Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - themetallikid

Pages: 1 [2]
16
Malware removal help / Re: Proxy Virus - need help eliminating
« on: August 14, 2019, 03:37:26 am »
yes, this worked.  YAY!!  lol.....

just in case it didnt attach right, here is what is listed



C: C:\WINDOWS C:\Users\theme

17
Malware removal help / Re: Proxy Virus - need help eliminating
« on: August 14, 2019, 02:18:03 am »
I clicked your link, a program downloaded/installed/ran....to my untrained eyes, it looked like it was scanning ports/processes??  no?

after it finished, I closed/opened (as admin) cmd.exe....again copied/pasted the command you gave using both methods (select link and copy/paste with mouse)...

here is what I get....I dont see a file on the desktop like you suggest....

Microsoft Windows [Version 10.0.18362.267]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>

18
Malware removal help / Re: Proxy Virus - need help eliminating
« on: August 14, 2019, 12:53:46 am »
took me a minute to find how to do that...I'm not completely illiterate, but win 10 moves some functions and never had to do that yet.  I did open it as administrator and noticed the beginning of the prompt had changed, lol.....I found the cmd program in the start menu, right clicked>more>run as administrator

however, I get the same result:

C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

The first was my highlighting/copying/pasting, the 2nd was using that little link that copies directly. 

19
Malware removal help / Re: Proxy Virus - need help eliminating
« on: August 13, 2019, 08:19:26 pm »
ok, stopped home on lunch....

this is what I copied and the result:

C:\Users\theme>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

20
Malware removal help / Proxy Virus - need help eliminating
« on: August 13, 2019, 01:14:26 pm »
Ok...so I've paid for the minimal version of Rogue killer as I couldnt exterminate it otherwise...still no help.  Downloaded Adaware and Malwarebytes and Ucheck...and no luck.  Adaware and Malwarebytes do not detect anything.  RK detects 3 things, it cleans them then they return. 

I've tried going into the registry to deactivate the Proxy (change 1 to 0) and also deleting the one entry and disabling things that look not 'right' to me based upon online research...but still no luck after a reboot....IT RETURNS!!!   I've tried doing the cmd prompt to see what is listening on 8080, and I get an error when doing that (I'm not really trained so Im assuming its something that I'm doing wrong....maybe?)

Anyway, I reran the scan in RK, here is the log from that.  I'd really like to get this cleaned up as its not causing 'harm' necessarily, but it is a pain in the ass cause its affecting my internet connections and speed.  I started noticing it when I switched internet carriers, though not sure how/why that would be linked....

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug  9 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : theme [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/12 23:07:49 (Duration : 01:30:45)

いいいいいいいいいいいい Processes いいいいいいいいいいいい

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> R5 - Proxy
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- http=localhost:64550;https=localhost:64550 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 1http=localhost:64550;https=localhost:64550 -> Found

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい

いいいいいいいいいいいい Files いいいいいいいいいいいい

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

Pages: 1 [2]