Jump to content

HELP! (win32/Olmarik.TDL4 trojan & win32/Olmasco.AD trojan)


no_one

Recommended Posts

Hello

Since approximately 3 months ago, my internet browsers respond very slow. I tried many internet browsers (mozilla,internet explorer, chrome) and all doing the same thing.

I type an web address and I hit the "enter" key and I have to wait more that half a minute for the page to start loading. My internet speed is very good and my coworkers don't have any problem with the browsers.

Yesterday I did a scan with eset nod antivirus and in the log report I saw the below infections :

"Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean"

"Operating memory > firefox.exe(7448) - a variant of Win32/Olmasco.AD trojan - unable to clean"

I tried to find a way on the internet to get rid of these trojans, but I find out that is a little bit difficult because of the different tipe of these trojans.

Hope you can help me like in this post : ( http://forums.malwarebytes.org/index.php?showtopic=115649&st=0 ) :(

Link to post
Share on other sites

Hello and welcome,

Run the following and post the requested logs...

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Thank you,

Kevin

Link to post
Share on other sites

Hello again!

Here are the logs :

System-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 3.292000 GHz

Memory total: 8566251520, free: 5991972864

------------ Kernel report ------------

11/29/2012 14:42:52

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\e1c62x64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\LUsbFilt.Sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\eamonm.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\Drivers\Sentinel64.sys

\SystemRoot\system32\DRIVERS\epfwwfpr.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xfffffa800c352060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000083\

Lower Device Object: 0xfffffa800c299b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007674060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa80072c2680

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.29.06

Downloaded database version: v2012.11.28.01

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007674060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007674b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007674060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800739f520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80072c2680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00d9a54e0, 0xfffffa8007674060, 0xfffffa800cc70790

Lower DeviceData: 0xfffff8a00c5a91a0, 0xfffffa80072c2680, 0xfffffa800cca3190

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR is forged!

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F47852B

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 409393152

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600000 Numsec = 567142448

Partition 3 type is HIDDEN (0x17)

Partition is ACTIVE.

Partition starts at LBA: 976744448 Numsec = 20480

Partition is not bootable

Infected: VBR on Hidden active partition --> [Rootkit.Alureon.F.VBR]

Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Sector 976753168 --> [Forged physical sector]

Sector 976753169 --> [Forged physical sector]

.

.

here I deleted the lines because here were written all the sector's string and the post was too long

.

.

Sector 976769023 --> [Forged physical sector]

Sector 976773167 --> [Forged physical sector]

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800c352060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800b0e65b0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800c352060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800c299b60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a01475c270, 0xfffffa800c352060, 0xfffffa800c3e8090

Lower DeviceData: 0xfffff8a011e83f20, 0xfffffa800c299b60, 0xfffffa800c487e40

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 9AACD5CF

Partition information:

Partition 0 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 16065 Numsec = 488376000

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

mbar-log :

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.29.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Proiectare2 :: PROIECTARE2-PC [administrator]

11/29/2012 2:50:03 PM

mbar-log-2012-11-29 (14-50-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27354

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 14

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_3_976744448_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. [195b46a15dec878e5846f1986c77aa33]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. [131f87e86517b48eeff0ec83ab1fad51]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976753168_user.mbam (Forged physical sector) -> Delete on reboot. [ea5c99d73f21747bf95c559603dc5568]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976754400_user.mbam (Forged physical sector) -> Delete on reboot. [5c89370eda1df2e5d63c6d29d86b55b8]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976755339_user.mbam (Forged physical sector) -> Delete on reboot. [41c738613dd8253a0240d77ce4431bb5]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976755484_user.mbam (Forged physical sector) -> Delete on reboot. [d8e9eecd38c37ba6f8ebbae4767d2c6f]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976757572_user.mbam (Forged physical sector) -> Delete on reboot. [7381ae94fe6918016bc4823f2da5a6d1]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976758123_user.mbam (Forged physical sector) -> Delete on reboot. [226c39ded25b63837e3fe192bb221bfe]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976761074_user.mbam (Forged physical sector) -> Delete on reboot. [9771f37b5d71d25d041592255f22a50d]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976763171_user.mbam (Forged physical sector) -> Delete on reboot. [635ebb8e2e63178dcf6ee39b77981a0b]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976766288_user.mbam (Forged physical sector) -> Delete on reboot. [1479783dcb9108de97c8478a1e74406a]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976768733_user.mbam (Forged physical sector) -> Delete on reboot. [0caa23499ef410b376186aab81a469ea]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976769023_user.mbam (Forged physical sector) -> Delete on reboot. [d76298849e5a394fb6852da78e7bf199]

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976773167_user.mbam (Forged physical sector) -> Delete on reboot. [131f87e86517b48eeff0ec83ab1fad51]

(end)

Link to post
Share on other sites

Apologies I never received Notification of your reply... Ok we can take MBAR one further step and kill the infection:

1. Open the mbar folder run mbar.exe as before....

Image1.png

2. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

3. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

4. The following image opens, select Next.

Image2.png

5. The following image opens, select Update

Image3.png

6. When the update completes select Next.

Image4.png

7. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

8. If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats. Or if you are sure any entries should not be kept, just untick them.

MBAntiRKcleanA.png

9. The Clean up procedure will be Scheduled for process.

Capture.png

10. When scheduling is complete the following image will appear,

Capture2.png

11. Select the Yes tab, the system should re-boot to complete the cleaning process.

12. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown, (copy/paste the most recent by date/time)

Image10.png

Thanks,

Kevin

Link to post
Share on other sites

Can you post the logs from MBAR, also run the following two scans and post the logs:

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Malwarebytes Anti-Malware and save it to your desktop.

Alernative D/L mirror

Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

  • mbamicontw5.gif Please download
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post the logs from AdwCleaner and Malwarebytes... Also logs from last run of MBAR..

Kevin

Link to post
Share on other sites

MBAR log :

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.12.03.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Proiectare2 :: PROIECTARE2-PC [administrator]

12/3/2012 3:49:10 PM

mbar-log-2012-12-03 (15-49-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27342

Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ADWCleaner log :

# AdwCleaner v1.604 - Logfile created 12/03/2012 at 15:57:32

# Updated 23/04/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Proiectare2 - PROIECTARE2-PC

# Running from : C:\Users\Proiectare2\AppData\Local\Temp\installer.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Proiectare2\AppData\Roaming\Mozilla\Firefox\Profiles\t2aj69bb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [825 octets] - [03/12/2012 15:57:32]

########## EOF - C:\AdwCleaner[s1].txt - [952 octets] ##########

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.