Jump to content

Can Somebody identify this virus? I have it and MalwareBytes cant find it


Recommended Posts

Hey guys, i was having a normal day 2 days ago and i was in the middle of a match of league of legends, all of a sudden my fps went from my normal solid 80 to 10-20 and i tabbed out and being the tech geek i am, was checking to see what was lagging my game up. I tabbed out and i seen lots and lots of processes i have never seen before open and taking up 100% of my CPU usage. I scanned with malwarebyes and nothing came up as detected. I restarted my computer and about 20 seconds after the reboot, all the programs opened and my cpu was at 100% agiain. I went to the file locations and wrote them all down, then i system restored back by 5 days. The files i wrote down are all still there, but nothing is opening like before. What is this? 

post-180773-0-05864300-1420051741_thumb.

Link to post
Share on other sites

  • Staff

it appears to be a poweliks infection.

 

Please do the following:

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/and save it to your desktop.

Direct link to the file: http://downloads.malwarebytes.org/file/mbar

Next, exit Malwarebytes Anti-Malware ( MBAM ) if it is running. You can do so via the notification area icon near the clock. Right click on the MBAM icon and select Exit.

•Doubleclick on the MBAR file you downloaded.

•Approve the UAC prompt in Vista and newer operating systems.

•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.

•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next'.

•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.

1.'Could not load protection driver'. Click 'OK'.

2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes.

please send the following logs as attachments to your reply. These logs are located in the Malwarebytes Anti-Rootkit folder.

mbar-log-2014-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

system-log.txt

Link to post
Share on other sites

  • Staff

Not what I expected, so please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/(for 32bit systems)

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/(for 64bit systems)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

  • Staff

aah, that explains it then, looks like you were successfully able to restore to a point prior to infection.

There are indications in the logs that you are using a pirated version of HotSpot shield. I urge you to remove it.

This practice is not condoned by Malwarebytes, not only is it illagal, but it is a certain way to get infected, your personal information could very well have been compromised. It really isn't worth it. Steer clear of torrents, peer to peer, cracks and keygens.

There is some remaining adware to clear.

Please do the following:

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.