Jump to content

Recommended Posts

Hello all.

 

I am using regulary MalwareBytes Anti-Malware PRO. It was working amazing, but these late days erm.. maybe not.

 

 

I have seen some notifications of Malwarebytes that the anti-malware is blocking some malicious websites. This was so annoying and I updated & full scanned my pc, it found 4 threats.

 

The threats are;

 

PUP.Optional.PrimeMiner - located in C:\WINDOWS\hev.exe (quarantined successfully)

Trojan.Miner - located in C:\WINDOWS\system32\libcurl-4.dll (quarantined successfully)

Trojan.Miner - located in C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\Cache\libcurl.dll (quarantined succesfully)

PUP.BitcoinMiner - located in C:\WINDOWS\system32\winlen.exe (quarantined succesfully)

 

However, I'm still getting notifications that the anti-malware is blocking malicious websites.

Common blocked IPs are: 5.61.45.152 and 72.8.190.39

Like shown in photo:

 

1apByT.png

 

 

and

 

EQRnTh.png

 

Is this False Positive or not?  I am infected?

 

 

 

Sincerely,

TheVaLo

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

    [*]Click Finish. [*]On the Dashboard, click the 'Update Now >>' link [*]After the update completes, navigate to the Scan tab, select Custom Scan. [*]Click the Scan Now >> button. [*]Under 'Custom Scanning Options' uncheck all boxes. [*]Select only 'Scan for rootkits'. [*]Do not select any drive letter. [*]Click 'Start Scan'. [*]When the scan is complete, click on 'Cancel'. [*]Click Yes at the next message. [*]Click on the History tab > Application Logs. [*]Double click on the scan log which shows the Date and time of the scan just performed. [*]Click 'Copy to Clipboard' [*]Paste the contents of the clipboard into your reply.

Link to post
Share on other sites

Please download Necurs cleaner to your desktop.

Run the file as administrator.

If you receive the message "Win32/Necurs has been found on your system," press Y to confirm that you want to remove the rootkit.

When prompted to reboot the computer, press Y followed by the Enter key.

Skip the offer to do a full scan.

 

Tell me the result.

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Hello. Sorry for my late reply.

 

I ran ComboFix and it scanned, it asked to reboot and it rebooted, after that it was saying Preparing log file..

I waited for a 1 hour and 30 minutes and I pressed X button on combofix button.

 

What's happening? 1 hour and 30m to prepare a log file? (I couldn't wait too much)

 

Should I try it again?

 

NOTICE: I do not have Kaspersky Anti-Virus installed on this machine, I don't know why WSA is saying Kaspersky Anti-Virus is enabled and updated.

Link to post
Share on other sites

Hello.

I saw that my computer is messed up, and what I did is I re-installed the OS.

 

Request seem to be solved by formatting.

 

Currently I am installing updates and configuring it.

 

 

Thanks very much for your time.

 

 

Yours,

VaLo.

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.