Jump to content

Recommended Posts

I use Sandboxie on my machine to browse a little carelessly on the Internet. Today, all of a sudden, Sandboxie started requesting Administrator privileges on behalf of some program, even though there were no programs installed inside the sandbox. I did not grant the request and deleted the contents of the sandbox, whereupon the dialog boxes requesting Admin stopped popping up. I think this might mean that some malicious code landed inside the sandbox from the internet, and I'm not so sure that it did not infect my computer as well. I tried to run GMER, but it stops abruptly while scanning, which makes me fear that I have a rootkit which is harder to detect.

Please suggest some good malware and rootkit scanners so I can ensure my computer is clean.

Share this post


Link to post
Share on other sites

Here are the Farber Scan Logs. I noticed something in the Addition.txt file, it shows Quick Heal Firewall enabled; however, I uninstalled Quick Heal ages ago and when I go to my Windows Security Center it shows that Windows Defender Firewall is on, like it should be. Is Quick Heal not totally gone from my system yet? :( If so, please help me uninstall it fully and turn Windows Defender on.

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Hello @RayRay26

Sorry for the delay. Let me have you  run the following please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Ron

 

 

Share this post


Link to post
Share on other sites

Hello,

Ran into some problems while running the Fixlist. First of all,  when the tool finished scanning and prompted for a restart, I just clicked the OK button and it restarted on its own. I hope that's what you meant when you said restart the system normally. After the restart, the tool did not run again, as you said it would, which makes me think I did something wrong?

Secondly, my internet was gone after the restart, and I had to configure the IP settings again for it to work, and during that process, I stupidly turned the network profile from Public to Private. I have switched it back to Public now, I hope I wasn't vulnerable when the network discovery was turned Private as I have heard it's bad for network security if you are not connecting to another computer for file sharing.

Third, I saw a lot of document names in the Fixlog with Removed successfully written after them; I hope it was not a document deletion process? I seem to have the files on my computer still, just wanted to confirm.

I truly seemed to have botched up the fix process, but here is the Fixlog that was created.

 

Fixlog.txt

Share this post


Link to post
Share on other sites

The files were not removed. They had what is called an Alternate Data Stream. It can have a valid use but that is rarely the case. Most users don't even know about them so when found I typically remove them as malware can also use them to try to hide. It is basically just a small bit of text added to files.

How is the computer running now?
Are there any obvious issues that you still need help with?

The current log looks good

Ron

 

 

Share this post


Link to post
Share on other sites

Hi again,

Oh, good to hear that. I mainly have two concerns left. One is, I noticed something in the Addition.txt file, it shows Quick Heal Firewall enabled; however, I uninstalled Quick Heal ages ago and when I go to my Windows Security Center it shows that Windows Defender Firewall is on, like it should be. Is Quick Heal not totally gone from my system yet? :( If so, please help me uninstall it fully and turn Windows Defender Firewall on. Though my computer shows that it's already on. Why this disparity in the Addition.txt file?

And secondly, for peace of my mind, I would really like to use a rootkit scanner once on the system, to double-check. The computer is still a bit sluggish, and GMER doesn't run. I have been wanting to run MBAR, but I don't know the exact process it goes, so if you could kindly assist me with it, I would finally be sure that my computer is clean. 

Thanks a lot for all your help.

 

 

Share this post


Link to post
Share on other sites

Okay, go ahead and run MBAR following the instructions from the following topic. Once done we'll look at the entry for the firewall issue.

 

Share this post


Link to post
Share on other sites

Should I back up my data before running MBAR? Sorry for the late reply.

The computer has been very sluggish these days, with Chrome and even Malwarebytes freezing up every now and then. It's frustrating. Is there any reason this could be happening, if the malware logs are clean?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.