Jump to content

Infected computer


Rex

Recommended Posts

Hi! Yesterday I got infected by several malware. My browsers were hijacked, I got bsods, was unable to install Avira etc. I got most of them removed by several tools including MBAM, Adwcleaner, Roguekiller but I still think there's something in my computer that doesn't belong to it. My computer gets strange frozens that have not happened before yesterday's infection, Roguekiller reporting Hook.IRP in two different .sys file that changes in different scan times, also in Temp folder there comes suspicious "dllnt_dump.dll" at every boot though I empty temp folder. And though I'm not an expert, but I think there are something wrong also in OTL log. I will post it here also if you need it. And thanks in advance for helping me to get my computer clean :)

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" Also checkmark Shortcut.txt and Addition.txt under Optional scan Select scan, when done post the two logs....
 

Let me see those logs....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

I did all adviced things.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Tarkistuksen päivämäärä: 29.10.2015
Tarkistuksen kellonaika: 14:47
Lokitiedosto: mbamlog.txt
Järjestelmänvalvoja: Kyllä
 
Versio: 2.2.0.1024
Haittaohjelmien tietokanta: v2015.10.29.03
Rootkittien tietokanta: v2015.10.28.01
Lisenssi: Ilmainen
Haittaohjelmasuoja: Pois käytöstä
Haitallisten verkkosivujen esto: Pois käytöstä
Itsepuolustus: Pois käytöstä
 
Käyttöjärjestelmä: Windows 7 Service Pack 1
Prosessori: x64
Tiedostojärjestelmä: NTFS
Käyttäjä: Jukka
 
Tarkistuksen tyyppi: Kattava tarkistus
Tulos: Valmis
Kohteita tarkistettu: 334170
Aikaa kulunut: 8 minuutti(a), 41 sekuntti(a)
 
Muisti: Käytössä
Käynnistys: Käytössä
Tiedostojärjestelmä: Käytössä
Pakkaukset: Käytössä
Rootkitit: Käytössä
Vaarallisten rootkittien tarkistus: Käytössä
Heuristiikka: Käytössä
Mahdollisesti haitalliset ohjelmat: Käytössä
Mahdollisesti haitalliset muutokset: Käytössä
 
Prosessit: 0
(Haitallisia kohteita ei löydetty)
 
Moduulit: 0
(Haitallisia kohteita ei löydetty)
 
Rekisteriavain: 0
(Haitallisia kohteita ei löydetty)
 
Rekisteriarvot: 0
(Haitallisia kohteita ei löydetty)
 
Reksiteritiedot: 0
(Haitallisia kohteita ei löydetty)
 
Kansiot: 0
(Haitallisia kohteita ei löydetty)
 
Tiedostot: 0
(Haitallisia kohteita ei löydetty)
 
Fyysiset sektorit: 0
(Haitallisia kohteita ei löydetty)
 
 
(end)

roguekillerlog.txt

FRST.txt

Addition.txt

Shortcut.txt

Link to post
Share on other sites

dllnt_dump.dll is not classed as malicious -  http://www.freefixer.com/library/file/dllnt_dump.dll-166202/

 

mountmgr.sys is not classed as malicious either although like most drivers it can cause BSOD and or freezes... https://support.microsoft.com/en-us/kb/2614892

 

I do not see any obvious malware or infection in your logs,

 

Can you post the logs from OTL, also Combofix log C:\Combofix.txt 

 

Also zip up and attach Qoobox folder from Combofix  C:\Qoobox

 

Can you also check if this folder is on your system C:\Windows\Minidump if so zip up and attach that folder...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thanks for the reply, run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.