Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Curson

Pages: 1 ... 170 171 [172]
2566
Malware removal help / Re: help help help!
« on: January 05, 2015, 01:56:13 pm »
Hi NoobNeedsHelp, Tigzy,

RogueKiller has not detected any malware and the logs of Avast you provided are not helping us either.
We need to investigate this more thoroughly.

1. Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
  • Click on Update Now to download the current database definitions, then click the Scan Now button.
    If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

To complete any actions taken you will be prompted to restart your computer...click on Yes.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.

After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the scan log information (Method 1) :
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select the box next to Scan Log. Choose the most current scan.
  • Click the Export button and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the scan log information (Method 2) :
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click the Export button and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
  • -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
  • -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
2. OTL

Please download OTL by OldTimer and save the file to your desktop.
  • Double-click on the setup file (OTL.exe)and select Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Regards.

2567
Malware removal help / Re: help help help!
« on: January 04, 2015, 04:32:58 pm »
Hi NoobNeedsHelp,

At first sight, the MBR dump seems alright.

I just noticed you are using an outdated version of RogueKiller.
Please download the latest version HERE, redo a full scan and paste the content of the log file in your next post.

Regards.

2568
Malware removal help / Re: clean or no clean
« on: January 04, 2015, 04:13:55 pm »
Hi olivierdulac8,

This is a DNS hijacker.
Please follow the following process as closely as possible.

1. Router disinfection / securisation

There is a possibility your router to be compromised. Such malware scan the network to find routers with weak/default passwords or firmware vulnerabilities and change their DNS settings.
Please follow these instruction to hard reset your router and update it.

2. Please delete the following registry entries
Quote
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)

Eventually, I strongly advise you to change your passwords and be especially warry of unauthorized transactions if you use online banking since there is a probability your passwords may have been stolen.

Regards.

2569
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 04, 2015, 03:14:25 am »
Hi KOTARE,

Could you try to attach the file on your next post ? If you do so, I will upload it to VT myself.

Regards.

2570
Malware removal help / Re: help help help!
« on: January 04, 2015, 01:39:47 am »
Hello NoobNeedsHelp,

Welcome to Adlice.com Forum.
Could you please post Avast's log ? It could potentially help us locating the infection.

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

Note : This thread has been moved to the "Malware removal help" section for clarity.

2571
Malware removal help / Re: clean or no clean
« on: January 04, 2015, 01:21:25 am »
Hi olivierdulac8,

Do you live in the United States ?
I ask this because some DNS entries in your log are associated with "Eli Lilly and Company", which is dubious.

The AntiRootkit module detected some IRP hooks performed by the legitimate driver Wof.sys. That's totally harmless.
If you want more information about it, please read KernelMode rootkits: Part 2, IRP hooks.

Regards.

2572
Malware removal help / Re: clean or no clean
« on: January 04, 2015, 01:03:31 am »
Hi olivierdulac8,

This thread is locked as duplicate.
Please continue here.

Regards.

2573
RogueKiller / Re: Anti-rookit results? Unsure what to do with these
« on: January 04, 2015, 12:52:50 am »
Hi KOTARE,

Could you please explain as clearly as possible what problems you encountered ?
Please follow the following process to analyse the file.

1. Show Hidden Files and Folders

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  •     Hide extensions for known file types
  •     Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

2. Upload a file

Go to VirusTotal
When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.
Code: [Select]
C:\Windows\system32\DRIVERS\o2mdgx64.sys
If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.

Regards.

2574
RogueKiller / Re: Translations!
« on: January 02, 2015, 01:15:40 pm »
Greeting XtremeZ and welcome to Adlice.

Thank you for your contribution. It will be added in the next release.

Regards.

2575
General Discussion / Re: Introduce yourself
« on: January 02, 2015, 01:00:10 pm »
Hello everyone,

My name is Curson. Starting today, I will jointly be working with Tigzy, answering your questions and helping you using RogueKiller.

--------------------------------------------------

Bonjour à tous,

Mon nom est Curson. A partir d'aujourd'hui, je travaillerai conjointement avec Tigzy pour répondre à vos questions et vous aider dans l'utilisation de RogueKiller.

Pages: 1 ... 170 171 [172]