Jump to content

I Have a Malware , Please Help

Recommended Posts

I Used to have 3  Security Software :

1-Avira Anti virus 

2-SUPER AntiSpware 

3-Malware Bytes Anti malware



It all begun when i couldn't start malware bytes anymore 

I scanned my pc with super antispyware ( Quick scan ) , it detected some threats and asked for a restart 

But before restarting my pc i did everything in here to try to get malware bytes to run again :



But none worked 


I made a  Clean Uninstall as mentioned here : https://forums.malwarebytes.org/index.php?showtopic=85715


and restated then tried installing again ( I got the error : External exception E06D7363 )


Starting malware still won't work 



I also noticed that SUPER anti Spyware Isn't running and i couldn't find it's icon anywhere  on my computer but i did find an alternate start for it 

so i started it using an alternate start and did a rescue scan ( full scan ) 


Super antispywar dected a Trojan and a malware and after removal it asked me to restart so i pressed yes 




after rebooting i tried starting malware bytes or clean reinstalling it , but still i cant get malware bytes to work at all


i think i still have the malware , what should i do ?




i attached FRST.TXT and Addition.TXT to this post ( as advised in here : https://forums.malwarebytes.org/index.php?showtopic=119858 )






I really need some expert help :(

Link to post
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please disable Windows Defender, you have AVIRA running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs


AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



Please run a Quick Scan with Malwarebytes (if you can)

For Malwarebytes ver: 1.75
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)


Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------
If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

I am sorry if this makes it harder for you but i have already clean reinstalled windows 7


What i did :

1-Booted from the Installation Cd

2-Deleted all partitions

3-Made new partitions and installed windows 7 

4-Installed Drivers 


Then i installed

1-eset smart security Anti-Virus

2-Malwarebytes Anti-malware

3-SUPER anispyware


I did a scan with eset and malwarebytes 


I made a threat scan , hyper scan , Custom scan with everything checked 


i attached a screen shot of the custom scan result 



i got no detection on all scans 



but i still think i have a malware 



because i have high ram usage when i am actually got nothing open ( 50% ram usage of 3.5GB ram total )



so i did a  new FRST scan and attached both FRST.txt and ADDITION.txt 


and i also attached Rogue Killer report 


so can pls tell me if i still have a malware ?








Link to post
Share on other sites

This will get rid of some of the tools, the rest you can manually delete:

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


So far as the ram, look at all you have running:

Unless it's the paid version, there's no need for SUPERAntiSpyware to be running.

You can run a program like StartupLite to stop un-necessary programs:

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Windows\System32\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Google Inc.) C:\Program Files\Google\Update\\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Alcatel-Lucent) C:\Program Files\TEData\McciTrayApp.exe
() C:\Users\Abdulrahman\AppData\Roaming\Dashlane\Dashlane.exe
(Akamai Technologies, Inc.) C:\Users\Abdulrahman\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Akamai Technologies, Inc.) C:\Users\Abdulrahman\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Innovative Solutions) C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Abdulrahman\AppData\Roaming\Dashlane\DashlanePlugin.exe



Link to post
Share on other sites

Hello , i did a process scan using process explorer and virus total 


and it says that i have this malware process running : poclbm.exe


i tried googling it and it gives me something about Bitcoins Mining 

Link to post
Share on other sites

It's not in any of your logs, can you do a search for it?


Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.


Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites

Well , it's not what i expected


but here it's anyway :


C:\Users\Elbasel\Desktop\Other\Setup(s)\Advanced Uninstaller PRO 11 Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Elbasel\Desktop\Other\Setup(s)\Driver Max Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
These programmes aren't malware , i know that



But believe me when i say that i found this process ( poclbm.exe ) with process explorer earlier and when i scanned it using virus total , only an anti virus called Drweb identified it as a malware 


when i did the eset scan it was already not in the process explorer list as it has hidden it self 





what i think that't it uses by someone to mine bitcoins using my pc


which is why my cpu usage is over 50%





but anyway , you are the expert


i will believe what you say 



Link to post
Share on other sites

Farbar Recovery Scan Tool (x86) Version:12-06-2014 02

Ran by Elbasel at 2014-06-14 18:16:00

Running from C:\Users\Elbasel\Desktop\Virus

Boot Mode: Normal


================== Search: "poclbm.exe" ===================


=== End Of Search ===

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.