Jump to content

GMER

handyman53

By handyman53
in Resolved Malware Removal Logs

 Share

Recommended Posts

handyman53

handyman53

Posted
Posted

I have Windows 7 Ultimate 64 bit on a Lenovo Thinkcentre. I have recently noticed some dtrange activity on my computer. I'm listing them below:

1. All of the sudden the "This version of Windows is not genuine" in the bottom tight hand corner of the dedktop.

2. My computer has become very slow and there are times when I cannot open some applications.

3. I have been seeing a strange process listed ad aurehxi.exe *32. It is listed many times in a row in task manager. There was also an item named svklrzc.

I called Microsoft and a very nice woman walked me through the Genuine Windows fix by assigning me another Windows key and making a few changes on my pc remotely. Now the "This copy of Windows is not genuine" is back. I have done a full system scan with AVG Antivirus and it found nothing. I also did a scan with Malwarebytes with a root scan and same results. But when I ran GMER it found two abnormalities and I have attached the log file below. Can anyone help me?

Thank you in advance.

log2.log

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello handyman53 and welcome to Malwarebytes,

One entry in GMER belongs to Malwarebytes (System32\Drivers\mbamswissarmy.sys), the other is malicious, (system32\drivers\tindgknq.sys) Do you have a fashdrive to run FRST from via the Recovery Environment..

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thanks,

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Boot back to Normal Windows, I want you to make a fresh install of Malwarebytes as follows:

Totally Remove Malwarebytes from your system:

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..

If applicable, backup your Malwarebytes license key information and deactivate the product.

Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step

To deactivate Malwarebytes:

Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes...
 
  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system
To re-install Malwarebytes:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/
 
  • Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....
  • When the install completes and is updated do the following:
  • Open Malwarebytes, select > "settings" > "protection tab"
  • Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
  • Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin

 

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

Hello handyman53,

You ran the first scan with FRST via the Recovery Environment, FRST tool was loaded on a Flashdrive. The "fix" I gave you also had to be used in the Recovery Environment, it too would have been loaded to same flashdrive. The fix was a file named fixlist.txt When the fix was used it would have produced a log fixlog.txt That log would have been saved to the Flashdrive..

Thank you,

Kevin

Edited by kevinf80
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.