooting, Malwarebytes still won't start WITH rootkit scan enabled. I will try the option of attempting to start Malwarebytes without rootkit scan and see what happens after finishing with this message. Questions: 1. Have I completely removed rootkit malware? If the administrator scan came up empty and I am up to date with all my Windows updates, I should be fine right? 2. If I have removed the rootkit malware, how do I get the standard user account to be fully protected if I cannot get it to engage with rootkit protection? 3. If I have not completely remove the rootkit malware, how should I proceed to get it completely removed - this is when the standard user could not engage rootkit protection and Malwarebyte will only engage with rootkit scan disabled. HELP!
  16. So after running a 'Threat Scan' with MBAM free, SYSTEM32\drivers\ntfs.sys as an unknown rootkit driver. This is on a XP sp3 pc. I further scanned said file with Zemana antimalware, (6) engines, and file showed clean, as did a scan with qihoo 360 TSE.
  17. I might have gotten rid of the root kit...or some of it. I had an program called Conime.exe running at startup and one of the MANY tools I've downloaded and tried got rid of that. Every single scanner I have says that my system is clean. But every single time I start up Chrome "Popdeals" is running. It isn't listed under extensions, but if I go to the Chrome Task Manager I can kill it there. Attached are the logs from FRST64. I'm really frustrated. Plus, this is my wife's computer which I was using - not even my own. (ps - I believe I did it when I was attempting to fix a bricked Nexus 7 2013 and I ended up going somewhere / downloading something that I didn't know what it was) Thanks in advance. You'll be saving me so much stress! Addition.txt FRST.txt
  18. I wanted to report to you that these files (txt entry) are safe and except them in future updates. The program considers these files as rootkits, but these are the original files from Microsoft. Even if I add an entry to the program ignore it, it would still detects and shows me a false alarm at the end of the scan. false rotkit detection.txt
  19. Recently, one of my other computers had a rootkit. I had a USB plugged into that computer for a while with some files that I needed. I finally got rid of the root kit on my main computer, but I plugged the USB that was in the computer into my macbook air to get the files I needed off of it. Now I feel like my macbook air has some kind of virus or rootkit. Yesterday I was doing some work, and I was using the calculator on the far left panel, then when I was writing down my calculations, I saw the panel switch back to the main screen by itself. I just want to make sure I did not transfer the rootkit to my laptop as well. Any help would be greatly appreciated! Thank you so much.
  20. I have been having a nightmare with this! tried everything! Please assist.. Don't know if I have run the proper programs.. I've attached 2 below dds.txt attach.txt
  21. Hi, after I ran malwarebytes and found Trojan.Agent I ran RogueKiller and found this. RKreport.txt
  22. Hello, I need help with a rootkit , I mean I think i have one. I did some research of my own and used some programs to scan for the rootkits and here are the logs. Thanks FRST.txt RKreport_SCN_12292014_195702.log Search.txt
  23. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I had some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy out and there goes another $120 to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am usingnow is my desktop. I did a system restore (and was only allowed a few weeks back), about a week ago, this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. Before this whole nightmare I was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they're just waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I am off to bed, but will be checking for responses around 7-8am Eastern Standard Time and throughout the day. Sincerely, Stephen Kelly (Spkelly9807)
  24. Hello. Last Night I began experiencing several blocked outbound connections to publicintelligence.net. Later (Roughly 10 minutes) Malwarebytes alterted me that it had features disabled, and settings changed. Among the changes were the removal of rootkit detection, self-defense, and malicious website protection. Now my C drive seems to be filled up with a lot more than it used to be, and whenever I restart my computer there are two icons added consistently to my desktop. Which seem to be shortcuts to my user profile, and "This PC," which I find odd. Mid day I experienced odd mouse behavior, and the disabling of features of Malwarebytes again. Any advice would be helpful. I am worried the rootkit has infected my PC to such an extent that I may have to format the C drive to avoid liability from being on a botnet, etc. Malwarebytes rootkit removal does not detect anything, nor does Malwarebytes virus protection. Yet, Roguekiller is picking up: ¤¤¤ Registry : 4 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50DDBE75-4AC3-49E2-BD23-045AE7C172B5} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{50DDBE75-4AC3-49E2-BD23-045AE7C172B5} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found ¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - CreateTransactionContext : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b3ee0[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - GetTransactionContextTransactionId : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b43a4[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - CreateDatapointValueList : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b2d18[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - GetExperienceId : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b3748[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - DestroyDatapointValueList : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b2da4[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - AddStringToDatapointValueList : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b2f08[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - RecordScenarioQos : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b32f4[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - DestroyTransactionId : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b4548[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - DestroyTransactionContext : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b4108[iAT:Addr] (explorer.exe @ SettingMonitor.dll) ext-ms-win-winbici-l1-1-0.dll - StartExperience : C:\WINDOWS\SYSTEM32\winbici.dll @ 0x7ffd0a8b25a8
  25. Yesterday, I noticed that I could not launch my VPN program, Faceless.ME (which uses OpenVPN, I think). It went missing from my PC overnight, and was first noticed when my start menu link referenced a deleted executable. I tried downloading the software, but ALAS! I could not download it! Firefox reported the download contains no data. I then proceeded to download the EXE from my phone successfully. I transfered it to my PC and upon trying to launch it, the EXE was gone! YES gone! Additionally, I tried downloading mediaget at http://mediaget.com/download.php and received a blank page on visiting the URL. PC is running Avast. Malwarebytes found nothing. Attached my GMER log: gmr.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.