Jump to content

Search the Community

Showing results for tags 'Maleware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 17 results

  1. Hey I'm new, so I hope I spotted the right location for this following question: I checked my Windows Partition for maleware and was suprised, that some files are reported, which might be actually a false positive. I'm not sure about it though. All files are located at some subfolder in "Win Kit", which should be legit. The Folder itself is owned by the user System, if it matters. Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 09.09.21 Scan-Zeit: 12:13 Protokolldatei: 971536ea-1156-11ec-b63c-00155d9f235c.json -Softwaredaten- Version: Komponentenversion: 1.0.1453 Version des Aktualisierungspakets: 1.0.44771 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 22000.176) CPU: x64 Dateisystem: NTFS -Scan-Übersicht- Scan-Typ: Benutzerdefinierter Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 428119 Erkannte Bedrohungen: 17 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 1 Std., 4 Min., 53 Sek. -Scan-Optionen- Speicher: Deaktiviert Start: Deaktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 17 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\ASSESSMENT AND DEPLOYMENT KIT\IMAGING AND CONFIGURATION DESIGNER\X86\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\ASSESSMENT AND DEPLOYMENT KIT\WINDOWS SETUP\X86\SOURCES\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEAPP.EXE, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 6BDB234968BBB3F23DE160BDF4293F94, 738C171ACA2D232112CE097FC15CB72777A67F86DB1C9919429115FF1DFB4124 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\PARSEMANIFESTLITE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 81BBC7F98725F4CB7CFC919E97240E8A, B4BE46675225329802F82B05465A7C182825AE3A90B1184BF72E12EC546718AB Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\IMAGESTORAGESERVICE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, D43C0C1BDA8A7F931BDAC7BB021A2DBE, 7897116D759400A6E4948E521109175581ED5AF530085A06D59697663F257D71 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\LOCBOOTPRESETS.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, FD2763E6B672AC8BAC9C5B4DE48F8BCE, 2F26ED4C9728F0B7F1311866856160D439A784BCB75FF399F61A7CE06C85EDC0 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\CBSCORE.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 914A523E7171C1BB3EBCC5E9EDEC4CB9, 4C4B4B2EA869E8E07D4D18431BF862E89610975C730A4EA1BB806877585AB1E5 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEDLL.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, CF6BE6E3E9116AAE007F4052DBDAA160, 78470CAB61A0E9E9712BCEFD21C4BFFFB7344B3855DE204F4649570B91492FED Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\WPX.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, A7852E1037689A0B7E72BA0FB1087151, DC6B3F33F885DF5E129E4659C911E587042448A788CB9FDBF5FDC741F86A787F Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\CONVERTDSM.EXE, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 197C4AEBC1FFA20F3AF7153708DF20B3, 11B86A5ADA4F0F22BF8E5320557E1A719727314740ABD8A816A8CF5B09FEA222 Malware.Heuristic.1001, C:\PROGRAM FILES (X86)\WINDOWS KITS\10\TOOLS\BIN\I386\UPDATEAPI.DLL, Keine Aktion durch Benutzer, 1000001, 0, 1.0.44771, 0000000000000000000003E9, dds, 01413785, 75E1993BAEEBFFA0EFC8C6015938555C, C3C4AE7DDAC8883AF38A86BC41D07C14AA6EB738C81C6188AAC0955A9EE22D12 PUP.Optional.DotSetupIo.BundleInstaller, C:\USERS\LITTLEFREAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\OLD_CACHE_000\F_0003DE, Keine Aktion durch Benutzer, 14615, 935457, 1.0.44771, , ame, , 9AAE14A44AC7006DDB8326B85453CA89, EAE92E26E46B62990316AA063123D65F2F1ABD2701B9272B5AFDF4BC877F6882 Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) The question of the day is: is my pc at risk/ should I intervene? Or are they a false positives as I believe? Thanks in advance for your help.
  2. Hi everyone i am having trouble with my MacBook. I recently updated to Mojave. Not sure if that’s when the problems started. 1. When I use the url field to search my safari browser is automatically redirected to yahoo search although all settings say google is the search machine. 2. After a few minutes my connection to the web is gone. Both WiFi and LAN. I think it all started when I “not wanted” program on my Mac, which came with a download for a flash update I think. I deleted it but when searched for a reason for the “yahoo-redirection” issue I found that unknown program within the add ons of the safari settings. I tried to delete that what I thought left over add on but then a window popped saying if I want to delete the add on I first have to delete the program, and if I wanted to open Finder to get to it. I did so, deleted everything, but the problems remain and got apparently even worse since now I have these connectivity problem and still the redirection... also everytime I open safari there is a warning from the add on Adblock saying: “Rule list compilation failed: A list cannot have if-domain and unless-domain mixed with if-top-url and unless-top-url” so my coding skills are as good as none existing but it still seams like Adblock does sense an issue too. What I already did is to check my modem with help of the providers support hotline. Of course I thought it was a problem there. But it turned out that every other device connects perfectly. And of course I found out that this yahoo redirection thing is some sort of well known maleware but I couldn’t find a connection between the two issues. Has anyone I recommendation how to deal with this properly. Since my last action seemed to have led to even bigger problems I thought it would be better to ask for help/advise. thanks a lot Lara (ps the deleted Programm was called something like TechNetResearch but I am not sure and I couldn’t find anything called like that on the web)
  3. I have run across a PC that has "savings.cool" on it and Malewarebytes doesn't seem to want to pick up on it. It looks like as of April 2018 people have using Spy Hunter 4 to remove it. See attached file. Has anyone come across this and does Malewarebytes have a solution to remove it? Thanks.
  4. Well, I did a checkup and found this. Malewarebytes says its malware. Can´t find help to this specific problem. Is ths real or a false positive?? Would be thankful for fast help.
  5. I have had this problem since yesterday, my brother must have downloaded a file that had a virus. In on windows 10 lenovo pc I5# a fix would really help alot FRST.txt Addition.txt
  6. So recently I tried to download a file, as stupid as I am, I visited a untrusted website and downloaded a file, that file then keeps opening random tabs with ads in it from internet explorer etc.. I have done every scan possible but they just cant find it! I'm running a 64bit operating system please help me fast!
  7. I ended up with some nasty maleware on my system early on the 15. Running my antivirus and malewarebytes seemed to clean up a lot of my issues but I'm still struggling to get the last bits of this out of my computer. I still have a few GoldenGate files and the HKU\S-1-5-21 file in my registry. No matter how many times I bury the files a few minutes later they reappear or they are back on my next restart. This is all new to me as I was always a Mac user and I know only basics on virus protection but I figured I was safe with what had come preinstalled on my system... (my mistake) I'm running Windows 10 and I'm not sure what other information you need but I can get it to you. The attached documents are my most recent scans on AdwCleaner and Malwarebytes showing the issues that keep coming back. Thank you Crystal AdwCleaner[S5].txt malwarebytes.txt
  8. Hey everyone, I am scratching my head with an issue that sure seems like malware or a virus but I have been unable to root it out. My two big issues are connecting to secure sites and weird logs from my router. Virus and Malware scans are coming up clean however Hijack this has a number of entries I am unure about; several of them say file missing and I do not know if I am safe to have HijackThis clean them. There are also a couple of Winsock entries that look odd (red font in the log). The main symptom is network connectivity - my overall connection seems sluggish. Not only that, any HTTPS site I try to go to has about a low chance of actually coming up (less than 50%). The browser will get stuck trying to establish the secure connection. Both IE and Chrome have the same issue. IE says the page can't be displayed and Chrome returns a grey "webpage is not available" screen saying Err_Timed_Out. The other issue is strange traffic in my router logs both coming into my PC and going out from it. The router is labeling them as DoS Attacks (SYN Flood) and the are going from my CPU to random IP's and ports or they are coming from random IP's to my PC pinging random ports. Just looking at the last 15 minutes of data from the log there are nearly 100 records like these: Description Count Last Occurrence Target Source [DoS attack: SYN Flood] from, port 51933 1 Sun Jul 19 13:29:48 2015 [DoS attack: SYN Flood] from, port 80 1 Sun Jul 19 13:27:59 2015 These issues seem to persist even when I have booted into safe mode and/or disabled all startup processes. So far, I've run a full scan with MBAM, Microsoft Security Essentials, Adaware Antivirus, Bitdefender Free, Panda AV, SpyBot, Super Anti Spyware, and AdwCleaner. Everything appears clean, but AdwCleaner constantly comes up these two issues under the registry portion. AdwCleaner has "fixed" them but they keep showing up: Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\AppDataLow\Software\adawarebp I checked the LAN settings under Internet Options and verified that the proxy settings are blank and that use a proxy is not checked. I have run the scans in both Safe Mode and regular boot. So far I have had no luck resolving the issue. Can anyone help me isolate this issue? HijackThis log is below: I have been working on this for days now with little success so any help or suggestions would be greatly appreciated. Thanks so much in advance! Logfile of Trend Micro HijackThis v2.0.5Scan saved at 2:36:48 PM, on 7/19/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17910) Boot mode: Normal Running processes:C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exeC:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exeC:\Users\Elader\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exeC:\Users\Elader\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Elader\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121213224828.dll (file missing)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO4 - HKLM\..\Run: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [Kraken0502Launcher] C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe /startO4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTrayO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Elader\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Dropbox.lnk = Elader\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Global Startup: NETGEAR WNDA3100v3 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXEO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cabO16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://pit.infocision.biz/+CSCOL+/csvrloader32.cabO16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://pit.infocision.biz/CACHE/stc/1/binaries/vpnweb.cabO16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - https://ra.infocision.biz/CACHE/sdesktop/install/binaries/instweb.cabO16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} (CISCO Portforwarder Control) - https://ra.infocision.biz/+CSCOL+/cscopf.cabO16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} (CISCO Portforwarder Control) - https://pit.infocision.biz/+CSCOL+/cscopf.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} (CSD ActiveX Installer) - https://ra.infocision.biz/CACHE/sdesktop/install/binaries/instweb.cabO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  9. Hello, I have 3 laptops and 1 ADSL conenction. All them got affected by undesired pop-ups (porn and others) and redirection to unwanted web-sites. MB detected infection with DNSChanger. I searched for solutions on the forum and found several very similar topics: https://forums.malwarebytes.org/index.php?/topic/164187-infecte-with-dns-trojan/?hl=dnschanger https://forums.malwarebytes.org/index.php?/topic/165386-dns-problem/ https://forums.malwarebytes.org/index.php?/topic/164153-trojandnschanger-wont-go/?hl=dnschanger https://forums.malwarebytes.org/index.php?/topic/166544-infected-with-trojendnschanger-malware/?hl=dnschanger https://forums.malwarebytes.org/index.php?/topic/166562-please-help-me-get-rid-of-this-ip-trojandns-changer/ I applied the instructions given on the last one. You'll find below the scan log of MB & FRST64 Please help me in getting rid of that Maleware. MB log 28/03/2015: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.03.2015 Scan Time: 09:15:02 Logfile: MB_log_2015_03_28a.txt Administrator: Yes Version: Malware Database: v2015.03.28.01 Rootkit Database: v2015.03.26.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: HeNi Admin Scan Type: Threat Scan Result: Completed Objects Scanned: 466979 Time Elapsed: 31 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 1 Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ED806459-D9B3-4654-B4B0-59B27B6AAFC0}|DhcpNameServer,, Good: (), Bad: (,Replaced,[e23e2822c6c4ad89cfd6b14aad581ce4] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  10. i see a couple of saspsus programs and i have run both kaspersky and malwarebytes and nothing comes up i have also googled on program and it says bitmine virus so help plz thank you for your time FRST.txt Addition.txt
  11. Victim of MoneyPak Scam. Obviously didn't pay anything, but computer is wrecked. My Farbar Recovery Scan Tool Results are attached. Please help me, and thank you so much in advance. Addition.txt FRST.txt
  12. Hello; Need help with the following entry's. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/20/2014Scan Time: 12:51:00 PMLogfile: Quarantine.txtAdministrator: Yes Version: Database: v2014.07.20.05Rootkit Database: v2014.07.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Michael Scan Type: Threat ScanResult: CompletedObjects Scanned: 284963Time Elapsed: 7 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [1fa6584982f9300621faa5b762a09d63], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [1fa6584982f9300621faa5b762a09d63], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [1fa6584982f9300621faa5b762a09d63], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [1fa6584982f9300621faa5b762a09d63], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3522788902-1019533879-933385063-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [6164dac7d4a70f27cc1ebb2ba95926da], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.SearchProtection.A, C:\Users\Michael\AppData\Roaming\Search Protection\SearchProtection.exe, , [477eb8e95724dd59394322c925dd718f], Physical Sectors: 0(No malicious items detected)
  13. Malwarebytes Anti-Malware Database version: v2014.04.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16844 Malwarebytes Anti-Malware Database version: v2014.04.07.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16844 Files Detected: 1 C:\Users\John E\AppData\Local\Google\Chrome\User Data\Profile 2\File System\003\t\00\00000000 (PUP.Optional.Installrex) -> Quarantined and deleted successfully. Are there other steps I should take to check to see if anything else remains on my machine?
  14. A couple weeks ago I started getting these ads that appear whenever I open Internet explorer or Firefox. It is always in the bottom left of the screen and they cannot be closed out of. The most I can do is click "hide ad" and then you can only see a small amount of it, after a few mins though it will becomes full size again. I have tried malwarebytes to try and get rid of it but that did not work. It doesn't matter what webpages I'm on, the ad is always there and it is significantly slowing down my computer. How do I get rid of this? Please help!
  15. Hello, I am new to the forums and not sure how to go about this. I am trying to completely remove Donduit from my system. I am running windows 7 home edition and use Firefox as my default browser. Anyne have any ideas. Thanks, Bill
  16. Please help! I admit I am not particularly computer literate. I foolishly downloaded iLivid and ended up with seachnu.com taking over my home page. I used the add/remove program to remove iLivid but stupidly did not close out the net while I did it, which I read on this site was necessary "unfortunately after" I did it. It did not remove properly and I still get a popup box on my computer referencing searchnu.com (It does not come up every time I open the computer and does not last long enough to read the entire thing) Is there anything I can do to stop it? It no longer captures my homepage and search engine. I ran Malewarebytes but it does not show any infection. Any help would be so greatly appreciated!!
  17. Maleware is blocking my teamspeak, and i was wondering how i could stop this. I've tryed unblocking it in firewall and it hasn't worked.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.