teo_zakeruga Posted July 24, 2018 ID:1258695 Share Posted July 24, 2018 For a couple of days now my PC has had high disk usage and I thought it was because everything was updating since I haven't used it in a while due to this summer program..but just a few minutes ago my computer bluescreened and Avast said something like it protected me from one of the GiantCrab variants of ransomware or something, not sure if it was just one of the random general messages it says. I ran Malwarebytes a couple of days ago and everything came up clean minus the two PUP's from my brother's profile I was planning on deleting. I think I might somehow have a Rootkit but I haven't downloaded anything weird recently or gone on any weird websites. Can anyone check my logs? FRST.txt Addition.txt Link to post Share on other sites More sharing options...
teo_zakeruga Posted July 25, 2018 Author ID:1258847 Share Posted July 25, 2018 To add more info, the BSOD error was "driver_irql_not_less_or_equal" but the last time I've manually did something driver related was updating my graphics card like early last month. The last time I've actually gotten a blue screen was a few years ago and they were always Watchdog Violations iirc. Also, Avast said that the GandCrab variant that tried to load onto came from a payload (I couldn't get the Avast notification to come back up), but I'm not sure if it's a false positive since my computer was just in the middle of getting all my usual programs to start up and even though my PC says that it's connected to the internet, it usually takes a while to actually do so, and Chrome wasn't fully open yet. Other than my disk usage being consistently 100% (it went down a couple of times) for the past couple of times that I've used my computer (the suspects when observing Task Manager were usually Avast, Malwarebytes [I figured out the main reason was because when it upgraded to the trial premium version, it was scanning everyday instead of once a month but even after changing it, it was pretty high], or the System) but the main suspicious thing that happened recently was when I was playing League of Legends, Malwarebytes suddenly disabled all of its shields one of the times that the game froze (90% sure the game crashing wasn't because of my computer because other people are having the same problem). If Avast wasn't showing a false positive, I'm very confused as to how Ransomware would've gotten on my system and why it would've tried to activate when my computer was just starting up instead of the last time I used my computer. Link to post Share on other sites More sharing options...
teo_zakeruga Posted July 25, 2018 Author ID:1258849 Share Posted July 25, 2018 (edited) Don't know why it double posted.. Edited July 25, 2018 by teo_zakeruga Double post, I didn't do it. Link to post Share on other sites More sharing options...
nasdaq Posted July 25, 2018 ID:1258874 Share Posted July 25, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Error: (07/24/2018 04:54:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WerFault.exe, version: 6.3.9600.17415, time stamp: 0x54503815 Error: (07/24/2018 04:53:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ZeroConfigService.exe, version: 17.0.5.0, time stamp: 0x5387ee07 Faulting module name: MurocApi.dll, version: 17.0.5.0, time stamp: 0x5387ed02 Read about the werfault-exe program.https://www.drivereasy.com/knowledge/fix-werfault-exe-application-error/ I suspect that the MurocApi.dll may be outdated. Download this tool and run it. It may be what you are looking for. You can update your drivers automatically with either the FREE or the Pro version of Driver Easy. But with the Pro version it takes just 2 clicks (and you get full support and a 30-day money back guarantee): 1) Download and install Driver Easy. 2) Run Driver Easy and click Scan Now button. Driver Easy will then scan your computer and detect any problem drivers. Keep me posted. p.s. There are other recommendations on the link which you can try. fixlist.txt Link to post Share on other sites More sharing options...
teo_zakeruga Posted July 25, 2018 Author ID:1258930 Share Posted July 25, 2018 I'll try to download and run the software your recommended and run the FixList ASAP. If I can't do it tonight, I'll try to do it on Saturday unless I have the time tomorrow or Friday (I probably won't). If I don't reply by Saturday, please don't close the thread, it'll most likely mean that this program will be keeping me busier than I expected this weekend. In the meantime, do you think Avast's notification about it stopping GandCrab from running after my PC blue screened was a false positive or do would you need more information to determine so? I didn't see anything new in the virus chest after the pop-up came up, just all of the false positives from over the years that I haven't bothered to whitelist. Link to post Share on other sites More sharing options...
nasdaq Posted July 26, 2018 ID:1259067 Share Posted July 26, 2018 Take your time I will be here. Avast may be working well and you got notified. If that is the case you can disable these notifications. https://blog.avast.com/2015/01/22/do-not-disturb-how-to-disable-sound-and-pop-up-notifications/ Link to post Share on other sites More sharing options...
teo_zakeruga Posted July 27, 2018 Author ID:1259220 Share Posted July 27, 2018 Ran the program you suggested, wasn't really surprised to see a lot of out of date Intel Drivers. Since the free version of the program updates them pretty slowly and I don't really have much time, I'll try running Intel's driver updater to manually update them once I get back home next week since the drivers on MSI's website are really old. Fixlog attached below, and I redownloaded the extensions that I actually used (adblockers and Avast's site rating) after it ran since the FixList deleted all of my Chrome extensions, haven't checked Firefox yet, I probably won't be anytime soon since I only use Firefox to download large files. Fixlog.txt Link to post Share on other sites More sharing options...
nasdaq Posted July 27, 2018 ID:1259349 Share Posted July 27, 2018 No problems keep me posted. Link to post Share on other sites More sharing options...
teo_zakeruga Posted July 30, 2018 Author ID:1259996 Share Posted July 30, 2018 Just an update, updated 1 of the 3 Intel drivers so far and there hasn't been a blue screen yet. I will update the other two soon. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2018 Root Admin ID:1261004 Share Posted August 2, 2018 Hello @teo_zakeruga Following up to see if all is okay now or if you still need help. Please post a status update Thank you Ron Link to post Share on other sites More sharing options...
teo_zakeruga Posted August 2, 2018 Author ID:1261107 Share Posted August 2, 2018 I think everything is okay now. Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2018 Root Admin ID:1261179 Share Posted August 2, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts