Jump to content

Possibly infected files


Recommended Posts

I have thought for sometime my system was infected but only recently did I find other topics covering register keys and files that contain "8wekyb3d8bbwe".  I read on bleepingcomputer a person being helped.  Will you help me determine if my computer has malware, virus or other nasty programs taking control?  I have other devices that I'm sure are infected also.  I'll wait to address those after my desktop is clean.  For some background, in April this year I tried to get help but my computer was not cooperating.  For your reference link.tweakbit is the topic. It was closes and I tried sending a Private Message but I believe I did something wrong or  it never made it back to Malwarebytes

I will not change anything on my system until I hear back.

Thank you

Christine Smith

Link to post
Share on other sites

I ran the Threat scan (no rootkits) the report said nothing found.  There have been 31 real-time protection detections.  There is one exploit report and 10 website blocks from outbound connections.  The other 20 or so detections there no reports.

Attached is the FRST and Addition reports.  While installing  Farbar Recovery Scan Tool I received two errors.  I attached pictures for your review.

FRST.txt

Addition.txt

NoHives.PNG

FRST failed update (1).png

Edited by CRFarm
Link to post
Share on other sites

I received a error to write.  I had to download to and extract to desktop.  The first download would not run an fthe dates for similar to today's date not 2017.  Please see attached picture.

Sketch.jpg

Edited by CRFarm
needed to add that I used the second file to get it to run
Link to post
Share on other sites

  • Root Admin

Please follow the directions below to get into Windows 10 Safe Mode at a Command Prompt

If needed, here is another link with 7 ways to boot into Safe Mode in Windows 10

Please print out these instructions, or view them from another computer.

On the affected computer please log off by right click over the Start button and select Log Off.

Then, at the Login screen press and hold the shift key on the keyboard and click the power button on screen and select Restart. Do not let go of the Shift key until it reboots

01_sign_on_screen.jpg

After the Restart it will come up with a screen as shown below. Click on the Troubleshoot button.

02_click_troubleshoot.jpg

Then you'll have another menu like below. Click on the Advanced options button.

03_click_advanced_option.jpg

Now click on the Command Prompt button

04_click_command_prompt.jpg

You should probably see a screen similar to below, getting the command prompt ready.

05_preparing_command_prompt.jpg

Select your Account

06_choose_an_admin_level_account.jpg

Type in your Password

07_type_in_your_password.jpg

Now, type in NOTEPAD and press the Enter key

08_type_in_notepad.jpg

Click File - Open inside of Notepad to see what drive Windows is on.

09_click_file_open.jpg

10_click_this_pc.jpg

11_select_biggest_disk.jpg

12_verify_windows_disk.jpg

Now type in CHKDSK  ? /R  {make sure you use your disk letter, which may be ? or E: etc.}

13_issue_disk_check_command.jpg

The disk check should run and look similar to below. From this Safe Mode the drive cannot be locked and should not ask for any reboot. It should just run like shown below.

14_disk_check_in_progress.jpg

 

Once that has completed restart the computer into Normal Mode and run the following.

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Thank you

Ron

 

 

Link to post
Share on other sites

I tried to post yesterday and received the "too many connections - try again later" error for this site.  Tried again, got in, wrote up the reply (without copying) hit submit and lost everything. ? 

Good moring,

Hope you enjoyed yesterday. 

On Sunday 06/17/2018 In reading the chkdsk instructions I saw nothing about attaching any report from the chkdsk run. Here is an overview ?  Took over 4 hrs. to run.  Then last line said it didn't load to the report for status 50. No file name for the report. I copied the entire cmd run from the cmd screen and saved it to notepad in safe mode and now I can not locate file.

Left safe mode to enter normal mode using the instruction on Windows 10.  Hooked up my bluetooth speaker (don't have standard speakers) and received blue screen error "not equal or less to"  and system rebooted to normal mode.  Hooked up bluetooth speaker and watched video.  Disabled network adapters to the internet and followed instructions for security changes.  Windows Defender would not allow me to turn off Core Isolation Memory integrity.  Ran TDSSKiller per the video. Immediately received error "Cant initialize log" click okay and program ran.  I selected modules computer rebooted.  Selected the items in the second have of the screen (per the video.)  Tried loading the picture of threats, twice, both times failed. Now file is missing on my computer. 

Monday 06/18/2018

Attached cmd notepad copy of chkdsk and picture of TDSSKiller.

Thank you and I'll check back for any next steps.

Christine

notepad.txt

NoTDSSKillerReport.png

Link to post
Share on other sites

  • Root Admin

That is correct. The disk check is unable to write the entry back to the Event Logs because it's running from another operating system.

Please go ahead and run a new FRST set of logs for me.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.