B-Rye Posted November 15, 2017 ID:1183163 Share Posted November 15, 2017 Have a weird issue with my laptop that has not happened before. I do regular scans and have not had a problem before, but I suspect there is something I'm missing. My computer if left alone for a while 15+ will be very slow when I come back to it. Power settings are set to sleep, but sometimes it does not sleep. Folders either do not load on click or when they do it takes a long time a freezes. I am forced to reboot and the startup time has been very long lately. High disk and CPU usage is common. I have scanned multiple times with different software and they both come back clean. (Malewarebytes, Windows Defender). This happens mostly when I am connected to internet via WiFi or Ethernet. If left alone with WiFi turned off or on airplane mode it usually does not happen. I have downloaded sketchy software before so that may be the culprit however I have scanned nearly everything. Here's my system HP 15-n210dx CPU: amd-a8-4555M 1.6Ghz RAM: 6gb System: Windows 8.1 64bit Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2017 ID:1183204 Share Posted November 15, 2017 Hello B-Rye and welcome to Malwarebytes, Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you, Kevin Link to post Share on other sites More sharing options...
B-Rye Posted November 16, 2017 Author ID:1183348 Share Posted November 16, 2017 Thank you for replying. I have done the recommended scan and have attached the results. Addition.txt FRST.txt mwbts.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2017 ID:1183355 Share Posted November 16, 2017 Hello B-Rye, Whilst I check your logs can you do the following and post the result URL... Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Windows\system32\Drivers\abkekxo.sys Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Thanks, Kevin... Link to post Share on other sites More sharing options...
B-Rye Posted November 16, 2017 Author ID:1183497 Share Posted November 16, 2017 Hey Kevin, Here is the URL: https://www.virustotal.com/#/file/48689e617ca4f98dfde1dbd7db56817a56b7447a31cb1a52e19007209b2ee407/detection Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2017 ID:1183530 Share Posted November 16, 2017 (edited) That URL address lists the file name as qgyf.sys the file in question has a different name...? Edited November 16, 2017 by kevinf80 Link to post Share on other sites More sharing options...
B-Rye Posted November 16, 2017 Author ID:1183564 Share Posted November 16, 2017 Yes when I upload it to virustotal.com it's name is qgyf.sys Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2017 ID:1183568 Share Posted November 16, 2017 mmm, very odd. continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Let me see those logs in your reply.... Kevin. fixlist.txt Link to post Share on other sites More sharing options...
B-Rye Posted November 17, 2017 Author ID:1183646 Share Posted November 17, 2017 Finished the scans. The logs are posted. I really appreciate your help. 2017.11.16-18.14.52-i0-t92-d1.txt Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2017 ID:1183694 Share Posted November 17, 2017 Hello B-Rye What is the current status of your system, does it boot up/down ok, any odd or unexpected behaviour. Is your browser behaving as expected, is there any odd behaviour, redirects etc... Thank you, Kevin Link to post Share on other sites More sharing options...
B-Rye Posted November 17, 2017 Author ID:1183871 Share Posted November 17, 2017 No redirects, but there is random hang ups and when the computer is woke from sleeping its pretty much useless and I'm forced to reboot. System restore doesn't complete successfully and there is high cpu usage and disk usage. Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2017 ID:1183902 Share Posted November 17, 2017 ok, thanks for the update, run the following and post the produced log... Download RogueKiller and save it on your desktop, ensure to download correct version..RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the delete option until i`ve had a look at the log.. Thanks, Kevin Link to post Share on other sites More sharing options...
B-Rye Posted November 17, 2017 Author ID:1184007 Share Posted November 17, 2017 Hey Kevinf80, Here's the logs from the scan. Thanks -B-Rye RG.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 18, 2017 ID:1184023 Share Posted November 18, 2017 Run RogueKiller again Wait for the scan to complete On completion, the results will be displayed Checkmark all found entries then click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply.... Next, Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop. Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1/10 right click, select "Run as Administrator" accept UAC. The EULA will open, accept that to move on... The tool will check for updates/latest version The GUI will open, select "Scan for Risks" Rootkit scan alert will open, select "Restart" Rootkit scan preparations will time out and Reboot the system. Tool will will restart and check for update, do nothing. System scan will start, do nothing. If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool. To remove "found entries" the system will need to restart, select that option. If applicable select "Locate Log" attach to reply. Select "Done" when complete.... Let me see those logs, also let me know if there are any remaining issues or concerns... Thank you, Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185341 Share Posted November 21, 2017 any progress....? Link to post Share on other sites More sharing options...
kevinf80 Posted November 22, 2017 ID:1185826 Share Posted November 22, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts