Jump to content

Search the Community

Showing results for tags 'infection'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 28 results

  1. Hello. I'm just a layman in programming and whole this knowledge, so forgive me if I did something wrong or omitted any detail in describing my problem. I'll try to describe it as much precisely as I can. Two days ago MB started bombarding me with notifications like this: The problem is the notification window started to pop up very often, sometimes every 2 mins. Moreover, it seems unlikely that domain wpad.toya.net.pl would be infected with trojans (it's the tv & internet provider's website domain). All these connections concern different ports, but all the port numbers start from 49 (49704, 49728, etc.). As a result it occured to me that my computer must be infected. At the beginning I checked my task scheduler but I didn't find any suspicious task. Then I used rkill tool which found no threats, just terminated one process (see the attachment, please) and scanned the system with MB but the software found nothing. Even I used ADWCleaner and Hitman Pro with the same result. So I decided to ask you for a help. I ran FRST tool and you can find all the logs below. I hope my information will be helpful, if you have more questions, please let me know. P.S. Unfortunately all my uploads failed (I don't know why) so I had to insert the logs here: Addition.txt AdwCleaner[S02].txt FRST.txt HitmanPro_20190310_1705.log malwarebyteslog.txt MLBT report.txt Rkill.txt
  2. Hi, I detected an unwanted activity on my computer. it's cold KMS connection Broker.exe. I'm on windows 10. as mention in the topic: "I'm infected - What do I do now?" after scanning with Malwarebyte which found nothing I ran farbar recovery tools here is the results: Addition.txt FRST.txt hope someone will have tie to help me. best regards Addition.txt FRST.txt
  3. The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse. Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something. I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried. I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something. I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed. Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed. Thank you very much. If you know anything, anything, please let me know it's very urgent.
  4. I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you! Results 2.txt
  5. I am running Windows 10 Home on a HP machine. I suspect that my machine has become infected in the recent past and I want to clean up the malware, either by a number of removal tools or by formatting. Before doing that, I need to back up my important data, but I don't want to back up any infected files as I will be restoring them after the malware removal process is done. Now, I only have this one machine, the possibly infected one, and an external HDD that I back up my data to. But I don't want my external HDD to get infected too when I plug it in via USB cable. Is there a relatively safer way to back up my recent data to my HDD from my infected computer? At this point, I'm considering using either a Live CD/USB to boot the computer and then copy my documents, photos, videos etc to my external HDD, or back up to a cloud storage. Which of these two options will be better and safer? I have around 250 gb of data on my hard drive, so please suggest a safe backup method accordingly. ALSO, I have read on online forums that I should refrain from backing up certain file formats like .exe, .ini, .xml etc. While I know what the executable and autorun file formats are and won't be backing them up, I do not understand what script files like .php and .xml are and which kinds of files are supposed to have them. Do normal word documents (.docx), picture, video and audio file formats have any script files attached to them that I may need to worry about? Any help and suggestions will be truly appreciated as I need it urgently. Thanks in advance.
  6. The Following email is being sent from one user on an exchange server, I have run multiple scans and now running the Anti-Rootkit not picked up anything so far. Email: Please do not click the link: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Subject: Invoice is available No-046242 for month Afternoon, A invoice for you will be available on this link in your account during next 3 days. ==> hxxp://stafffinancial.com/For-Check/ Thank you, <Name of Sender> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Can Anyone help, I am actively looking into my self now: Kind Regards BluespotSam
  7. Hi I got infected and I am unable to launch farbar from normal desktop so I booted into windows recovery using a windows media USB. Then went to troubleshoot and opened Command Prompt I then than frst64.exe from command prompt and got the file i've attached I'm not sure what to do from here FRST.txt
  8. Please help me get rid of this infection. Thanks mbst-grab-results.zip
  9. Hello everyone. My computer seems to be infected by something that has turned out to be very difficult to eliminate. What happens is that a weird Japanese audio is played randomly, and when checking the audio mixer I see "Host Process for Windows Service". Of course, I can mute it there, but every time it starts to play again, I have to manually mute it, which is seriously getting on my nerves. I have scanned my computer with all the advanced options from Windows Defender, and with Malwarebytes several times, I've used the Adwcleaner tool, but none of this has been able to get rid of the problem. Upon reading the instructions in this community and attaching the log files created by the Farbar Recovery Scan Tool. I really hope somebody can help me. Thank you for your time Addition.txt FRST.txt
  10. hello i am working on windows 10 my CPU and memory are constantly working on 99% to 100% and they are highlighted in red when i open task manager nothing shows to have this huge impact ive tried virus scans , malware scans, and nothing seems to be working , i think it is some malicious malware please help mee i downloaded Malwarebytes anti malware and scanned my computer and it only found one threat which it eliminated but it didn t resolve my problem of very high cpu and memory now i am running another virus scan maybe it ll detect something PLEASE HELPPP i really need to fix my pc
  11. I have a laptop purchased in China. Has Drive the Life (flagged as malware) that I can't seem to get off my system. Any help would be appreciated. Addition.txt FRST.txt scanlogs.txt
  12. Attached are my logs. Am I infected? Can you help? 04012018 Malwarebytes Log.txt Addition.txt FRST.txt
  13. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off Addition_04-03-2018 09.25.30.txt FRST_04-03-2018 09.25.30.txt mb-check-results.zip
  14. Hello there, So I have this malware that makes a popup to a porn site after I open Firefox browser (or possibly the computer) then disappears. I check the task manager. The popup opens a logo just like Firefox however the image is not the same and looks different. You can tell by the image I uploaded. I found out its location in my Appdata/Roaming/ComObj/update.exe Then I found out its also running a service which i will mention the name of it later after I give my laptop a restart Besides that I am assuming its a trojan of a sort as its simply is just running while your working or whatever. I disabled however it runs everytime i start up the laptop again. Now I will simply say that not one single anti-virus software or anti malware has detected it. I am sharing a copy of the file. I am an IT dude however I have no expertise when getting rid of something that cant be detected but I always do know when I am infected... I am new so please, If I have done anything wrong or posted this in the wrong place I apologize from now... Besides that any help on the matter would be greatly appreciated! Ur man THE RAGING IT dude update.7z
  15. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off. Addition.txt FRST.txt mb-check-results.zip
  16. Recently my computer has been infected through I'm sure something I have downloaded yet I was not fast enough to catch it and my computer is suffering. This seems to be a similar situation to a forum post I read up on to find out what is happening to my computer. I have a fairly high end computer in which I should not have any lag whatsoever no matter what application(s) I am running but as of late my computer struggles simply with google chrome. I checked out my task manager to see what process was taking up almost 100% of my CPU and RAM and it was "Windows Process Manager (32 bit)" and when I expand it its about 6 processes all under the same name and when I open details it is a process sbaeouh.exe that cannot be stopped no matter what and when I try to open file location I am denied access. Screenshots are attatched below as are my FRST and Addition txts. Please help! Thanks! -Jarrod FRST.txt Addition.txt
  17. I suspect my laptop may be infected. Over the past few days I have been detecting problems: ADWCleaner has detected: [-] [C:\Users\devin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com Malwarebytes Anti-Malware [Premium] keeps popping up a message referring to: Ad.AdservePlus TDSS Killer has detected a bad “Configuration Setting.” I keep losing my internet connection with Netgear telling me that “The DNS server isn’t responding.” Could someone kindly advise me as to whether or not my laptop has been infected? Thank you
  18. Pulling my hair out. Somewhere some $*%^ is responsible for wasting my time. I wish I could give a swift kick to their nether-regions. Just had to get that out. I have what appears to be a rootkit infection that is prohibiting me from any type of malware/antivirus install, including malwarebytes, it's anti rootkit software, as well as executing mbar.exe or mbamdor.exe in the unzip package meant to bypass using the anti rootkit installer. I am at a standstill as this infection continues to pillage my machine. Please help. I would like to buy a subscription to malwarebytes but am at a standstill. Additional symptoms include: 1) In google chrome address bar once entering text for a google search a redirection to bing.com happens, momentarily I notice the following address ( extension.citypage.today/?affID=970801784&q=exporting ) 2) The following I exported from the ESET NOD32 scans that may be of interest <?xml version="1.0" encoding="UTF-8"?> -<ESET> -<LOG> -<RECORD> <COLUMN NAME="Time">9/3/2017 10:50:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 5:19:10 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/6/2017 7:39:39 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://www.support.microsoft9002bfrmsclffc8275.com.s3-website.eu-central-1.amazonaws.com</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">761BEA759DAA7FB0BE22C3A57BABE6B0B6248F39</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/11/2017 8:18:39 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/14/2017 9:42:27 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/15/2017 9:00:23 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://rkrlroen.greenworldlp.com/install?vnpksbnm=rkrlroen&libfbfti=hsszzhdb&bohbakdm=mhabztzs</COLUMN> <COLUMN NAME="Threat">JS/Chromex.Submelius.D trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">4149272F85A262C85F8BBAFB0A21B7DBDD12EBD5</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">9/19/2017 10:53:46 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/26/2017 1:29:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">9/30/2017 5:05:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/8/2017 2:14:49 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/11/2017 7:42:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/16/2017 10:09:24 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/20/2017 8:02:47 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/23/2017 1:25:59 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/26/2017 7:51:11 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\0G52W29J\sam_IC[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">CA7EDF9F768F218254421D588C934E449604539E</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:28 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:41 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\4F7ZYHKL\sci0[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQH trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">4F93521E78FF089A3B7EC105EC0454547C3B1585</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:14:25 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/28/2017 12:06:46 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">D:\IE TEMP\Temporary Internet Files\IE\TVFWQJDO\sci1[1]</COLUMN> <COLUMN NAME="Threat">a variant of Win32/Kryptik.FVQD trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">OREX\Robert</COLUMN> <COLUMN NAME="Information">Event occurred on a file modified by the application: C:\Program Files\CCleaner\CCleaner64.exe (B5FD83C714C6997049AB40623B3498C58FAD46C7).</COLUMN> <COLUMN NAME="Hash">33D4FEE23CEA73F97B5FDF007B5BB04EF2740D10</COLUMN> <COLUMN NAME="First seen here">8/17/2017 10:17:01 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">10/29/2017 8:07:25 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/27/2017 11:34:58 PM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 10:46:41 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/7/2017 12:22:16 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://screenaddict.thewhizproducts.com/?chid=307&oid=624&subid=OPsrUvAh-h0&pubid=93855</COLUMN> <COLUMN NAME="Threat">JS/Adware.AztecMedia.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">8E2AAC64EC36923E088EE83D766DE8F58E883FE2</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/9/2017 3:22:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=102bf61837baccc6a2fc670ca6cce1&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E823E5F1D6EE760C236BC1B52EA8708E67580B12</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/10/2017 12:27:13 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/11/2017 2:40:41 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://computer-52ca2.stream/view?a=AZ&pagex=0&s1=qmHgUo4gNNywKrtSqmGfaN6Ycb7aeOH3pDC6EKpQR7sCaJl0dqJQ56grG94vYGBS2XGaWoQvdofcCD6BZWAAsA,,&os=Windows&browser=Chrome&isp=Mci Communications Services inc. Dba Verizon Business&ip=71.105.31.67</COLUMN> <COLUMN NAME="Threat">HTML/FakeAlert.MD trojan</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">19392EDDE5C73BAAF4EE026DE507C782A889A918</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/12/2017 10:07:10 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=1020615d6a7f568ed7e5f2c4edf113&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">E0B281ABFF26B62047544EDEE3E8426704AD02F0</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 4:08:56 PM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">C:\Users\Robert\AppData\Local\ntuserlitelist\regtool\regtool.exe</COLUMN> <COLUMN NAME="Threat">a variant of Generik.DTEABHP trojan</COLUMN> <COLUMN NAME="Action">cleaned by deleting</COLUMN> <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN> <COLUMN NAME="Information">Event occurred on a new file created by the application: C:\Windows\System32\msqmtik.exe.</COLUMN> <COLUMN NAME="Hash">D036ECF02ACF3CEA48C04969D555C75E7683B0F1</COLUMN> <COLUMN NAME="First seen here">7/28/2017 12:34:58 AM</COLUMN> </RECORD> -<RECORD> <COLUMN NAME="Time">11/13/2017 5:23:06 PM</COLUMN> <COLUMN NAME="Scanner">HTTP filter</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">http://fulltab.com/lp3?pub_id=3248&sub_id=10278e43faf02ca461531c8465cb76&srcid=20281</COLUMN> <COLUMN NAME="Threat">JS/Adware.Imali.A application</COLUMN> <COLUMN NAME="Action">connection terminated</COLUMN> <COLUMN NAME="User">Orex\Robert</COLUMN> <COLUMN NAME="Information">Threat was detected upon access to web by the application: C:\Users\Robert\AppData\Local\ntuserlitelist\vmadgip\imexbzr.exe.</COLUMN> <COLUMN NAME="Hash">79A25F1E8939496AAD1E4F4A1951CB7650121CC6</COLUMN> <COLUMN NAME="First seen here"/> </RECORD> </LOG> </ESET>
  19. Hi Guys Please accept my thanks in advance for any assistance you can possibly offer me. I have noticed that I get random 'g****.tmp.exe' files loading into my windows / temp directory. These same files reappear after a manual delete and want to autorun too. Appreciate your time.
  20. Hello, so I had a weird error message popping up in my Windows 7 x64 so I ran all the available security tools, and I unfortunately found a couple of infections. The strangest thing was that there was a Mozilla.zip (with the content of the Firefox /AppData files) in my Roaming folder created last night, so I was wondering if my passwords have been stolen, as I save a lot of them in Firefox and I had no Master Password? I would be also grateful if anyone could check my log files, but I guess my system is clean now, only the Mozilla.zip bugs me..... Malwarebytes.txt AdwCleaner[S0].txt FRST.txt Addition.txt ComboFix.txt HitmanPro_20171024_1332.log
  21. Hi there, I'm French so please excuse me for the poor quality of my English if you read some mistakes. I've use Malwarebyte because I suspect my computer to be infected, some internet pages are opened without my consent, I'm regulary rediriged from Google to another search engine... Anyway, I downloaded your software and I was able to launch it, once. It detected some infections and when I selected quarantine and reboot my computer, Malwarebyte was unable to start. And no more since then. I tried Charmeleon but everytime I have as report : Press any key to continue Driver is already loaded Enabling driver. . . . . .Done! Trying to start Malwarebytes Anti-Malware, please wait. . . . . .Done! Updating MBAM. . . Response from update : Failed to start the update Killing known malicious processes, please wait. . . Mbam-killer timeout set to 1800 seconds. Mbam-killer is scanning - Please C to cancel. . . Mbam-killer scan is complete. Mbam-killer is exiting. Malwarebytes Anti-malware has terminated - unable to start the scan. Press any key to continue " So I think my infection is really a deep one and I will be please if you can help me. Addition.txt FRST.txt
  22. I am a Malwarebytes 3 Premium member. I think I may have a possible infection Malware missed. My laptop is suddenly so slow I literally have to wait for the letters I am typing to catch up on show on the screen. I will admit I am a pretty novice user when it comes to this kinda stuff. I do not know how to go about tracking down what is causing my laptop to behave this way. I did open task manager and saw a couple programs that have apparently somehow installed them self in my computer. I tried deleting the file it tells me access denied. Yes, I was using admin privileges at the time. I tried editing the security and privileges it won't let me. the program location is ‪C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.25.126.0_x64__mcm4njqhnhss8 I cannot seem to get rid of this. It installed itself yesterday. I need someone to take some time please and help me to not only get rid of this, but to make sure my Laptop is clean and there are not more things in my laptop that I didn't install or allow myself. Please advise, Please help!
  23. Yesterday I noticed my computer was running exceptionally slower and quickly found out that I had 9 instances svcvmx.exe running in my background. I tried closing them, but they quickly kept reappearing. I tried deleting the files, but didn't have authorization. My malware bytes wasn't able to update its database so I tried reinstalling it, but now it won't even open. I booted my computer in safe mode and tried opening my task manager, however every time I try to open it immediately closes. Still wasn't having luck with malware bytes so I booted my computer back up in normal mode. I'm unable to open my task manager now, even though I was able to prior to the reinstalling of malwarebytes. I referenced this topic for help and ran the MBAR to start the process. After about half an hour it found 3000+ items and I cleaned them up. MBAR prompted me to reboot my computer and after doing so I am still unable to open malware bytes. I was able to open Avast and ran a virus scan and it found 19 items. After I deleted them I tried running Malwarebytes again and no luck. I even ran MBAR again and found 0 items. I ended up getting frustrated and called it a night. All of this was yesterday. I'm currently at work and won't be able to provide a log until I get home around 6pm ET, but I would really appreciate some help on this matter. My last resort is to do a full system reboot and that is something I would like to try and avoid. Thanks!
  24. Having this same problem with the same harmful program preventing me from opening Task Manager & also Malwarebytes. Tried uninstalling and re-installing after booting computer into safe mode and scanning with multiple other programs which claimed to have cleaned the virus but to no avail.
  25. So I don't know for how long I have this but I only noticed it today when I was looking through my taskmanager and I saw it's weird name. At first I tried to just delete the exe's but they reappeared afterwards and I don't know what makes them reappear. I tried installing Malwarebytes but this: After that I tried running it through an Admin console and got So then I browsed a bit through the forums and found this ADWCleaner. Tried to run it and got an red screen telling me the app is blocked, but got it running later through an admin console, AdwCleaner[S0].txt Oh and I'm german so if I wrote anything wrong please correct me. Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.