Jump to content

Malware Conhost.exe

heliton

By heliton
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

nasdaq

nasdaq

Posted
Posted

Hi,

My fix failed.

Please download and use the Fixlist.txt I have attached to my previous post.

Delete the one you created before move the attached file to the Farbar folder.

Run Farbar and click the Fix button when done.

Post the fixlog.txt and let me know if the problem persists.

 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Are these files still on the hard drive.

C:\Windows\Temp\conhost.exe => movido com sucesso


C:\Windows\Help\lsmosee.exe => movido com sucesso

If yes please run the Farbar program and post a fresh FRST.TXT log for my review.

This time I would like to also see a fresh Addition.txt log.
You will need to make sure that the box to create an Addition.txt is check 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted (edited)

Hi,
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Let me know if the problem persists.

fixlist.txt

 

If the problem persists:

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
conhost.exe
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====
 

Edited by nasdaq
Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Restart the computer normally. 

How is it now?

 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Any one else compromised on that Server?

Can you contact the Administrator?

===

Run these two cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator 
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Lets find out what these run keys will show.

Download the Sustemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :reg 
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /sub
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


===
Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Strange.

From the Start > Run box.

Type Regedit.exe in the box, click the OK button.
This will open the Registry.

Navigate to this key.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Highlight the key and on the Menu click the File Menu
Select Export.
Save the file as My_Run.reg

Attach the file for my review.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.