Jump to content

Search the Community

Showing results for tags 'urgent'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hello. If someone could help (or explain, if it's not a malware issue) i would be very thankful. A couple of days ago my mouse had some jumping issues and i've thought of it as related to hardware. But because of that i've been worried about my pc and i was more attentive. Today i turn off my pc and a process i've never seen appeared in the "Waiting for this applications to close before turning off". I can't unfortunately remember the name. It had NV - Class and a bunch of 0s in the name. I thought it couldve been a windows process, so just to see if i could see the exact name i turned on and off my pc again. This time i saw an application with a reddish eye orb as icon that i've never seen. Wasn't fast enough to see the name but i q
  2. I recently torrented software from a trusted uploaded on THAT website, and now something has access to my PC that shouldn’t possess it. Malware bytes and other anti malware software like adw and far are are being closed automatically. My free antivirus Avira is still working normally, and I’ve launched at least a dozen scans. It’s not reporting any further malware but I know it’s there. Notepad is among the software that auto closes as well. please advise, I do have a laptop nearby if that will help any. I’m ready at my phone to provide any necessary information.
  3. So I had been dealing virus for a lot of times but this one just seem to be very persistent i should say. The Adware keeps coming back no matter how hard I tried. I had been running registry check, booting in safe mode and do a recovey state and a lot more stuff like using 5 antivirus to handle this not to mention searching one by one files to search it's core but to my demise I couldn't find it's core till now. Any help for cleaning this adware? cause i had done a factory reset and it was still here :")). Thx before hand
  4. Hi So I have both Kaspersky and Malwarebytes and today kaspersky asked me to restart to complete an update. So I did and when it finished restarting it gave me an error saying my PC needs to be repaired and that the operating system couldn’t be loaded because a critical system mdriver is missin or contains errors. The file in question was Windows\system32\DRIVERS\MbamElam.sys and the error code was 0xc000007b. I don’t know what to do please help I have a lot of important info on this computer and I can’t go out to repair it because of the whole pandemic 😭😭😭
  5. I just bought Malwarebytes premium for 2 years, I have and inputted my license but once I click "activate license" I get "network connection - unable to contact license server" and "MBAM404101 - installation_token Not Found." Please help me out. -Also, I ran the "repair" option and did a reboot, still did not work. mbst-grab-results.zip
  6. Hello, my internet connection has been very slow, my disk usage is ramped up, and I noticed that Tamper Protection in Windows Security was turned off. There are also Windows Updates pending to download, but it also says the last time my system checked was when I was using my laptop in the morning. Anyways, please check out the attached logs, I have been here before and know you about FRST, here is the frst log and the addition log Addition.txt FRST.txt
  7. Hello, I've somehow managed to get an infection (or virus I'm not sure) by falling for a suprisingly realistic "free" scam. After they logged on to my Discord they sent messages and I was able to tell that this was clearly a virus so I deleted the files that I had downloaded and they didn't come back. Today they logged on once again threatening me that they might mess up my pc. I didn't belive they had access to my whole pc but after looking around in task manager I saw fontdrvhost.exe running off somewhere I didn't recognize so I searched it up. It lead me to a thread where somebody too had their pc infected by this. As of now they removed everything on my Discord account and I'm hoping they won't mess up my whole system. I'm pretty sure it would be different for every person so it would be really cool if you guys could help me out :)
  8. I ran the basic repair tool without thinking (I was fairly tired) and upon restarting, literally nothing works. I can log in alright but programs won’t run, either doing nothing or giving me error messages. I can’t even see any available networks never mind connect to them. I’ve gotten errors for the Microsoft Notification Center, windows firewall, windows update settings, and once there was even a log telling me that the video hardware itself was damaged, which never came back after a second reset. A system restore ends up failing as well, saying it can’t access a file. Please help me ASAP.
  9. So, recently I have been getting this extremely high cpu usage peaks on the svchost.exe and I figured it would be malware. At first I thought it was a hollow process and lost hope but tried anyways and it detected this. I have finals coming soon and lots of stuff to do and this needs to go ASAP. Could anyone please help me? also, when I google certain effective anti malware programs, my browser just shuts down.
  10. What happened is exactly as the title says. I just received an email that my account password was changed, and not only had the password been changed, but the email it was tied to was as well. I have, of course, already sent in a ticket, but as I really can't wait for this to go through, especially as it can take 2-3 BUSINESS DAYS, which would now be 4-5 days, I'm hoping that I can pull some attention here in order to expedite the process. This is beyond frustrating to me at the moment. Though, I do admit I can appreciate the irony behind it, the service I use to prevent people from infecting my computer with viruses and stealing my passwords, having my password stolen. But, still, this is just awful. If anyone here can either help me get the attention of an admin, or give me some solid advice, it would be appreciated.
  11. Hello, so today I encountered a new problem with my MBAM, seemingly out of nowhere. Never had this before. So I woke up, turned my screen on and my PC was completely 'censoreded up'. Loads of things had stopped working, I checked task manager and MBAMService.exe was having extreme memory leaks. I tried shutting it down, unable to. Had to do go through CMD and do it. And everytime, I shut MBAMService.exe down, it automatically started itself again. And it was still leaking, everytime. It went up extremely fast as well, several gigabytes in 30 seconds. CPU, Private memory, RAM. Video example: I have now just tried reinstalling MBAM, restarting my PC several times as well. The memory leak is gone, that's great. BUT, everytime i open the GUI and I click something, it stops responding. Unable to do anything at all in the GUI for 5 minutes. Also MBAM is unable to contact the licence server for some reason. I checked my hosts file and nothing is blocked. UPDATE: As I am writing this, MBAMService.exe has started with the memory leaks again. It's right now using 8 gigabytes, going up fast. Please help, thanks!
  12. Hi, my pc just got infected, and I was dumb for letting this happen, nevertheless, I need help. Been dealing with multiple CPU problems due to svchost. It started as a process with no name, which identified itself as a svchost.exe executable. Bought Iobit Malware Fighter just for this, but it became worse, everytime I turn my pc on, I'd have to boot it from groundup, choosing which OS to use (windows 8 and windows 8 fast mode (not so sure about the fast mode thingy but there are to OS present in my pc which I did not knew about.)) And now, it became svchost.exe.exe, which from what I read, is an actual virus. I need help asap. Heard from my friends that you guys helped him as well.
  13. Hello, I just bought a licence of Malwarebytes Premium and downloaded the application. When I try to Activate Licence, I type my license key and click on "Activate License", and this error appears: Then I press OK and this second message appears: These messages also appear whenever I start Malwarebytes. I've reinstalled, used the cleanup tool, all to no avail. I really need to get this working. Thank you for your help. mb-check-results.zip
  14. What is a Trojan.fakeoff.fy because it is on my pc currently and i have no clue what this is can someone help ? i can`t delete it from my pc so help
  15. HELP I recently downloaded some software off the internet and it gave me the following viruses: Version: 2.2.1.1043 Malware Database: v2017.03.21.01 Rootkit Database: v2017.03.11.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: samho (No malicious items detected) Folders: 5 Trojan.Clicker, C:\Users\samho\AppData\Local\Temp\20170321, , [c9dce0ec456390a6d81d760755ac7f81], PUP.Optional.Amonetize, C:\ProgramData\1490060700, , [a6ff1daf7f2967cfee0fb6350ff4ee12], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\content, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\META-INF, , [d1d44f7d45636bcb0337a8af887804fc], Files: 24 Adware.Yelloader, C:\Program Files (x86)\qdcomsvc\wkzwqj.exe, , [adf85c708d1b7cba7da7681005fc956b], Rootkit.Agent.PUA, C:\Windows\System32\drivers\drmkpro64.sys, , [ced767659117da5c657e62a4e71b6997], PUP.Optional.AnonymizerGadget, C:\Users\samho\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe, , [3471933956520b2b38336c150bf515eb], Backdoor.Bot, C:\Users\samho\AppData\Local\Temp\setup.exe, , [b7ee3b919711ab8bff4dce02fc054ab6], Adware.Yelloader, C:\Users\samho\AppData\Local\Temp\1490060700\s5-20150702.exe, , [4b5a4f7d1692ee483e67ea8ed32ed12f], Adware.Yelloader, C:\Users\samho\AppData\Local\Temp\1490060700\s5-20150702.zip, , [95100ebe8a1e2f0782237008fd047b85], Adware.Yelloader, C:\Users\samho\AppData\Local\Temp\20170321\ct.exe, , [c7deefdd2b7d1b1bae6f1c616a97af51], Rootkit.Agent.PUA, C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\drmkpro64.sys-k.mbam, , [01a4c9035c4cf83ec41fe4226c9640c0], Rootkit.Agent.PUA, C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\drmkpro64.sys-u.mbam, , [acf9f4d87830e84e5b88c73fb9498977], PUP.Optional.Yontoo, C:\Users\samho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage, , [b5f0ffcd5c4c142245ba2fd18d73b749], PUP.Optional.Yontoo, C:\Users\samho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal, , [3d68676500a872c4aa55ff0128d8748c], Trojan.Clicker, C:\Users\samho\AppData\Local\Temp\20170321\ct.zip, , [c9dce0ec456390a6d81d760755ac7f81], PUP.Optional.Amonetize, C:\ProgramData\1490060700\s9.zip.dl, , [a6ff1daf7f2967cfee0fb6350ff4ee12], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\0024397e, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\chrome.manifest, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\install.rdf, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\content\browser.xul, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\content\content.js, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\content\icon-48.png, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\content\icon-64.png, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\META-INF\manifest.mf, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.rsa, , [d1d44f7d45636bcb0337a8af887804fc], PUP.Optional.FastSearch, C:\Users\samho\AppData\Roaming\Mozilla\Firefox\Profiles\rubnuier.default\extensions\amcontextmenu@loucypher\META-INF\mozilla.sf, , [d1d44f7d45636bcb0337a8af887804fc], Hijack.HostFile, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (127.0.0.1 clients2.google.com ), ,[4a5b6f5dabfd1c1ab6b497bba55b9967] Whenever I try to remove them my computer crashes. I have to bring it to school please help
  16. Hello, It began with me noticing odd behaviour from malwarebytes anti-malware, the latest version. I am a premium user. For whatever reason, the anti-malware program did not boot with my start-up as it always does. I booted it up myself, and the anti-exploit component module would not start. It was stuck saying "starting...". I was a malwarebytes anti-exploit user before the most recent update to v3. I uninstalled malwarebytes anti-malware and removed everything from the anti-exploit manually except mbae64.sys which would not delete as it claimed it was currently in use. I rebooted in safe mode and removed mbae64.sys manually along with several other programs (firefox, vlc, ccleaner as I felt it time to update them freshly). I reinstalled malwarebytes anti-malware, the latest version, and ran a scan. It found 6 instances of trojan.siredef.c and attempted to remove them. While it was removing it said, on the last one for example, it was removing 6 of 0 items. It counted up to 6 out of 0 items which I found was weird. I restarted after the removal/quarantine (can't remember which) and now malwarebytes anti-malware is not enabling any of the protection modules and when I try to open its window it is crashing. I attempted a reinstall but the same problems persist. I have not been able to re-enable premium on my malwarebytes anti-malware. Specifically, the crashing issue with malwarebytes is when I try to run as admin, or non-admin, I right click on the tray icon (which is appearing) and click on "Open Malwarebytes". Initially it would crash doing this. Now, for the first time as of writing this, I have succesfully opened its menu. It is now however not able to start both the exploit protection module and the malware protection module and both constantly say "starting..." even after waiting for a length of time. Help is greatly appreciated as I want this problem resolved as swiftly as possible. I have attached a copy of my PC info gathered from running: windows key + r -> msinfo32 -> file -> eport pc_info.txt
  17. Hello, I'm pretty sure I'm infected, but I have need for a tool to actually fix the rootkit. I tried many programs like, tdsskiller, roguekiller, malwarebytes, esetonlinescanner. Except for roguekiller none of the programs are able to detect anything at all. Is anyone able to give me more information after a look into the log files , which I will provide after my message ? Symptons are critical : Application Hangs, system crashes, slow loadingscreen when logging in. If I run a full gmer scan i get a BSOD ( pwlyrpow.sys ). But halfway it already detects the rootkit as you can see below in the log from a canceled scan. In safemode it doesn't detect a thing both with gmer and roguekiller , but on normal boot it finds a rootkit. Probably infected multiple computers on my network. I really need urgent help. GMER LOG ( INTERRUPTED CAUSE OTHERWISE BSOD ) : GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-24 11:19:25 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EMT0 232,89GB Running: hxw5rr27.exe; Driver: C:\Users\ICTSTA~1\AppData\Local\Temp\pwlyrpow.sys ---- System - GMER 2.2 ---- SSDT A383589C ZwCreateKey SSDT A3835554 ZwCreateMutant SSDT A382809C ZwCreateProcess SSDT 88DF82AC ZwCreateProcessEx SSDT A383541C ZwCreateSymbolicLinkObject SSDT A3835614 ZwCreateThread SSDT A38355D4 ZwCreateThreadEx SSDT 88DBB2A4 ZwCreateUserProcess SSDT A383539C ZwDebugActiveProcess SSDT A383581C ZwDeleteKey SSDT A383575C ZwDeleteValueKey SSDT A38353DC ZwDuplicateObject SSDT A3835594 ZwLoadDriver SSDT A3828A0C ZwOpenProcess SSDT A383571C ZwOpenSection SSDT A38358DC ZwOpenThread SSDT A38357DC ZwRenameKey SSDT A383579C ZwRestoreKey SSDT A3835514 ZwSetSystemInformation SSDT A383585C ZwSetValueKey SSDT A38359A4 ZwTerminateProcess SSDT A3835964 ZwTerminateThread SSDT A3835654 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 8328BB75 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C5C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 832CD0C4 4 Bytes [9C, 58, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 832CD0D4 4 Bytes [54, 55, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 832CD0E8 8 Bytes [9C, 80, 82, A3, AC, 82, DF, ...] {PUSHF ; ADD BYTE [EDX-0x207d535d], 0x88} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 832CD104 12 Bytes [1C, 54, 83, A3, 14, 56, 83, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 832CD120 4 Bytes [A4, B2, DB, 88] .text ... ---- EOF - GMER 2.2 ---- ROGUEKILLER LOG RogueKiller V12.8.2.0 [Nov 21 2016] (Free) door Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Gestart in : Normale mode Gebruiker : ictstage [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Datum : 11/24/2016 09:31:39 (Duration : 00:40:11) ¤¤¤ Processen : 1 ¤¤¤ [Suspicious.Path|VT.Unknown] DiskSpaceReport.exe(5976) -- C:\Users\ICT Stage\AppData\Local\Apps\2.0\CEGAZL28.9KW\RBBTDHD1.9GB\disk..tion_313ead9e3b4e0c7d_0001.0000_d0a270ab82505986\DiskSpaceReport.exe[-] -> Gevonden ¤¤¤ Register : 3 ¤¤¤ [PUM.SearchPage] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden [Suspicious.Path] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\87f1d5 | Name : C:\Users\stefan\AppData\Local\Temp\FEE9.tmp [x] -> Gevonden [PUM.StartMenu] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Gevonden ¤¤¤ Taken : 0 ¤¤¤ ¤¤¤ Bestanden : 10 ¤¤¤ [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Hj.Shortcut][Bestand] C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:\Users\Daphne\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:\Users\Public\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Host-bestand : 0 ¤¤¤ ¤¤¤ Antirootkit : 23 (Driver: Geladen) ¤¤¤ [SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88dfe634 [SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88dfe2ec [SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffffa383f224 [SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffffa384205c [SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88dfe26c [SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88dfe3ac [SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88dfe36c [SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffffa380946c [SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88dfe1ec [SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88dfe5b4 [SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88dfe4f4 [SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88dfe22c [SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88dfe32c [SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88dfe734 [SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88dfe4b4 [SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88dfe674 [SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88dfe574 [SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88dfe534 [SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88dfe2ac [SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88dfe5f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88dfe6f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88dfe6b4 [SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88dfe3ec ¤¤¤ Web Browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250G +++++ --- User --- [MBR] 9dea2cce5d397c40364d87474a7f5c03 [BSP] e08755fbcb097102347ebf10a8e176d6 : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 13067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26763264 | Size: 225404 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  18. There's this really annoying browser hijacker that's there on my browsers; Chrome and Firefox. I tried everything but it just doesn't go. Help? The browser opens up this website www.yeabest.cc and then redirects to 9o0gle.com
  19. Hi, everyone. About 2 weeks ago, my half sister messaged me saying that when she was trying to watch a movie on her PC, it kept making beeping noises or similar. I checked it out the next day and she was infected with Cryptowall 3.0. She more than likely got it from uTorrent/BitTorrent(where she downloads movies from). She had Malwarebytes installed, but every time we tried to launch it, it would be extremely slow and then crash. I tried many times and it didn't work at all. I booted the PC into Safemode with Networking and cleared out as many files the ransomware copied(in EVERY single folder on the PC) then tried Malwarebytes again- same result. I downloaded Hitman Pro, and after a while it detected everything then removed it all. A restart showed that it was fully gone, but my half sister still wanted to use her torrent. My dad showed her *ahem* alternative sites *cough* but I'm pretty sure she is still using the torrent. If you think this is an advertisement, it really isn't. I just want to let you all know that Mbam didn't work when I tried to scan the system AND it worked before I restarted the machine. I would've taken some samples if you are all still trying to solve Cryptowall, but I really don't want my external hard drive encrypted. Although.. the log may be there somewhere, if thats any use.
  20. I believe that my explorer.exe has been compromised by a new version of Poweliks, every time I start up my computer after a few moments a large number of comhost and windows presentation processes show up in my process list and cause my CPU usage to skyrocket from 5% to 80%-99%. In my attempts to remove the malware I booted my computer in safe mode and found with some tinkering that the problems only happen when i run explorer.exe and connect to the internet. Ontop of this i have also noticed briefly upon shutting down my computer that advertisements will show up as the computer turns off, likely running in the background the entire time. At this time i believe that explorer.exe is the only compromised process as it is the only one that triggers the other programs. I decided to compare my computer's symptoms with reported malware and i think that Trojan.Poweliks is the most likely culprit. I decided to try and run avast, i found that avast refuses to open. So I went and downloaded the installer for Malwarebytes and found that upon running the installer it would simply refuse to start the installation process, no error code or anything, it just wouldn't run. Next I looked on the forums to try and figure out how to get MBAM to install, found a topic saying that chameleon would work, it didn't. After that i tried getting ADW cleaner, it ran just fine but couldn't detect any problems, should've figured as much in hindsight as this is a rootkit infection. Having exhausted these options i found Malwarebytes Anti-Rootkit BETA and decided it was worth a shot, like with MBAM, MBAR wouldn't run. So here i am hoping that someone can help me finally get rid of this thing, it's been on my computer since yesterday and i just want it gone. Thank you for taking the time to help
  21. When I reboot from avast software program and anvirus definition update it gets an error "The application was unable to start properly (0xc0000906). Click OK to close the application.", same goes to Malwarebytes Anti-Malware. Many pop-ups from windows defender appears that malware is blocked, later then I found out I'm being infected by Trojan:Win32/Patched.AP (quarantined then removed) from a simple scan thanks to the only remaining antimalware that still can open during this time, Windows Defender, when another antimalware that I can open fail to do so (Iobit Malware-fighter). But that has not solved the issue. Antivirus, Malwarebytes and other major programs and security software still cannot be opened due to dnsapi.dll: lsass.exe - Unable To Locate Component "This application has failed to start because DNSAPI.dll was not found. Re-installing the application may fix this problem." even in Chameleon Malwarebytes also fail to start because it's not independent from dnsapi.dll (which for me, quite a flaw compared to Windows Defender and Iobit Malware-fighter that does not require dnsapi.dll to run) I need help to restore dnsapi.dll and clean all the malware without the need to recover to an earlier state since system restore and system protection also fails to start and I don't wish to reinstall windows all over again. I tried all combination possible of cmd commands (like: sfc /scannow), regedit, accidentally installing bloatware that happens to be fake "registry fixer", using AdWare cleaner, junkware removal tool, farbar, unlocker, none worked so far. Here I attached some files from FRST. I need urgent help. Thanks for the reply.​ Addition.txt FRST.txt
  22. I had a problem earlier, I couldn't click on anything so I tried to fix it and it was fixed! But now I have a bad image error constantly popping up and I really need assistance !!!
  23. I've done a malwarebytes scan in safe mode with nothing found, tried doing some troubleshooting in the services and so on and so forth. Basically when I try to turn on the firewall it says that it needs to be done manually and then when you try to turn it on manually it comes up with error code 0x8007042c. I've tried turning on the service but I get "Error 1608: The dependency service or group failed to start." As far as the Malicious Webiste Protection, it will disable itself right after I enable it under the settings. Farbar Service Scanner Version: 17-01-2015 Ran by Jonathan Romero (administrator) on 22-05-2015 at 21:13:56 Running from "C:\Users\Jonathan Romero\Downloads\Software" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== System Restore: ============ VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 RpcSs Service is not running. Checking service configuration: The start type of RpcSs service is OK. The ImagePath of RpcSs service is OK. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  24. I've done a malwarebytes scan in safe mode with nothing found, tried doing some troubleshooting in the services and so on and so forth. Basically when I try to turn on the firewall it says that it needs to be done manually and then when you try to turn it on manually it comes up with error code 0x8007042c. I've tried turning on the service but I get "Error 1608: The dependency service or group failed to start." As far as the Malicious Webiste Protection, it will disable itself right after I enable it under the settings.
  25. Hello every one So i downloaded pirated game from internet my c drive space i slowly going down and occasionally my gpu usage goes up to 99% [measured by HWmonitor] so i researched on net and i guess that the game installed a bitcoin miner what should i do now ? i use bitdefender[free] and malware-bytes anti malware[free]
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.