Jump to content

Assist request


Recommended Posts

I am a long time user of MBAM and I resell licenses. One of my customers has brought their computer in due to an infection. MBAM does not detect any infections yet the Protection Module is constantly blocking attempts to access malicious websites. There was an issue with a rogue proxy being installed on the localhost using a port in the 5000 range. I removed the proxy from IE8 and recovered the ability to surf the Internet and update MBAM. Still, all scans return nothing yet this Website blocking still happens (even when the computer is idle). I have used RootRepeal and HijackThis to check for rootkits but found nothing suspicious. I installed Security Task manager and found nothing out of the ordinary. I am at my wits end concerning this and will likely be forced to wipe the drive and re-install Windows but thought I would check the forums before taking that drastic last step. Any help anyone can post would be appreciated.

Link to post
Share on other sites

Hi ghowriter if you want help with removing a clients computer of malware please post a topic asking for help in the hijack this part of the forums and you will get help from a helper

Thanks for the response and information. If ever I need assistance removing malware from a computer I will look to the that section for the help needed. I guess I can assume that no one will respond to the question in this forum. I cannot see what difference it makes where I post the question but each forum has its own rules about such things and I apologize for breaking yours.

Still, if anyone wants to post some suggestions without actually helping, it would be appreciated. This way no rules are broken.

Link to post
Share on other sites

I would suggest Kaspersky Virus Removal Tool. I would suggest downloading from another PC and transporting the .exe file with a Thumb Drive or CD.

You can download it from here: Kaspersky Virus Removal Tool

From there, install the removal tool by double clicking on the executable. Once it has installed, the removal tool will popup. It may take a few seconds.

From there, click on "Recommended" to the right of Security Level. Then click settings from that menu.

Then, go to the "Additional" tab.

1. Drag the bar for Heuristic Analysis to Medium Scan.

2. Check the box for Deep Rootkit Scan

3. Check the box that says "I agree to participate in Kaspersky Security Network".

Click ok.

Then click Start Scan to run a quick scan. Report back any malware that is found.

Link to post
Share on other sites

I would suggest Kaspersky Virus Removal Tool. I would suggest downloading from another PC and transporting the .exe file with a Thumb Drive or CD.

You can download it from here: Kaspersky Virus Removal Tool

From there, install the removal tool by double clicking on the executable. Once it has installed, the removal tool will popup. It may take a few seconds.

From there, click on "Recommended" to the right of Security Level. Then click settings from that menu.

Then, go to the "Additional" tab.

1. Drag the bar for Heuristic Analysis to Medium Scan.

2. Check the box for Deep Rootkit Scan

3. Check the box that says "I agree to participate in Kaspersky Security Network".

Click ok.

Then click Start Scan to run a quick scan. Report back any malware that is found.

Found Rootkit.Win32.TDSS.d, appears to have cleaned the infection. Will wait and see if MBAM continues to block sites called up by this virus.

Thanks for the info. Adding this tool to my collection.

Link to post
Share on other sites

Yes, it seems to be able to get rid of the rootkit that seems to be pretty new. Also another thing I would do is disable NIS for the time being and install Microsoft Security Essentials. Make sure it is updated, and then run a Full Scan on the machine and let us know of the results. For me, this also finds another rootkit. The Alueron.H rootkit infection.

Also, is the issue still occuring?

Link to post
Share on other sites

Hello ghowriter ,Welcome

Please contact Corporate @ malwarebytes as this is a comercial venture - Assistance is available there -

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :D

@ malware destroyer - Also please note company referals need to go to this site -

@ Alex computer - (I would suggest Xaspersky Xirus Xemoval Xool.XXX)This may only remove parts of the infection -

Without accurate logs we are only making assumptions on the rest of their system -

We don't work on Malware removal or diagnostics in the general forums - This area is to add very general advice or to direct to experts for help -

Link to post
Share on other sites

Yes, it seems to be able to get rid of the rootkit that seems to be pretty new. Also another thing I would do is disable NIS for the time being and install Microsoft Security Essentials. Make sure it is updated, and then run a Full Scan on the machine and let us know of the results. For me, this also finds another rootkit. The Alueron.H rootkit infection.

Also, is the issue still occuring?

After letting the system sit overnight, there is no sign of the virus. Thanks.

Link to post
Share on other sites

I normally use Microsoft Security Essentials, but it will not install in NIS is installed on the same computer - even if NIS is disabled. The customer has over a year left on their subscription and I sent the scan results from the Kaspersky scanner to NIS, but they aren't ready to change out NIS.

Again, thanks for the help. I wil be sure to post any future requests in the proper section.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.