Jump to content

Trojan.Malpack keep coming back


Recommended Posts

  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

Thanks for the update, I want to run another fix with FRST this will export services list from Current Control Set and CCS 001. May take several minutes to complete. Let me see the produced log..

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

It will take me awhile to go through the latest log, can you run the following:

Download PowerTool and save to your Desktop, ensure to get the correct version:

PowerTool for 64-bit systems >> https://malwarebytes.box.com/s/vnp2jdko58ww33bxabbm8zu9764u0tlh

PowerTool for 32-bit systems >> https://malwarebytes.box.com/s/f0bsa1nuzjv994neyzbtrti1au0s98yx

Please follow the instructions below:

Right click on user posted image PowerTool, Select "Run as Administrator"

Windows 8/8.1/10 users may see the following, if so select "More Info"

user posted image

In the next Window select "Run Anyway"

user posted image

Initially click on sq image to enlarge window to full screen (As shown in the image below)
Now click on Kernel tab (No. 1 on the image below)
Then click on Kernel Notify Routine (No. 2 on the image below)
Also click on Path so you sort the list by name (No. 3 on the image below)

user posted image

Right click anywhere on listed items under path (No. 4 on the image above) and select Export.

user posted image

Save exported file to your Desktop, zip up that file and attach to your reply....

user posted image user posted image

Thank you,
Link to post
Share on other sites

Run PowerTool one more time, again select the following as you did previously:

  • Kernel tab
  • Kernel Notify Routine
  • Path

From the list underneath Path Right click on each of the following files shown in the attached image (71674659.sys) and select "Remove Notify" Confirm with Yes. One of them maybe impossible to remove, just ignore that one.....

Next,

Run Malwarebytes, quarantine C:\WINDOWS\SYSWOW64\SSDP32.DLL if found

Next,

Run TDSSKiller, any services found..?

power.JPG

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Lets see if we make any progress....

 

fixlist.txt

Link to post
Share on other sites

"C:\Windows\system32\49762999.sys" => not found
"C:\Windows\system32\05343525.sys" => not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\05343525 => not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\49762999 => not found
C:\WINDOWS\SYSWOW64\SSDP32.DLL => moved successfully
"C:\82ace7d6-0197-474d-bf4b-a2043e72329b" => not found

If you were wondering, no, I didn't delete anything yet.

Link to post
Share on other sites

Lets see if we can create that file again... Reboot your PC, then run FRST fix. If the file is present FRST will zip it up and save to the same place FRST is run from...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.