Jump to content

Search the Community

Showing results for tags 'Possible malware'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. I recently did a clean install of win7(64)Ult. recently and tried installing MwB only to get and error on install, i tried reinstalling it on a separate computer successfully but not this current one. I believe it came about when i had someone install a "game booster" before i finished updating drivers. I deleted the program but i think the damage was done. Avast! Pro and Spybot S/D say im fine but the error with malware-bytes has me a little worried. im currently in Safemode with Networking and have run the support tool with the mbst grab below mbst-grab-results.zip
  2. This is the log after my full scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/26/18 Scan Time: 6:39 PM Log File: e9dbd73e-30e1-11e8-b478-74d435f74a4b.json Administrator: Yes -Software Information- Version: 3.4.4.2398 Components Version: 1.0.322 Update Package Version: 1.0.4488 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: personal-PC\personal -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 194128 Threats Detected: 3 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 10 min, 12 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 PUP.Optional.DriverPack, HKU\S-1-5-21-266259405-1226737751-2890169934-1000\SOFTWARE\DRPSU, No Action By User, [1992], [472301],1.0.4488 PUP.Optional.DriverPack, HKU\S-1-5-21-266259405-1226737751-2890169934-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, No Action By User, [1992], [472299],1.0.4488 Registry Value: 1 PUP.Optional.DriverPack, HKU\S-1-5-21-266259405-1226737751-2890169934-1000\SOFTWARE\DRPSU|CLIENTID, No Action By User, [1992], [472301],1.0.4488 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)
  3. I left my pc on idle and went out. When I returned I saw complete white screen it did not open task manager too. I force closed pc and opened started scanning with malwarebytes. There is no prob right now. There was utorrent (downloading couple of files), steam, battle.net and discord opened. Could be hijack attempt over utorrent? Or just driver problem?
  4. A friend of mine has a Windows 7 (now Windows 10) system that seems to be running a bit slow - particularly when she uses IE 11. I had a look at the system and it does take quite a while for IE11 to start up (5 seconds or so), and then looked at "Manage Add-ons" - here there seems to be a strange add-on called ceooluncheap (I checked what I've written because there are some similar terms on the web). This add-on says it is located in what seems to be a non-existent directory and both the enable and disable buttons are absent for it from the Manage add-ons window (a bit suspicious to my mind). Since I cannot find anything about this term when searching Google I'm just a bit concerned that it is some malware. Can anyone here confirm whether they have ever come across this exact spelling before. I did do a scan of the system and the only thing it came up with was something called Vortrans or Vorster (I'm sorry I didn't write it down at the time) and I did ask for this to be deleted but when we launched IE again the ceooluncheap still seemed to be there. If anyone can throw any light on this I would be grateful.
  5. Hello! My computer has been acting very unusual lately. I am a malwarebytes premium user. My computer has been very sluggish, especially when running browsers. It is the most sluggish if running IE. The computer runs better but not perfect while in safe mode. I first noticed a problem while updating Java. It normally removes old version, but didn't this time, so I tried to uninstall it myself through control panel. I restarted the system, only to find the changes had been reverted. I then scanned with several different programs (logs attached, but unable to find malwarebytes scan, which showed system was clean). Other than cookies, suspected pup and "wecarereminder", it didn't seem as though anything serious was found. While scanning with Rogue Killer Premium, it reported about 8 hook.IEAT's, so I posted my results there only to be told they were legitimate. I attempted to uninstall MSE because I wanted to use malwarebytes as my primary antivirus, but after system restart, it was right back on the system as though I did nothing. I have tried to access system restore, installed windows updates, but am unable to, and am only shown some of the results in safe mode. While in regular boot mode, it hangs, then windows explorer closes. Can someone take a look at my logs and advise if there is a problem or not, and if clean up is needed, please assist with that? Thank you so much in advance! Addition.txt FRST.txt HitmanPro_20160308_2242.log rkscan8mar16txtscanresults.txt emisoft scan_160302-030509.txt trend micro scan results.txt
  6. I have MBAM premium after being impressed with it's removal of malware on a friends PC. I regularly run a MBAM quick scan every day and a threat scan once a week. I also run a Comodo quick scan every day and once a week a full scan. I also have Spyshelter Premium installed. MBAM reports that my system is clean, I have enabled scan for rootkits, etc. Today Comodo Internet Security Premium kept asking for permission for a remote computer to access svchost.exe. 196.168.1.5 I recognise this address is part of my home network. I have not installed any new devices. So I did a google search and decided to run a scan with RogueKiller which i discovered here in this Forum below is a copy of the RogueKiller report. Please advise. Full Report: RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/software/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : *** [Administrator]Started from : C:\Users\***\Desktop\RogueKiller.exeMode : Scan -- Date : 02/28/2016 23:42:28 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2120343504-3036386633 -726690205-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2120343504-3036386633 -726690205-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services \Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services\Tcpip\Parameters\Interfaces\{508BD756-21D0-4E36-9754- 5B1BEACE824B} | NameServer : 198.85.127.20,198.85.126.20,199.85.127.10,199.85.126.10,8.26.56.2 6,8.20.247.20 ([X][][-][-][-][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services\Tcpip\Parameters\Interfaces\{508BD756-21D0-4E36-9754- 5B1BEACE824B} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services \Tcpip\Parameters\Interfaces\{508BD756-21D0-4E36-9754- 5B1BEACE824B} | NameServer : 198.85.127.20,198.85.126.20,199.85.127.10,199.85.126.10,8.26.56.2 6,8.20.247.20 ([][][-][-][-][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services \Tcpip\Parameters\Interfaces\{508BD756-21D0-4E36-9754- 5B1BEACE824B} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services \Tcpip\Parameters\Interfaces\{508BD756-21D0-4E36-9754- 5B1BEACE824B} | NameServer : 198.85.127.20,198.85.126.20,199.85.127.10,199.85.126.10,8.26.56.2 6,8.20.247.20 ([X][][-][-][-][-]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 30 (Driver: Not loaded [0xc000036b]) ¤¤¤[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll! LdrUnloadDll : Unknown @ 0x576bb (jmp dword [0x71a7001e]|call dword [0x59d08])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtClose : Unknown @ 0x51d0b (jmp dword [0x71ae001e]|call dword [0x59d6c])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcConnectPort : Unknown @ 0x51996 (jmp dword [0x7128001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcSendWaitReceivePort : Unknown @ 0x51d34 (jmp dword [0x7170001e]|jmp dword [0x59d70])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcCreatePort : Unknown @ 0x51be0 (jmp dword [0x716d001e]|call dword [0x59d64])[iAT:Inl(Hook.IEAT)] (chrome.exe @ guard32.dll) ntdll! ZwConnectPort : Unknown @ 0x519e2 (jmp dword [0x714c001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll! LdrUnloadDll : Unknown @ 0x576bb (jmp dword [0x71a7001e]|call dword [0x59d08])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtClose : Unknown @ 0x51d0b (jmp dword [0x71ae001e]|call dword [0x59d6c])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcConnectPort : Unknown @ 0x51996 (jmp dword [0x712e001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcSendWaitReceivePort : Unknown @ 0x51d34 (jmp dword [0x7170001e]|jmp dword [0x59d70])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcCreatePort : Unknown @ 0x51be0 (jmp dword [0x716d001e]|call dword [0x59d64])[iAT:Inl(Hook.IEAT)] (chrome.exe @ guard32.dll) ntdll! ZwConnectPort : Unknown @ 0x519e2 (jmp dword [0x714c001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll! LdrUnloadDll : Unknown @ 0x976bb (jmp dword [0x71a7001e]|call dword [0x99d08])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtClose : Unknown @ 0x91d0b (jmp dword [0x71ae001e]|call dword [0x99d6c])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcConnectPort : Unknown @ 0x91996 (jmp dword [0x712e001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcSendWaitReceivePort : Unknown @ 0x91d34 (jmp dword [0x7170001e]|jmp dword [0x99d70])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcCreatePort : Unknown @ 0x91be0 (jmp dword [0x716d001e]|call dword [0x99d64])[iAT:Inl(Hook.IEAT)] (chrome.exe @ guard32.dll) ntdll! ZwConnectPort : Unknown @ 0x919e2 (jmp dword [0x714c001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll! LdrUnloadDll : Unknown @ 0x576bb (jmp dword [0x71a7001e]|call dword [0x59d08])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtClose : Unknown @ 0x51d0b (jmp dword [0x71ae001e]|call dword [0x59d6c])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcConnectPort : Unknown @ 0x51996 (jmp dword [0x712e001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcSendWaitReceivePort : Unknown @ 0x51d34 (jmp dword [0x7170001e]|jmp dword [0x59d70])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcCreatePort : Unknown @ 0x51be0 (jmp dword [0x716d001e]|call dword [0x59d64])[iAT:Inl(Hook.IEAT)] (chrome.exe @ guard32.dll) ntdll! ZwConnectPort : Unknown @ 0x519e2 (jmp dword [0x714c001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll! LdrUnloadDll : Unknown @ 0x576bb (jmp dword [0x71a7001e]|call dword [0x59d08])[iAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!NtClose : Unknown @ 0x51d0b (jmp dword [0x71ae001e]|call dword [0x59d6c])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcConnectPort : Unknown @ 0x51996 (jmp dword [0x712e001e])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcSendWaitReceivePort : Unknown @ 0x51d34 (jmp dword [0x7170001e]|jmp dword [0x59d70])[iAT:Inl(Hook.IEAT)] (chrome.exe @ RPCRT4.dll) ntdll! NtAlpcCreatePort : Unknown @ 0x51be0 (jmp dword [0x716d001e]|call dword [0x59d64])[iAT:Inl(Hook.IEAT)] (chrome.exe @ guard32.dll) ntdll! ZwConnectPort : Unknown @ 0x519e2 (jmp dword [0x714c001e]) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD3200BPVT-16JJ5T0 +++++--- User ---[MBR] 29f4ef145975dfd0eee3afa5a6831ab6[bSP] 73bdbfd5062aed10c90b0835b8e9c14f : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4198400 | Size: 303194 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK
  7. I have the Premium version, and am now seeing that it gets no further than "Prescan Operations". It can go 16 hours, and never gets past this. How can I fix this?
  8. Hi everyone, A few days ago, I turned on my laptop and I realized that some icons had gone. When I try to see it on its folder, I can't see it there. I ran malwarebytes analysis, but didn't find any malicious object. Please, could you tell me how to repair this issue? I have this problem in a laptop with WIN 8.1 OS. Thanks a lot. Regards,
  9. Hy ,i've scanned yesterday my computer cause i had problems with the internet connection always falling ,scanned with avira and malwarebytes,spybot plus adwcleaner tdss killer and found nothing ,i did a scan with combofix too (didnt knew then i should wait for someone to ask me to use combofix because i found out later ,so i did it ) ,after i did a scan with rougue killer in safe mode and found the pum policies and pum desktop icons ,are they dangerous?To be more precise i found some time ago pum dns too with rougue killer but since they are noted as pums and since my other antivirus and antimalware programs havent found anything i didnt worried about them but i keep getting them all the time Here is the Rk report of the first scan : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 01:12:13 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log Update 2: then i did another scan after a few hours with Rk in normal startup mode with avira's security settings like autorun block and host protection turned on and came up with this hj.name,userinit.exe marked red so i got scared : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 04:37:43 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_SCN_07012014_160322.log RKreport_SCN_07012014_231456.log - RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log RKreport_SCN_07162014_223100.log - RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - I deleted the pums again but the hj.name couldnt be deleted because avira was protecting the host files so i unchecked the host protection and block autorun security functions in avira ,restarted ,scanned again with Rk and deleted the hj.name too ,but on this second scan the atapi filter wasnt recognize as possible malware .So im thinking the filter could have been the avira block autorun option?and was userinit.exe part of avira too and a false positive or a virus ? it was marked with red Here is the last report without the filter being detected after i disabled avira security protection but with hj.name still there: RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 05:11:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_DEL_07212014_044312.log RKreport_DEL_07212014_045018.log - RKreport_DEL_07212014_050007.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - RKreport_SCN_07212014_043743.log RKreport_SCN_07212014_044348.log - RKreport_SCN_07212014_045004.log - RKreport_SCN_07212014_045952.log
  10. I've been getting random IP-Blocks from Skype a few times now, it is always the same IP-Adress could it be malware? Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 2014-06-17 11:03:07, SYSTEM, TAURUS-UBERKILL, Manual, Malware Database, 2014.6.16.7, 2014.6.17.2, Protection, 2014-06-17 11:03:09, SYSTEM, TAURUS-UBERKILL, Protection, Refresh, Starting, Protection, 2014-06-17 11:03:09, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, Stopping, Protection, 2014-06-17 11:03:09, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, Stopped, Protection, 2014-06-17 11:03:12, SYSTEM, TAURUS-UBERKILL, Protection, Refresh, Success, Protection, 2014-06-17 11:03:12, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, Starting, Protection, 2014-06-17 11:03:13, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, Started, Detection, 2014-06-17 11:28:44, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, IP, 46.252.131.82, 22178, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 2014-06-17 11:28:44, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, IP, 46.252.131.82, 22178, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 2014-06-17 11:28:45, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, IP, 46.252.131.82, 22178, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 2014-06-17 11:28:47, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, IP, 46.252.131.82, 22178, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 2014-06-17 11:28:48, SYSTEM, TAURUS-UBERKILL, Protection, Malicious Website Protection, IP, 46.252.131.82, 22178, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, (end)
  11. I ran Malwarebytes Anti-Rootkit because I recently went on Cracked.com and today I got a whole bunch of alerts from Google Chrome that it was infected with Malicious software (while on a different computer). I've tried repeatedly to run the program but I could not get it to work, I get the same error every time: "DDA Driver was not installed which may be caused by rootkit activity. Do you want to Reboot the computer to install the DDA driver (Scan will continue After reboot)?" I have tried the reboot option multiple times but continue to get an error that the DDA driver isn't working/can't be installed. I'm trying to make sure that I was not infected with any malicious software as a result of the recent infection to the website. I know it's a beta so it's possible it's just a glitch, but my other computer uses it with no problems and on this computer in the past I have used prior versions with no problems, so now I'm concerned. This computer has Windows 7 Home 64 Bit Service Pack 1. I did not find any malware using any of my other programs (Avast, Malwarebytes Anti Malware, Super Anti Spyware, Spybot Search & Destroy, and TDSSKiller). I am hoping that this is just a minor error but would like someone to confirm that I don't have to panic. I've attached the files from the DDS.scr here, please let me know if you need anything else. Thanks! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.