Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Curson

Pages: [1] 2 3 ... 138
1
Hi terpy,

We are going to check your system for rootkits.
  • Please download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



  • Check Loaded Modules and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.



  • Click Start Scan and allow the scan process to run.
    If threats are detected select Skip for all of them unless I instruct you otherwise.
  • Click Continue



  • Click Reboot computer
Please attach the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\) in your next reply.

Regards.

2
Hi terpy,

Don't worry about it.
How is your system running now ?

Regards.

3
Hi terpy,

Welcome to Adlice.com Forum.
Let's begin by answering your questions.
Quote
Upon reviewing them myself, the last two entries in the installed programs section in the additions.txt seem pretty suspect, with them being in other characters.
These are Russian and Chinese Language Packs for Visual Studio. If you don't need them, you can uninstall them.

Quote
Any idea why Avast is still showing up in my security center, even though I uninstalled it quite a while ago? It's not listed in the installed programs section and Revo Uninstaller can't find it either, so I'm not sure what data is still on my PC from them.
It seems Avast Uninstaller did not remove all of Avast items. We will manually remove it with the fixlist below.

Quote
I'm unsure of what the first account listed under "accounts" on the additions.txt file is or when it was even created.
It seems it was generated randomly. It will also be taken care with the fixlist.

Quote
In the FRST.txt drivers section, I'm not entirely sure how the CYREN Inc. drivers got there.
They are part of Iolo System Mechanic.

Quote
Same as above but with the GrdKey (Aktiv Co.) and netfilter2 entries
The first one is an USB Dongle Device Driver, the second one is a leftover and will be removed.

Please uninstall Spybot - Search & Destroy 2.
It's not effective anymore and can conflit with BitDefender and/or ZAM.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Regards.

4
Diag / Re: Using Diag and wanting to remove a PUP
« on: August 04, 2018, 07:12:31 pm »
Hi misterbean,

You are very welcome.
Thanks for your feedback.

Regards.

5
Malware removal help / Re: Continued False Positive
« on: August 04, 2018, 07:11:45 pm »
Hi Pkshadow,

Thanks for your feedback.
You are very welcome.

Regards.

6
Malware removal help / Re: Continued False Positive
« on: August 04, 2018, 02:22:48 am »
Hi Pkshadow,

We need to retrieve more information.
Please follow the following process :
  • Download Process Explorer (x64) and save it to your desktop.
  • Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
  • Locate the process named firefox.exe, do a right click on it and select Create Dump > Create Full Dump...
  • Save the dump on your desktop and compress it.
  • Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.
Regards.

7
Diag / Re: Using Diag and wanting to remove a PUP
« on: August 03, 2018, 12:31:29 pm »
Hi misterbean,

Welcome to Adlice.com Forum.
For the time being, Dia is not able to remove items from past reports (History section). Please do a new scan and you will then be able to remove the items you want (Scan section).

Regards.

Note : This thread has been moved to the "Diag" section for clarity.

8
Malware removal help / Re: Continued False Positive
« on: August 03, 2018, 12:21:55 pm »
Hi Pkshadow,

Welcome to Adlice.com Forum.
Could you please clear Firefox Cache, then redo a scan and check if the detection is still present ?

Regards.

9
RogueKiller / Re: Proc.RunPE???!!!
« on: August 03, 2018, 12:15:51 pm »
Hi tienchien1,

Thanks for your feedback.
This is a false positive. We will fix it as soon as possible.

Regards.

10
Hi farnhold,

You are very welcome.
I'm glad I was able to help you.  :)

Have a nice day.

11
Hi farnhold,

You are very welcome.
RogueKiller V12.12.29 will be released tomorrow and will contain the fix.

Regards.

12
Hi farnhold,

You are welcome. To answer your questions :

1) No, it's really unlikely this IP was assigned to you by your ISP.
2) That's hard to say, but I don't think so since this address is not present in malware analysis databases.

Regard.

13
Hi farnhold,

Sorry, it was a busy week.
This IP address was linked to a company called Norasia in the past. In case you did know this name, it may be that you used their DNS sever at some point. Since, that's not it, I can't really explain why this IP was assigned to your network interface.

The IP now points to nothing, so there is nothing malicious going on.
Please don't hesitate to report back if RogueKiller detects it again.

Regards.

14
Hi farnhold,

Thanks.
This IP does not seems to be in use anymore. Is the name "Norasia" familiar to to you ?

Regards.

15
Hi farnhold,

Welcome to Adlice.com Forum and thanks for your feedback.
This is indeed a false positive. We will whitelist this detection as soon as possible.

As for the PUM.DNS detection, this was also likely a false positive. For more information, please refer to RogueKiller Documentation.

Regards.

Pages: [1] 2 3 ... 138