Jump to content

for RBUSKIRK


Recommended Posts

I am seeing the same thing and it just started today.

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152 
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome 38.0.2125.101 
 Google Chrome 38.0.2125.104 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/18/2014
Scan Time: 10:41:18 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.18.05
Rootkit Database: v2014.10.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323182
Time Elapsed: 7 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

I have been with you guys for years and this is the first time I have had this issue.

I do applogize I have attached the requested docuements.

 

 

I did a netstat and i noticed like no less than 300 established connections from my PC outbound and That is not normal for my PC.

IF you can help me I would be so very thankful.

 

FRST.txt

Shortcut.txt

Addition.txt

Link to post
Share on other sites

I have followed directions on Antoher post for the exact same problem happening today.

For

https://forums.malwarebytes.org/index.php?/topic/159074-shako/page-2

 

I have the latest version of MB, IT and Anti Root kit came up Nothing.

How ever when I followed the step last suggested . Use the ESET it found something.

The scann is still running but i can tell you it found this.

 

A variant of Win32/Systweak.H potentially unwanted application JS/Kryptik.ARD trojan

A variant of Win32/OpenInstall potentially unwanted application

A variant of Win32/FreeNew.A potentially unwanted application

 

The scan is still ongoing I will update when It is completed with the full text file attached.

Link to post
Share on other sites

These steps are for  member Rbuskirk only. If you are a casual viewer, do NOT try this on your system!
If you are not  and have a similar problem, do NOT post here;  start your own topic

The fix here is specific to this system only !

 

 

Later on, attach the whole log from ESET.  What you posted is not all of it.

 

Save the attached file Fixlist.txt    to the same location where you have FRST.exe   ---- thats important for the Fix to work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

Run FRST again but this time press the "Fix" button just once and wait.

When finished, it will make a log ( fixlog.txt ) next to FRST.
Please attach the Fixlog.txt  into a reply.

Fixlist.txt

Link to post
Share on other sites

ok. In that event, we can do a search using the FRST64 tool.

Start FRST64.exe
when it shows its main screen, look at the box marked Search
type in
UpdateTool.exe

press the Search Registry button.

Have lots of patience. Attach the log Search.txt after the run has finished.
Search.txt log is saved on the same location where FRST.exe is located.

The issue you see is some sort of leftover and we'll locate then remove.

Link to post
Share on other sites

Not finding it.

 

Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01

Ran by Rick at 2014-10-19 11:26:10

Running deom O:\

Boot Mode: Normal

 

======================= Search Registry  "UpdateTool.exe "  =======================

 

=============== End of Searh ====================

Link to post
Share on other sites

ok.   Lets do some more research using other report  tools.

 

Download OTL by OldTimer to your desktop:
http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Then run OTL
(for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.

In the lower right corner, checkmark "LOP Check" and checkmark Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted.  It will take about 4 minutes or so.  In any event, have lots of infinite patience.

It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad.  Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe
Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!

Then attach the following into your post
OTL.txt
Extras.txt
checkup.txt

Link to post
Share on other sites

Sorry it would not let me attach another document.

Here is the contents of checkup.txt

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Google Chrome 38.0.2125.101  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Question for you.   Except for what is on this topic --- did you run any other tool on your own, today or recently?

 

My guess is the "update" not found thing has something to do with a Nvidia update entry in the Windows startup in the registry.

 

I would like to know, IF you followed some other user's thread and ran some tool on your own?

 

Also,

Start FRST64.exe
when it shows its main screen, look at the box marked Search
type in
Nvtmru

press the Search Registry button.

Have lots of patience. Attach the log Search.txt after the run has finished.
Search.txt log is saved on the same location where FRST.exe is located.

Link to post
Share on other sites

I had followed only one step prior and attached the files you suggested.

It seemed like the most logical choice, since you had asked me to do that next anyway.

 

I had installed the Bit Defender because I really did not have a Virus tool. I have only used you guys as my full protection.

Nothing was ever found in the scan.

 

I am attaching the requested file.

 

 

I am talking on a different PC on this chat because that computer is unplugged from the network.

I will state sometime inthe night it stopped screaming out the blocked IP's but I have done no extra step here.

 

Search.txt

Link to post
Share on other sites

Glad to know that the blocked IPs have ceased.  But in any event, the program did protect you by blocking those IPs which came from a Powelink pest.

Any traces of the pest is all gone, starting after the Fix of today at 10:38  that you ran.

 

As to the Nvidia update --- I am sending a registry fix by attching a ZIP file.  Named Rick.zip.

Save it to your system.  Then unzip the content.

You will see a Delnv.reg

 

Do a right click on Delnv.reg  and select "MERGE" and allow it to proceed forth.

 

With that done, we will take a long breather.  Watch your system over the next 1, 2, or 3 days and let me know how it goes.

 

 

Rick.zip

Link to post
Share on other sites

Thank you very much.

I have ran the suggested Nvidia fix.

 

It is scarey not knowing what was doing that. I had nto installed anything recently that i could remember.

I will be sure to let you know how things have gone.

 

The Netstat during the even was a bit alamring because there where some connections established from my PC outbound.

It was like my PC was being used for something. Not sure what it was but glad its not happening now.

Link to post
Share on other sites

OK.

From what you just said about Netstat, then I would recommend, just in case, that you watch closely your bank account and credit cards & Paypal, etc  if you do any banking, online buying.

And change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

 

See this article on creating strong passwords   http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

 

Consumers – Identity Theft   http://www.ftc.gov/b...mers/index.html

Link to post
Share on other sites

  • 3 weeks later...

We can wrap up this case.

The following procedures will implement some cleanup procedures to remove the tools I had you use.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot



Any other programs or logs that are still remaining, you can manually delete.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.