Guest acestaagainandagain Posted April 16, 2013 ID:669977 Share Posted April 16, 2013 hello,I know for sure that is some sort of rootkit because i just formatted the PC twice in a row, only the local disk for the windows, and i still get pop ups from MB with 'blocked acces to a potential malcious website although i am mindining my own business on youtube.(no toolbars or peer to peer soft. on my pc), i even reinstalled google chrome( unininstaling it with revo)a dozen. of rimes already.. and all i got from all the scans was zero.. dds.scr & dds.com don't work, i leave them alone for 14h and they still say 'two logs will be created on your desktop'...I have remade my account here 3 times (3rd on my iphone) cause it allways said incorrect just to make this post (on my iphone, yeah.. i am that paranoid..)i must say i have great respect for all you people out the who spend their 4 minutes helping/reading other guys topic.. i don't have much hope for this so i want to see what else i can do before i delete all my good old times pic/music/vids/games etc with a (probably useless format) of my disk aswell..PC: windows 7 32 bit service pack 1ram 2gbintel core 2 quad cpu Q6600 @ 2.40GHz 2.40GHzGeForce 9300 GEPackard bellthank you Link to post Share on other sites More sharing options...
Staff CatByte Posted April 18, 2013 Staff ID:671312 Share Posted April 18, 2013 Please do the following:Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Select All UsersUnder the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exeservices.exe/md5stop%systemroot%\*. /rp /s%systemdrive%\$Recycle.Bin|@;true;true;true /fp DRIVESCREATERESTOREPOINTBASESERVICESClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Post both logsNEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671315 Share Posted April 18, 2013 Can't reply from the other account, as it still validating,nonetheless, here are the logs,Awaiting your responseOTL.TxtExtras.TxtMBR.zipaswMBR.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted April 18, 2013 Staff ID:671349 Share Posted April 18, 2013 hello,there is nothing obvious showing in the logsPlease run the following:Download RogueKiller and save it to your desktop. Quit all other programsStart RogueKiller.exeWait until the Prescan has finished ... Click on ScanWait for the end of the scanA report will be created on your desktop. Click on the Delete buttonNext click on the ShortcutsFix another report will be created on your desktop.Please post: All RKreport.txt text files located on your desktop. Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671353 Share Posted April 18, 2013 DoneRKreport1_S_04182013_02d2158.txtRKreport2_D_04182013_02d2159.txtRKreport3_SC_04182013_02d2200.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted April 18, 2013 Staff ID:671363 Share Posted April 18, 2013 Please run the following:Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next messageNEXTDownload AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671450 Share Posted April 18, 2013 It took some time but is done,Awaiting you responseJRT.txtAdwCleanerS3.txtmbam-log-2013-04-18 (22-50-49).txtESETSCAN.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted April 18, 2013 Staff ID:671453 Share Posted April 18, 2013 please run TFC to delete all your temporary internet files:Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanPlease advise how the computer is running now and if there are any outstanding issues Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671459 Share Posted April 18, 2013 I ran it and it cleaned like 500 mb, but i willhave to see any other random attempt to acces malicous website while using Chrome. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 18, 2013 Staff ID:671460 Share Posted April 18, 2013 ok let me know Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671472 Share Posted April 18, 2013 Some lagspikes here and there but there hasn't been any popups regarding attempt to acces malicious websites. Link to post Share on other sites More sharing options...
acestaagain Posted April 18, 2013 ID:671474 Share Posted April 18, 2013 Gonna keep checking how it feels with 100% time connected to the internet, i've been pretty paranoid in these past DayZ Link to post Share on other sites More sharing options...
acestaagain Posted April 19, 2013 ID:671754 Share Posted April 19, 2013 I was keeping an eye on the logs in MB, and i have seen something weird, can you tell me if it is normal ?2013/04/19 17:48:23 +0300 MICHAEL-PC michael MESSAGE Scheduled update executed successfully: database updated from version v2013.04.19.03 to version v2013.04.19.042013/04/19 17:48:23 +0300 MICHAEL-PC michael MESSAGE Starting database refresh2013/04/19 17:48:23 +0300 MICHAEL-PC michael MESSAGE Stopping IP protection2013/04/19 17:48:24 +0300 MICHAEL-PC michael MESSAGE IP Protection stopped successfully2013/04/19 17:48:26 +0300 MICHAEL-PC michael MESSAGE Executing scheduled scan: Flash Scan | -terminate2013/04/19 17:48:26 +0300 MICHAEL-PC michael MESSAGE Scheduled scan executed successfully2013/04/19 17:48:43 +0300 MICHAEL-PC michael MESSAGE Database refreshed successfully2013/04/19 17:48:43 +0300 MICHAEL-PC michael MESSAGE Starting IP protection2013/04/19 17:48:47 +0300 MICHAEL-PC michael MESSAGE IP Protection started successfully2013/04/19 18:54:26 +0300 MICHAEL-PC michael MESSAGE Executing scheduled update: Flash Scan | HourlyShouldn't the IP protection be up all the time? Link to post Share on other sites More sharing options...
acestaagain Posted April 19, 2013 ID:671778 Share Posted April 19, 2013 Nevermind,I found out. Gonna keep checking. It is all good atm. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 19, 2013 Staff ID:671947 Share Posted April 19, 2013 Looks good,We just have some housekeeping to do now,Please do the following:You can delete the RogueKiller and aswMBR logs and programs from your desktop.NEXTFollow these steps to uninstall Combofix Make sure your security programs are totally disabled.Press the WinKey +R to open a run boxNow copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.NEXTDouble click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with yes.NEXTClean up with OTL:Double-click OTL.exe to start the program.Close all other programs apart from OTL as this step will require a rebootOn the OTL main screen, press the CLEANUP buttonSay Yes to the prompt and then allow the program to reboot your computer.If there are any logs/tools remaining on your desktop > right click and delete them.NEXTBelow I have included a number of recommendations for how to protect your computer against malware infections.It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.Keep Windows updated by regularly checking their website at :http://windowsupdate.microsoft.com/This will ensure your computer has always the latest security updates available installed on your computer.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.[*]Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanIt's normal after running TFC cleaner that the PC will be slower to boot the first time. [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE[*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.[*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:PC Safety and Security--What Do I Need?.[*]Simple and easy ways to keep your computer safe and secure on the InternetThank you for your patience, and performing all of the procedures requested.Please respond one last time so we can consider the thread resolved and close it, thank-you. Link to post Share on other sites More sharing options...
acestaagain Posted April 20, 2013 ID:672039 Share Posted April 20, 2013 I don't have Combofix to uninstall, and i've been using Lastpass as a password keeper, you think it is good enough ?Before you go, can you tell me, would it be a good idea to use TFC as a once in a while cleaning tool ? Everything else is done.Thank you for your time spent with my issue, ☺ i wish you the best :* Link to post Share on other sites More sharing options...
Staff CatByte Posted April 20, 2013 Staff ID:672137 Share Posted April 20, 2013 Helloyes, it's a good idea to run TFC every once in a while, Lastpass if finestay safe~CB Link to post Share on other sites More sharing options...
Staff CatByte Posted May 6, 2013 Staff ID:676689 Share Posted May 6, 2013 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts