Jump to content

Infected


Recommended Posts

Hi

MBAM runs with random gobbledygook file output after enumerating registry objects, then terminates before completing.

DeFogger does not reboot PC. And GMER terminates before finishing scan. I am unsure how to access GMER logs.

Here is DDS output:

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by fleamour at 7:38:52 on 2011-07-15

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3199.1899 [GMT 1:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\System32\StikyNot.exe

C:\Users\fleamour\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskhost.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\fleamour\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Crystal Desktop] c:\program files\crystal desktop 3\CDesktop.exe

uRun: [Google Update] "c:\users\fleamour\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

TCP: NameServer = 8.8.4.4 8.8.8.8

TCP: Interfaces\{04AD08EB-4501-48CF-BB47-C20926A76678} : DHCPNameServer = 8.8.4.4 8.8.8.8

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\fleamour\appdata\roaming\mozilla\firefox\profiles\r0nnu1kt.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\users\fleamour\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\users\fleamour\appdata\roaming\mozilla\firefox\profiles\r0nnu1kt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

.

============= SERVICES / DRIVERS ===============

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 37592]

R1 RapportCerberus_28711;RapportCerberus_28711;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\28711\RapportCerberus32_28711.sys [2011-7-11 216752]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

R3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2010-4-7 376160]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-3-20 16472]

S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-3-20 11104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-6 1343400]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-3-3 229376]

.

=============== Created Last 30 ================

.

2011-07-15 06:27:08 -------- d-----w- c:\users\fleamour\appdata\local\ESET

2011-07-15 04:01:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-15 04:01:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 04:01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-15 01:13:41 -------- d-----w- c:\users\fleamour\appdata\local\{48E917FD-65FE-4D1F-BD27-2EB82FF86CF8}

2011-07-14 13:13:16 -------- d-----w- c:\users\fleamour\appdata\local\{344A375B-0AB1-41B1-830B-978877B3EE6C}

2011-07-13 16:51:39 -------- d-----w- c:\users\fleamour\SecurityScans

2011-07-13 16:50:48 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

2011-07-13 16:44:18 -------- d-----w- c:\users\fleamour\appdata\local\{FF9A1E98-2512-4119-8EAD-94ACA4BCC7A8}

2011-07-12 19:58:35 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8a67de1b-d197-4ffe-888f-c618c8768896}\mpengine.dll

2011-07-12 19:54:49 -------- d-----w- c:\users\fleamour\appdata\local\{59658CAE-C2D9-4DB6-9828-7980E64367EF}

2011-07-11 19:05:35 -------- d-----w- c:\program files\ESET

2011-07-11 18:45:04 -------- d-----w- c:\users\fleamour\appdata\local\{CC717ACE-D0EB-4121-A80F-6511CC40320C}

2011-07-05 15:45:29 -------- d-----w- c:\users\fleamour\appdata\local\{764807B2-3CFE-4030-8FA4-F9154C08A26E}

2011-07-04 18:01:57 -------- d-----w- c:\program files\COMODO

2011-07-04 18:01:24 -------- d-----w- c:\programdata\Comodo

2011-07-04 18:00:59 -------- d-----w- c:\programdata\Comodo Downloader

2011-07-04 13:10:28 -------- d-----w- c:\users\fleamour\appdata\local\{A05B776D-1EF9-4436-852B-F63FF4B77EA8}

2011-07-03 15:14:09 -------- d-----w- c:\users\fleamour\appdata\local\{1CADC845-3F69-4FF6-973E-4B9CD3ED17D7}

2011-07-01 15:36:33 -------- d-----w- c:\users\fleamour\appdata\local\Adobe

2011-07-01 15:31:47 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-07-01 15:31:46 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-07-01 15:23:07 -------- d-----w- c:\program files\Tracker Software

2011-07-01 11:17:55 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-07-01 11:17:51 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-07-01 11:17:51 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-07-01 11:17:51 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-07-01 11:17:51 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-07-01 11:17:51 337408 ----a-w- c:\windows\system32\mssph.dll

2011-07-01 11:17:51 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-07-01 11:17:51 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-07-01 11:17:51 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-07-01 11:17:51 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-07-01 11:15:40 -------- d-----w- c:\users\fleamour\appdata\local\{42A4A021-9866-4AFD-9E76-E3AB15AF810A}

2011-06-30 08:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 08:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 08:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll

2011-06-28 12:34:49 -------- d-----w- c:\users\fleamour\appdata\local\{C0995C03-FFB8-4E72-9147-28A1C6A10482}

2011-06-27 14:52:24 -------- d-----w- c:\users\fleamour\appdata\local\{85C9F839-F595-4873-A8F7-4D69861F55E7}

2011-06-26 16:34:55 -------- d-----w- c:\users\fleamour\appdata\local\{B097DEE0-7B31-4D2B-9E40-686C445AFC9F}

2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-06-18 14:21:08 -------- d-----w- c:\users\fleamour\appdata\local\{125446F9-6B61-48F0-9D97-D534F88E9A7A}

2011-06-17 14:58:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-17 14:58:44 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-17 14:58:44 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-06-17 14:55:09 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-17 14:55:09 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-17 14:55:09 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-17 14:55:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-17 14:55:08 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-17 14:55:06 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-17 14:55:05 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-17 14:55:04 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-17 14:55:04 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-17 14:55:04 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-17 14:52:04 -------- d-----w- c:\users\fleamour\appdata\local\{E6321568-9885-4EE6-9516-6CB1DF366BB6}

.

==================== Find3M ====================

.

2011-07-04 18:00:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-04-29 21:50:51 61 ----a-w- C:\Restart Explorer.bat

2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

============= FINISH: 7:39:32.86 ===============

defogger_disable.zip

mbam-log-2011-07-15 (07-35-32).txt

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hello and :welcome:

I think this is rather a problem with the file system than malware, so lets check for that first.

Click Start > All Programs > Accessories, right click on Command Prompt and select Run As Administrator.

Type chkdsk /r and press enter. When asked to schedule the scan for next reboot, please confirm.

Restart your computer and let the disk check run unhindered.

When done, try to rerun MBAM and see if the problem persists.

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I'm running Windows 7 Ultimate. I get these 2 x errors:

[Window Title]

NIRCMD

[Content]

Windows cannot find 'NIRCMD'. Make sure you typed the name correctly, and then try again.

[OK]

[Window Title]

C:\ComboFix\CF6850.cfxxe

[Content]

Windows cannot find 'C:\ComboFix\CF6850.cfxxe'. Make sure you typed the name correctly, and then try again.

[OK]

Please advise.

Link to post
Share on other sites

I do not recommend you to scan your windows installation this way; this will scan the file system, but not also the associated registry entries, which can complicate matters.

The chance that you make things worse by running ESET this way is a lot bigger than by running MBAM from safe mode.

Link to post
Share on other sites

Everything seems OK TBH apart from MBAM scan issue.

My AV found three files in amongst 7's backups, but I think they where potentially unwanted programs.

ComboFix would def not run & as for Rouge Killer my several reboots should've nullified it's effacy.

CHK DSK seems to be running fine on drive (E:) now. It went crazy yesterday & one possible culprit was self replicating malware, which is why I tried MBAM & then panicked when it would not scan (it still wont.)

I am going to try BitDefender's online scan (not sure if they disinfect for free?)

Link to post
Share on other sites

CHK DSK seems to be running fine on drive (E:) now. It went crazy yesterday & one possible culprit was self replicating malware, which is why I tried MBAM & then panicked when it would not scan (it still wont.)
How did you determine that checkdisk "went crazy on self replicating malware"?

The problems you have with MBAM are usually caused by file system problems that are fixed by checkdisk.

Please run MBAM in safe mode, yes.

Link to post
Share on other sites

checkdisk fixing indexes is not an indication of malware. :) Checkdisk does not touch files, it looks at file system integrity and does a surface scan.

It would indeed be a good idea to scan with a WD utility. Please let me know what comes from it.

Link to post
Share on other sites

Good to hear that. What problems do you still have left?

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

It might be because you didn't do a complete scan with ESET (you can configure the Smart Scan in different ways).

When MBAM displays this output, is it possible to pause the scan and take a screenshot? Or does it abort anyway?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.