Jump to content

Possible Malware ....

chartierpw

By chartierpw
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

chartierpw

chartierpw

Posted
  • Author
Posted

Kevin,

Yes Disable Internet Explorer VB scripting is ticked .... see screen shot.  I cannot change any of the settings, they are all disabled.

Also, I cannot enable rootkit detection, every time I load MalwareBytes, it's disabled.  I enable it and scan, but rootkit isn't part of the scan.  When I close and reopen MalwareBytes, it's disabled again.

R/
Prescott ...

Screen Shot.docx

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

That is strange regarding rootkit option, almost as if some kind of protection is holding it off... Lets run TDSSKiller see if we`ve missed anything...

Please read carefully and follow these steps.
 
  • Download TDSSKiller from here  http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
  • Doubleclick on user posted image to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"

    user posted image

     
  • Ensure all entries are Checkmarked under Additionl Options, Ensure all entries are Checkmarked under Objects to scan When Loaded Modules is checkmarked a re-boot will be offered, allow that to happen...

    user posted image

     
  • Continue after reboot select "Change Parameters" make sure entries are checkmarked and then Select "Start Scan"

    user posted image

     
  • If an infected file is detected, the default action will be Cure, click on Continue.

    user posted image

     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    user posted image

     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    user posted image

     
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I did not expect any threats really, have just been reading an old thread regarding the very problem you have, from the date this would possibly be with MB version 2.xxxxxxx so it is regarding Malwarebytes Anti Exploit, obviously MBAE is now built into version 3

Have a read see what I mean:

https://forums.malwarebytes.com/topic/170206-solved-blocking-site-under-ie/

I`ll post to our private forum and see what respons I get. Just for a test can you open Malwarebytes as done in Reply ID 27 and untick VB scripting, then open IE and see what happens....

 

Link to post
Share on other sites
chartierpw

chartierpw

Posted
  • Author
Posted

Kevin

I cannot change any of the settings, they are greyed out.  See previously uploaded screenshot in post ID 28.

Also, I cannot enable rootkit detections.  If I turn it on and. scan, rootkit detections are no included in the scan.  When I close and reopen MalwareBytes, rootkit detection is once again disabled.

I don't believe we have the same issue here as in that other post.

R/
Prescott ....

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Please create an mbam-check log:
 
  • Download mbam-check.exe from here: https://downloads.malwarebytes.org/file/mb3_check and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead, please attach the log CheckResults.txt file which should now be located on your desktop to your next post.
  • Attach the log to your reply

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for that log all looks ok... Run the following :-

Please download Security Analysis by Rocket Grannie from here: http://rocketgrannie.spywareinfoforum.org/RGSA.exe
 
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.


There maybe a Warning from Windows about running the program, if so click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.


Note: The link to the most current version of the program will always be in the first post of this topic.
Note: (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run to continue.)
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

Please post your feedback in this topic.

 

 

Link to post
Share on other sites
chartierpw

chartierpw

Posted
  • Author
Posted

Kevin,

No matter what I do, my machine will not let me download this file.

I've attached screen shots of the messages I get.  No matter how many times I click "Try Again" on the second dialog, it won't download.  Eventually I have to cancel.  In between the dialogs I get the "do you want to allow this program to make changes to you system" (words to that effect) dialog, I couldn't capture that in a screen shot.

R/
Prescott ....

Screen Shot RGSA.docx

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
I see McAfee is installed, it is upto date but disabled, I know McAfee can still cause issues for certain software even when disabled as some drivers are still active.... Can you UNinstall McAfee and see if that makes any difference:

Removal tool available here: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

This really frustrating, boot into safe mode and uninstall Malwarebytes http://www.computerhope.com/issues/chsafe.htm

Next,

Boot back to Normal mode: Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Next,

Download and install Malwarebytes from Here: https://www.malwarebytes.com/mwb-download/thankyou/
 
Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"
 
Post FRST logs pre and post MB reinstall...
 
Thank you,
 
Kevin

 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

Not seeing anything wrong in those logs, I want you to turn off Microsoft Security Essentials, see if that is having an impact on Malwarebytes. Or even better still uninstall it and see if that makes a difference. Only uninstall if Malwarebytes has all shields up and realtime protection on....

MSE removal tool https://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

Does that make any difference...?

Edited by kevinf80
Link to post
Share on other sites
chartierpw

chartierpw

Posted
  • Author
Posted

Kevin,

The "fix It" software has been retired.  When I click on the link it sends me to Bleeping Computer and then when I click on the download button I get redirected to a Microsoft article explaining that "fix it" had been retired.

I uninstalled Microsoft Security Essentials from control panel.

No change, still unable to turn on the rootkit scan.

R/
Prescott ....

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.