Jump to content

Recommended Posts

Hello MBAM support. Today, I pluged in a USB into my computer and I noticed my files had been changed to direct accesses. Unfortunately I clicked one and the problems started from there. I have ESET Endpoint Antivirus and immediately after trying to open a .docx document a notification started popping up about a URL adresss being blocked. Every 5-10 seconds the notification appears again and it has never stopped since. At first, I tried restarting my computer but it did not work, the notification continued.

Then I heard of MBAM and installed it but the program would not run. So, I went and opened the chameleon help file by going into the folder located in program files. (Note: There was no folder in start called "Malwarebytes Anti Malware", there was only one called "Malwarebytes" and it only contained a direct access to the program and the uninstaller). I went through all Chameleon #. The first 3 or 4 opened the DOS box but it got closed down almost immediately. The others had better success and were able to launch Malwarebytes, but a second or two after that it darkened the screen and a pop-up window saying the program stopped working. After windows "analyzed" the problem it told me the program stopped working altogether and only gave me the option to close it. This happened with every other Chameleon #

Next, in order to post a topic here, I tried running the Farbar Recovery Scan Tool, but I was unable. The windows appear for a second (or less!) and then immediately close down. Screenshots 3 and 4 of my attachments are those. Note that in the second screenshot you can see the ESET notification that is endlessly popping up, which reveals the URL address that is being blocked. Also, you may notice my computer is in spanish. I hope this is not a problem.

I then ran Rkill and it told me programs should be able to run now, but I still had the same problems. I attached the log it created. 

Other than the constant pop-ups from ESET and the preventing of anti-malware programs being launched I haven't had any problems. I am, of course, being extremely careful of what I'm doing in my computer right now.

Additional notes:

-ESET is outdated, and it has constantly been telling me so for a while. I'm not sure why. I can't update it.
-I ran McAfee Security Scan Plus and it did not detect any threats. It only told me that ESET is outdated
-I registered this account just for this and it is temporary. I do not want to type any of my actual passwords just in case.
-I always have an EHDD plugged into my computer (it's a laptop). I just noticed to my dismay that everything in it got turned into a direct acess too. Is there any way the files in it can be saved? I don't want to unplug it just in case. After noticing the problems happening, I formatted the USB that started the problems. I restarted the computer with that USB still plugged in and unplugged it only after that. I don't want to connect it again for now. What I am most concerned about are the files in that EHDD.

Thank you for your time.

virus problem 1.png

virus problem 2.png

virus problem 3.png

virus problem 4.png

Rkill.txt

Edited by TesingTester
Link to post
Share on other sites

  • Root Admin

Hello @TesingTester and :welcome:

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Link to post
Share on other sites

Thanks for the reply. I ran the Anti-Rootkit. First time, it found 1 malware and "cleaned" it. It did not tell me to reboot, so I didn't. I ran another scan immediately afterwards and it found nothing. But I still saw the red notification from ESET popping up endlessly. 

I then rebooted, and saw the notification still there. I ran another test and it didn't find anything. Nothing seems to have changed, I still see the notification, the folders in my EHDD still look like shortcuts and I still can't open MBAM (I did not try to run it with Chameleon).

Attached are the logs.

Additional note:

-F: is my external HDD. Everything I have in there in the main folder are folders. All of these folders still look like shortcuts; however, before I ran these scans I noticed my files and sub-folders inside are all intact. The only way I could find them was to search for them specifically. Making hidden files be shown does not work. 

mbar-log-2017-03-28 (17-09-58).txt

mbar-log-2017-03-28 (19-06-37).txt

mbar-log-2017-03-28 (21-22-22).txt

system-log.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.