apexmgmttechmen Posted June 20, 2013 ID:693700 Share Posted June 20, 2013 Knights of M.Bytes, I humbly request your consideration as I secure the machines that have until recently been under the exiguous care of my predecessor; Every device was running bare bones internet explorer(although I have heard many proclaim the redemption of MS's competence in the browser realm) and an inconsistent smattering of redundant antivirus', with no two machines running the same brand. As I assuage the chaos and foment a new zen in my jurisdiction I will post my inital malwarebytes .txt dymp here. I found this forum via google queries in the past month pertaining to specific species of malware. The user "Gringo" has proven to be a suitable search term since I have benefitted from his expertise several times with issues on my non-work projects. ____________________________________________________It would appear that this first computer http://i.imgur.com/kpCcmud.jpg was host to at least two malicious objects (which is an improvement from 30+ last time around) and as soon asmalwarebytes:anti-malware(fullscan) detected these two elements I recieved a pop up notification from my antivirus (Comodo Antivirus) indicating that it too had coincidentally noticed two malicious objects. I didn't really hesitate to select the "take care of it" button on the Comodo alert. Out of habit I was concurrently running an instance of Malwarebytes:Anti-Rootkit. It completed its scan shortly after I instructed Comodo to purge the offending objects and announced that there was no malware detected. at any rate here is the Malwarebytes log_____________________________________________________Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.20.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618Apex :: APEX-I3-02 [administrator]6/20/2013 2:41:00 PMMBAM-log-2013-06-20 (15-29-34).txtScan type: Full scan (C:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 347355Time elapsed: 48 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFPerformer (PUP.BundleInstaller.IB) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\Uninstall Information\Ib\34\3701\ib_uninstall.exe (PUP.BundleInstaller.IB) -> No action taken.(end)__________________________________________________________________________________ Following this scan I opted to strike the "Remove Selected" button (MalwareBytes:Anit-Malware), and I shall agree to restart my computer remove the active threats as soon as I have succesfully posted this message. Although I appear to have removed everything that is what I thought the first time around, hence; this thread. Thank you for your time -R.E.M. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:693892 Share Posted June 21, 2013 Please have it remove and reboot. Then run the following. Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 30, 2013 ID:697229 Share Posted June 30, 2013 @ apexmgmttechmen It has been 10 days and no reply from you. Are you still with us? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 1, 2013 Root Admin ID:697407 Share Posted July 1, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts