Jump to content

Computer Virus


Recommended Posts

I recently got infected with a computer virus I have tried to run mbam chamelon in safe mode it gave me a error could not update mbam. I've tried running mbam regulary but it increases in cpu usage and slowly goes down (Mbam Dosnt Open Btw) any ideas?

Link to post
Share on other sites

  • Replies 113
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

QUOTE
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs...

Thank you,

Kevin...
Link to post
Share on other sites

Alright i ran rkill nothing came ul for malware services; It does say that my windows defender is disabled "DisabledAntiSpyware" = dword:00000001

It as also terminated these proccesses

C:\Windows\jmesoft\hotkey.exe (PID: 3128) [WD-HEUR]

C:\Windows\jmesoft\ServiceLoader.exe (PID: 6080) [WD-HEUR].

Other then that the pc is acting normal mbam isnt running still.

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download user posted imageMalwarebytes Anti-Malware
 
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.



Save the file to your desktop and include its content in your next reply.

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Post those two logs...

Thank you,

Kevin...

 

Fixlist.txt

Link to post
Share on other sites

Try fixlist.txt as follows:

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to the Desktop or the folder that you saved FRST to ensure to name it fixlist.txt

	Start
	CreateRestorePoint:
	CloseProcesses:
	HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [sqlzdb] =&gt; rundll32.exe "C:\Users\Alta\AppData\Local\sqlzdb.dll",sqlzdb &lt;===== ATTENTION
	C:\Users\Alta\AppData\Local\sqlzdb.dll
	HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [Buzzing Dhol.exe] =&gt; C:\WINDOWS\System32\Buzzing Dhol.exe
	C:\WINDOWS\System32\Buzzing Dhol.exe
	HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\MountPoints2: E - "E:\setup.exe"
	HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\MountPoints2: F - "F:\Setup.exe"
	C:\Users\Alta\AppData\Local\Temp\3OPTJP9KTK.exe
	C:\Users\Alta\AppData\Local\Temp\61ULIO0W0Z.exe
	C:\Users\Alta\AppData\Local\Temp\CodecFixDivx.exe
	C:\Users\Alta\AppData\Local\Temp\dxdiag.exe
	C:\Users\Alta\AppData\Local\Temp\io1.exe
	C:\Users\Alta\AppData\Local\Temp\jogamp_exe_tst3297018305470600636.exe
	C:\Users\Alta\AppData\Local\Temp\jogamp_exe_tst5736768522005858849.exe
	C:\Users\Alta\AppData\Local\Temp\libeay32.dll
	C:\Users\Alta\AppData\Local\Temp\MediaPlayer__11425_il112318.exe
	C:\Users\Alta\AppData\Local\Temp\mesox.exe
	C:\Users\Alta\AppData\Local\Temp\msconfig.exe
	C:\Users\Alta\AppData\Local\Temp\msvcr120.dll
	C:\Users\Alta\AppData\Local\Temp\s5mark_setup_aid91tid336_20160318.exe
	C:\Users\Alta\AppData\Local\Temp\sqlite3.dll
	C:\Users\Alta\AppData\Local\Temp\Uninstall.exe
	C:\Users\Alta\AppData\Local\Temp\xmlUpdater.exe
	CustomCLSID: HKU\S-1-5-21-282325405-1474076517-3493579889-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3CDBBBCDD32D}\InprocServer32 -&gt; %%systemroot%%\system32\shell32.dll =&gt; No File
	Task: {122A3537-A239-4D54-84B3-D7440075687D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -&gt; No File &lt;==== ATTENTION
	Task: {17661AB0-053C-4BE5-A8D6-932149FAA327} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -&gt; No File &lt;==== ATTENTION
	Task: {58BA5F6F-7ED0-48BE-A555-F064BE45432C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -&gt; No File &lt;==== ATTENTION
	Task: {732FB60B-6ADB-4AB9-803A-792828AEFBE3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -&gt; No File &lt;==== ATTENTION
	Task: {A04F8413-22DE-445C-BCEE-BAD9F9E28F0B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -&gt; No File &lt;==== ATTENTION
	Task: {DE3C8CEC-7757-4004-A537-DF135C2482AB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -&gt; No File &lt;==== ATTENTION
	Task: {E405F58F-71D5-4B4A-B495-1BF6F2F33CD3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -&gt; No File &lt;==== ATTENTION
	Shortcut: C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment\Wizard101\Report a bug.lnk -&gt; C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\BugReporter.bat (No File)
	Hosts:
	EmptyTemp:
	end

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.