xternal Posted October 3, 2014 ID:886120 Share Posted October 3, 2014 Hello there, i have been desperately searching Google, and this website for help to remove this pesky virus, or whatever it is considered. I keep getting a popup on the bottom right of my screen like many others have had with this issue. I have tried countless programs to help out with my issue, to no avail -malwarebytes (scan sees no issues, BUT BLOCKS PROCESS **see attached PNG**)-tdsskiller (finds no issues)-rogue killer (before scanning, find and ends two processes which ends the problem, except it comes back upon restarting computer)-adwcleaner (finds nothing)-hijackthis (finds the issue in the logs and tells me that it is most likely a nasty program) Im not terrible with computers, and i am usually able to get rid of virus' or trojans on my own or by reading other forums, but this one has me stumped. Could i have a little help? thanks everyone Link to post Share on other sites More sharing options...
xternal Posted October 3, 2014 Author ID:886128 Share Posted October 3, 2014 i suppose it would also be helpful to provide some system info. windows 7 pro 64 bitintel core i7 3770 cpu @3.40 GHz16gb ramnvidia geforge gtx 480 Link to post Share on other sites More sharing options...
kevinf80 Posted October 3, 2014 ID:886217 Share Posted October 3, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Next, Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes select "Report", log will open. Close the program > Don't Fix anything!Post back the report which should also be located here:C:\Programdata\RogueKiller\Logs <-------- W7/8C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP Let me see those logs in your next reply.. Kevin.. Link to post Share on other sites More sharing options...
xternal Posted October 3, 2014 Author ID:886220 Share Posted October 3, 2014 Thanks for your reply Kevin. Here you are - FRST.txtAddition.txt Link to post Share on other sites More sharing options...
xternal Posted October 3, 2014 Author ID:886227 Share Posted October 3, 2014 and the rogue killer reportRKreport_SCN_10032014_175609.log Link to post Share on other sites More sharing options...
kevinf80 Posted October 3, 2014 ID:886245 Share Posted October 3, 2014 Upload a File to VirustotalGo to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Windows\system32\ormubaa.dll Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the results back here please. Repeat the above steps for the following filesC:\Windows\system32\tzzkt.dll Let me see the results in your next reply.... Kevin.. Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886294 Share Posted October 4, 2014 odd, i dont see either of those files in my system32 folder. what could i be doing wrong? i dont recall deleting anything after sending you the initial report... Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2014 ID:886346 Share Posted October 4, 2014 Just miss out that step and continue as follows: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... linkWhen the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Full ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Let me see those logs in your next reply, also give an update on any remaining issues or concerns.... Thanks, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886474 Share Posted October 4, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/4/2014Scan Time: 2:32:39 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.10.04.11Rootkit Database: v2014.09.19.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Mike Scan Type: Threat ScanResult: CompletedObjects Scanned: 350701Time Elapsed: 4 min, 20 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886475 Share Posted October 4, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/4/2014Scan Time: 2:32:39 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.10.04.11Rootkit Database: v2014.09.19.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Mike Scan Type: Threat ScanResult: CompletedObjects Scanned: 350701Time Elapsed: 4 min, 20 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)new fix list scan log.txtnew ftst scan log.txt Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886484 Share Posted October 4, 2014 adwcleaner log....AdwCleanerS1.txt Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886486 Share Posted October 4, 2014 **NOTE** No more popups from malwarebytesopened up roguekiller and it's pre-scan no longer kills any processes either. i will continue to the last thing you told me to do, but one of the previous scans and cleanups may have gotten rid of this Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2014 ID:886487 Share Posted October 4, 2014 Do not take it for granted that your system is clean, please continue and follow the insructions as they come.... Cheers, Kevin.. Link to post Share on other sites More sharing options...
xternal Posted October 4, 2014 Author ID:886488 Share Posted October 4, 2014 ok i think this should be the last file you requested. restarted computer again. so far, so goodJRT.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2014 ID:886490 Share Posted October 4, 2014 Log from the last scan Malicious Software Removal Tool in reply #8 still required... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 16, 2014 Root Admin ID:890863 Share Posted October 16, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts