Jump to content

Search the Community

Showing results for tags 'bios'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. After every scan I find new pups and when I connect back to the internet, the malware comes back again. I've tried adwcleaner and rootkit remover too. It's just leaving. Please help. Short of a breakdown.
  2. I am running the FARBAR security scanner right now and will update the files when the scan is complete. I just want to ensure that no low-level viruses/malware/ransomware are on my workstation. Any and all help would be appreciated. Thank you! Addition.txt FRST.txt
  3. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
  4. Just wanted to share an issue I had with AE recently that I just resolved. About a week ago, I started getting the error message that AE failed to start and that it terminated. I started perusing this forum and found a great 1, 2, 3 guide so I copy/pasted it onto a Word doc and did step one: restarted my PC. On occasion, when I opt to restart as opposed to shutting down then manually starting, I've had crash issues that self-resolve. I've forgotten all my computer tech to properly log this issue. In any case, I restarted my HP Envy (upgraded OS from 8.1 to 10 when prompted last year) and it stalled, then reset the BIOS on its own. The BiOS now uncorrupted, the AE finally launched and I was not required to uninstall any programs or files. As soon as the PC restarted on its own, AE re-iniitialized and I've not had a problem since (it's been 3 hours). Hope this helps anyone who has an HP Envy (Intel i7-4710MQ 64-bit)
  5. Yo guys I'm in serious trouble but I'm not sure if this is the right place to do a thread but I'm struggling with some kind of BIOS/UEFI rootkit. I have for a while been getting weird entries in the Rootkit/Malware tab in Gmer. I have also noticed some strange executables running among processes. All described as Windows services but you could easily see that those executables didn't belong to a clean Windows 7 install. I have been using DBAN to wipe all disks, formatted them and reinstalled but I keep getting infected. All above mentioned returns. To ensure that I'm infected I have compared processes running in the Task Manager with my neighbour. He has almost the same setup as me but most importantly he has the same motherboard as I. We've compared the DMI information inside the BIOS and we can confirm that mine has been modified. My problem is that if I try to reflash the motherboard through USB it seems like the Virus/Rootkit just will write to the USB and execute its own code cause a USB is writable. With that said I have also been working on making a bootable DOS-CD with a new BIOS version and a DOS Flash Utility with no success either. It's like the DOS can't read the files from the CD, even though I meddle a little with CONFIG.SYS and AUTOEXEC.BAT. It's like the DOS can't find any cd drivers. Another mysterious thing that indicates infection is when I set the clear CMOS jumper or clear CMOS button with no effect, it looks like that the motherboard resets and runs normally for 3-5 seconds, and then it executes some other code. A reason for me believing it runs another code is that I am using a Corsair H100i water cooling kit which you can't change the LED color on, unless you install Corsair Link in Windows and change the LED color. When I reset the CMOS and want to boot, it lights up the cooler LED as white, as it should per default, if you don't change the color in Corsair Link it should show a damn white light! But then after 3-5 seconds the LED lights turns up as red. If I go to my neighbour with exact same motherboard, CPU and cooler the LED light is white all the time. In the BIOS you have two functions, GO2BIOS and boot BIOS from file if I use the first function it just reboots to the screen where I can either enter BIOS or Boot Menu by pressing F2 or F11. If I use the boot BIOS from file I get an error saying "The data mapping running is different from the BIOS you want to boot, if you press enter your system might not start." If I press enter it just reboots to the same screen as mentioned above. Should the two functions act like that? Or is it the Rootkit messing things up? I think my laptop has been infected too. Any feedback would be awesome since I'm becoming quite desperate! Setup: MOB: MSI Z87 G45 Gaming SSD: Samsung 840 evo CPU: i5 4690K
  6. Turned my desktop on (win 7) and everything booted normal except the computer was not responding to keystrokes and mouse movement. The hardware is fine and the peripherals work in the BIOS screen. They also work when going into the boot repair menu through F8. The last thing that popped up before the issue started was that windows was searching for updates and it gave and error message that the update did not complete successfully. I'm hoping one of you guys can help me with it.
  7. Hello I know your all busy so I'll keep this as short and as easy to read as possible. I have a rootkit that's been here for a while. I've been keylogged, monitored, lost admin rights had the bsod so I physically replaced the ram, wiped my hdd several times, gone into bios and flashed from there antivirus has stopped before finish, reads infection as clean and can't update, new anti virus doesn't pick up anything, virus is written to mbr windows can't pick up, worms itself through drivers and replaced gfx card, I have a tv and stb that I can't connect yet to the Internet because when I purchased a new laptop as soon as I connected the wifi the laptop got infected I read this can be done with dns changer as the dns dlds new malware even to clean pc's. I don't have dns changer but the dns being hijacked would do the same thing. I've used Gmer, FixTDSS, ewido, mbrscan, kaspersky, avg, mse, rootbuster, roguekiller, tdsskiller and more nothing will pick up. Based on my firewall I think there is a hidden network when I connect and l want to know what programs are the best for finding out anything hiding behind or configuring the router. When I check ipconfig it says the dns is 10.1.1.1 but wouldn't it just be the dns from the isp? No rogue dns can be displayed but all symptoms of an infected dns is there. I get skidded web sites, kiddie scripts, blocked or denial of service. I have changed my ISP account but it's like the router is still configured to be under attack because the adsl light wasn't solid before I even connect the pc to try the new account. Could it be access to the phone line alone? I know my calls have been listened in on or disconnected. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 19:50:13 ----------------------------- 19:50:13.761 OS Version: Windows 6.1.7601 Service Pack 1 19:50:13.761 Number of processors: 1 586 0xD06 19:50:13.761 ComputerName: ALAN-LAPTOP UserName: Alan 19:50:26.995 Initialize success 19:50:33.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:50:33.737 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 19:50:33.757 Disk 0 MBR read successfully 19:50:33.757 Disk 0 MBR scan 19:50:33.767 Disk 0 Windows 7 default MBR code 19:50:33.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 19:50:33.787 Disk 0 scanning sectors +234438656 19:50:33.867 Disk 0 scanning C:\Windows\system32\drivers 19:50:40.006 Service scanning 19:50:45.714 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 19:50:46.695 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 19:50:56.740 Modules scanning 19:51:08.757 Disk 0 trace - called modules: 19:51:08.797 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 19:51:08.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 19:51:08.817 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 19:51:08.827 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 19:51:08.847 Scan finished successfully 20:09:46.807 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:09:46.817 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 20:23:26 ----------------------------- 20:23:26.028 OS Version: Windows 6.1.7601 Service Pack 1 20:23:26.028 Number of processors: 1 586 0xD06 20:23:26.028 ComputerName: ALAN-LAPTOP UserName: Alan 20:23:26.839 Initialize success 20:23:30.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:23:30.674 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 20:23:30.694 Disk 0 MBR read successfully 20:23:30.704 Disk 0 MBR scan 20:23:30.704 Disk 0 Windows 7 default MBR code 20:23:30.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 20:23:30.724 Disk 0 scanning sectors +234438656 20:23:30.784 Disk 0 scanning C:\Windows\system32\drivers 20:23:36.603 Service scanning 20:23:41.961 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 20:23:42.862 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 20:23:52.185 Modules scanning 20:24:03.605 Disk 0 trace - called modules: 20:24:03.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 20:24:03.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 20:24:03.625 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 20:24:03.625 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 20:24:03.625 Scan finished successfully 20:24:12.932 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:24:12.952 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (32 bit) PROCESSOR : x86 Family 6 Model 13 Stepping 6, GenuineIntel BOOT : Normal Boot DATE : 2012/09/01 (ISO 8601) at 20:22:50 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __SAMSUNG HM121HC (LS100-10) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 111.8 Go [Fixed] ==> 7 MBR Code MBR_MD5 : EA7111D01CF65E981A7ED331D2CCCC18 MBR_SHA1 : 0DF8508901D6811ACF3FC0D5C6F718A94ED56C8A Device\Harddisk0\Partition1 111.8 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x8EABA000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0x8EAC5000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x8EACE000 SIZE : 68.0 Ko DRIVER : C:\Users\Alan\AppData\Local\Temp\aswMBR.sys => Invisible on the disk ADDRESS : 0x93C00000 SIZE : 48.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 64 C5 C4 A3 00 00 80 20 em...c{.dÅÄ£... 0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 38 F9 0D 00 00 !..þ.......8ù... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Alan [Admin rights] Mode: Scan -- Date: 09/01/2012 20:33:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[39] : NtAlpcSendWaitReceivePort @ 0x82A7DCC5 -> HOOKED (Unknown @ 0x853073F0) SSDT[215] : NtProtectVirtualMemory @ 0x82A6E483 -> HOOKED (Unknown @ 0x85DA4A18) SSDT[370] : NtTerminateProcess @ 0x82A4A3E6 -> HOOKED (Unknown @ 0x85308380) S_SSDT[14] : Unknown -> HOOKED (Unknown @ 0x85DA7FD0) S_SSDT[302] : Unknown -> HOOKED (Unknown @ 0x85DA6CD8) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x85DA1A00) S_SSDT[361] : Unknown -> HOOKED (Unknown @ 0x85D96B50) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x85DADC90) S_SSDT[408] : Unknown -> HOOKED (Unknown @ 0x85D9CBF0) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x85DADBC0) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85DADC28) S_SSDT[447] : Unknown -> HOOKED (Unknown @ 0x85DB0F68) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x85DB0FD0) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x85DAD868) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x85D9C8B0) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x85DAE858) S_SSDT[594] : Unknown -> HOOKED (Unknown @ 0x85DA0A58) S_SSDT[607] : Unknown -> HOOKED (Unknown @ 0x85DA1868) _INLINE_ : NtCreateKey -> HOOKED (Unknown @ 0x85DA6B38) _INLINE_ : NtOpenKey -> HOOKED (Unknown @ 0x85DA7E48) _INLINE_ : NtOpenKeyEx -> HOOKED (Unknown @ 0x85DADCF8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM121HC ATA Device +++++ --- User --- [MBR] ea7111d01cf65e981a7ed331d2cccc18 [bSP] 41f6f0124a45d065c91422fa63be84ab : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> Can anyone give me some info on this please. Did the reports I posted seem suspicious in any way?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.