Adlice forum

General Category => Malware removal help => Topic started by: Timm129 on September 06, 2017, 03:56:01 AM

Title: Help with log
Post by: Timm129 on September 06, 2017, 03:56:01 AM

Hi all,
I've had this virus since Sept 2nd.  I've tried several programs and not one even Rogue killer can get rid of this one.  I select all and then hit remove selected but it comes back immediately..  After deleting the entries all lines say killed except the first line under registry:RUN.  It says error [5]   The virus seems to block some .exe programs and give me the blue screen once in a while.  Please help ...



RogueKiller V12.11.13.0 (x64) [Sep  4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Timm129 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/05/2017 19:52:31 (Duration : 00:55:27)

¤¤¤ Processes : 5 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] unixfjd.exe(2356) -- C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3788) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3924) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3636) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(5672) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found

¤¤¤ Registry : 3 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | unixfjd : "C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe" -starup [-] -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Timm129\AppData\Local\regtool -> Found
[Tr.GameAssist][Folder] C:\Program Files (x86)\Company\GameAsist -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 6a995915d1e1b3446e7f1d99047829a5
[BSP] 3c6943f7aa496a9511a646613b9069bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Title: Re: Help with log
Post by: Curson on September 07, 2017, 03:23:33 PM

Hi Timm129,

Welcome to Adlice.com Forum.
Please follow the instruction in shadowwar post (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) and attach MBAR log with your next reply.

Regards.

Note : This thread has been moved to the "Malware removal help" section for clarity.