Jump to content

Still infected?


Recommended Posts

Hi

My computer was lagging, so I run Malwarebytes Anti-rootkit. It found the following files and deleted the files. Then tried Malwarebytes Anti-malware and Anti-rootkit again, but they could not find any other virus. However, the computer is still lagging sometimes. Is it still infected? Could you please check it? Attached the output of Farbar.

 

The virus that was deleted by Malwarebytes Anti-rootkit :

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.223.14393.0
alp :: DUN [administrator]

11/10/2016 02:18:07 AM
mbar-log-2016-10-11 (02-18-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 378567
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [b5884bf2d4a8c4721eaf50a455aedd23]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [2e0fab926616fe389254e01408fbad53]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [003de25be3991224887e995e25de8080]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [49f4112cf884f442e7e6856f46bdd32d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [f34a0b320973e74f64826193ab58e21e]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [08358cb1e89438feac5ad62144bf09f7]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\syswow64:win32app_1 (Rootkit.ADS) -> Delete on reboot. [9e9f7bc27efead897d059823e61d629e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

What is this download? It crashed when it tried to run.

Error: (10/11/2016 07:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: g49lrnj9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: g49lrnj9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008dd21
Faulting process id: 0x28d4
Faulting application start time: 0x01d223a70e1e9795
Faulting application path: C:\Users\alp\Downloads\g49lrnj9.exe
Faulting module path: C:\Users\alp\Downloads\g49lrnj9.exe
Report Id: 62701004-a349-4f2e-9695-a438f20b7f72
Faulting package full name:
Faulting package-relative application ID:

In general the computer does not look to be infected. It may have some minor junk but no real threats shown in the logs.

 

 

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer and run the following.

 

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.