Jump to content

Rootkit & Trojan Fileless.MTGen, need help please.


Recommended Posts

  • Root Admin

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Next,

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

 

Link to post
Share on other sites

Here are first two logs from MBAR.  I'll be getting the others to you hopefully tomorrow.  For the TDSSkiller, I was directed from video to check mark the item which required a re-boot, unfortunately that's where this system is very unstable.  It might take 3-5 times to load windows in safe-mode, almost as if going in circles and also extremely slow.  Once the system is back up, I'll run the TDSSkiller and upload the logs.  I appreciate your help.

mbar-log-2016-11-02 (06-13-48).txt

system-log.txt

Link to post
Share on other sites

  • Root Admin

Okay, well neither scanner finds anything rootkit wise. Let's go ahead and run some other scans and see what's found. Though if the computer is really that unstable and cannot even run in Normal Mode then it might be time to backup your data, format the drive and reinstall Windows. We'll take a look though and see what's up.


STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Is the computer able to run in Normal Mode now?

Is the computer running any better now?

There are issues shown in the logs but they're not malware related. It could be damage from an infection but it could also just be software conflicts and settings changes over the years.

Please give me a status update on how the computer appears to be running now.

Thanks

 

 

Link to post
Share on other sites

I booted in normal start up.  And the first screen came up is the black screen.  (This screen started coming up about 5 weeks ago.  We did check disk and it stated there is nothing wrong with the drive).  I press F2 to continue.  Then I get the windows symbol spinning for what seems forever.  Then a screen says Automatic Repair, and I get the page that lists all countries for me to choose keyboard layout for set up. 

pc1.png

pc2.png

Edited by jennifergib7
Link to post
Share on other sites

  • Root Admin

Hi Jennifer,

I'm sorry but the first screen tells what the issue is. The hard drive is failing and needs to be replaced. You need to save any data you have on the drive, from Safe Mode or however you can access it to another drive and get this drive replaced and reinstall Windows.

Please let me know if there is something else I can do to assist you

Thank you

Ron

 

Link to post
Share on other sites

When this message began, his pc was badly infected.  We got rid of infection and completed the checkdisk several times, and there was never an error with the hard drive.  I honestly don't think its a bad drive.  If you can't help, is there someone you can direct me to?  Thanks again and I appreciate your time.

 

Jennifer

Link to post
Share on other sites

  • Root Admin

Running a Disk Check is only checking for disk integrity of the data structure not the health. Please read the following and test the drive.

http://support.wdc.com/knowledgebase/answer.aspx?ID=940

It's not a matter of can I help or not, I'm sorry but that is not false warning. That is an error that gets generated from the hard drive.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.