Adlice forum

General Category => Malware removal help => Topic started by: woofer on November 09, 2017, 05:50:04 pm

Title: I am heavily infectived of a nasty virus cant remove
Post by: woofer on November 09, 2017, 05:50:04 pm
I received this back from support and was advised to list here my log to see if someone can help.  Thanks in advance.

Hi Jack,

Your computer is infected by a nasty malware.
Could you please open a new thread in the Malware Removal section of our forum: https://forum.adlice.com/index.php?board=5.0 and attach RogueKiller log with your message ?

Regards.

Ticket: https://adlice.freshdesk.com/helpdesk/tickets/3161
On Thu, 9 Nov at 5:33 PM , Jdbdenby <jdbdenby@gmail.com> wrote:
It keeps showing the same threats but never removes them.
 
RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : jdbde [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/09/2017 10:52:32 (Duration : 00:32:34)
 
Processes : 7
[VT.Unknown] IntelAudioService.exe(4560) -- C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe[7] -> Killed [TermProc]
[Suspicious.Path] upmwlrk.exe(9692) -- C:\Users\jdbde\AppData\Local\upmwlrk\upmwlrk.exe[Suspicious.Path] sbcmtnv.exe(10812) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe[Suspicious.Path] sbcmtnv.exe(3228) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe[Suspicious.Path] sbcmtnv.exe(10548) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe[Suspicious.Path] sbcmtnv.exe(10652) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe[Suspicious.Path] sbcmtnv.exe(6928) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
 
Registry : 0
 
Tasks : 0
 
Files : 0
 
WMI : 0
 
Hosts File : 0
 
Antirootkit : 0 (Driver: Loaded)
 
Web browsers : 0
 
MBR Check :
+++++ PhysicalDrive0: SAMSUNG MZFLV512HCJH-000MV +++++
--- User ---
[MBR] 8a8f0d0964f232a36a3f9403e7e56551
[BSP] 88913fd1a0c19de0265a0c33bfd00c34 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 487094 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 998367232 | Size: 902 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
Title: Re: I am heavily infectived of a nasty virus cant remove
Post by: Curson on November 09, 2017, 11:09:56 pm
Hi woofer,

Thanks for supporting our product and welcome to Adlice.com forum.
You are indeed infected by the SmartService rootkit.

Please follow the instruction in shadowwar post (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) and attach MBAR log with your next reply.

Regards.