Jump to content

multiple malicious IPs blocked even after ComboFix did it's job


simlat
 Share

Recommended Posts

  • 3 weeks later...
  • 2 weeks later...

Thank you so much for getting back to me.

Yes, I still need help.

After I cleaned my computer with ComboFix, I am constantly experiencing CPU usage spikes while downloading files (I am not talking about torrent-relating downloading, just anything that gets downloaded through Firefox).

Can you help?

Thank you in advance.

Hi and welcome to Malwarebytes.

Do you still need help?

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

What version of Firefox are you running?

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Link to post
Share on other sites

  • Staff

Hi,

The CPU spikes may be coming from FreeDownloadManager loading every time a file is downloaded. To troubleshoot, uninstall it from Add or Remove Programs, restart your computer, then download a file in Firefox. See if the CPU usage still spikes.

After that, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you.

1. i uninstalled the free download manager. The problem persists: during any download with any browser or while any audio/video streaming DPCs are at 40% CPU usage

here are the logs:

ComboFix 10-03-28.01 - simlat 03/28/2010 16:30:35.5.2 - x86

Microsoft

Link to post
Share on other sites

  • Staff

Hi,

Is it firefox.exe that is spiking in CPU usage?

Also, all of your protection software has been disabled through MSConfig. Please re-enable your protection, otherwise you are incredibly vulnerable to infection.

Also, you are running too many anti-malware programs in my opinion. You have MBAM, SuperAntiSpyware, Trojan Remover, Spybot- Search and Destroy, TrojanHunter, AntiTrojan Elite and Windows Defender. This is very dangerous, as multiple antimalware applications can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one of those programs.

My personal recommendation would be to remove all of them except for MBAM, and upgrading MBAM to the PRO version, which would increase your protection level drastically.

Next, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

rseb

fmfdisk

HOONFTJP

JakNDisMP

ATE_PROCMON

KILALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

F-Secure scan hasn't found anything malicious.

The problem persists - high CPU usage during any download with any browser.

At least now I know - this is not malware - thank to your help.

Security check log follows:

Results of screen317's Security Check version 0.99.2

Windows Vista Service Pack 1 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

GTrends SE 1.7.3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 18

Java SE Runtime Environment 6 Update 1

Adobe Flash Player 10

Adobe Reader 9.3

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected

Internet/Proxy?)

``````````End of Log````````````

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I followed your instructions.

The spikes are gone but.... only when the malwarebytes IP protection gets disabled!!

I can't believe it!

Anyway, the log follows (for some reason it says the java is outdated but i swear i installed the latest version)

Results of screen317's Security Check version 0.99.2

Windows Vista Service Pack 2 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 19

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9.3

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Comodo Firewall cmdagent.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Hi,

My apologies for the delay.

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • Staff

Hi simlat,

Thanks for the information.

Anyway, the log follows (for some reason it says the java is outdated but i swear i installed the latest version)
Don't worry, your Java is up to date; I need to update my program though to detect it correctly. :)

Please also re-enable UAC; having it disabled leaves you more vulnerable to infection.

The spikes are gone but.... only when the malwarebytes IP protection gets disabled!!
That is very interesting. I will bring it up with the developers and see what they have to say.
Link to post
Share on other sites

  • Staff

Hi,

I have received word from our developers that this issue will be fixed in version 1.46! :)

So when it comes out, please update and confirm that it was fixed. Until then, you can temporarily pause the IP protection while downloading files.

Let me know if there is anything else you need.

Link to post
Share on other sites

Thank you so much for your wonderful help!

Hi,

I have received word from our developers that this issue will be fixed in version 1.46! :)

So when it comes out, please update and confirm that it was fixed. Until then, you can temporarily pause the IP protection while downloading files.

Let me know if there is anything else you need.

Link to post
Share on other sites

  • Staff

You're very welcome. :)

Before you go, navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Aside from that, you should be good to go, pending the 1.46 release.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.