Adlice forum
Software feedback => RogueKiller => Topic started by: attackofbobs on February 24, 2015, 07:22:45 PM
-
Hi Guys,
I was wondering if you could help me. I use Internet Explorer (I know don't judge me) and I recently started to get the error saying that everything I download contains a virus and has therefore been deleted.
After several different anti-virus scans and a Malwarebytes Anti-Malware scan to no avail I had a look on the internet and it looks like I may have a ZeroAccess rootkit. Because of this I tried changing the registry key values as well as some of the settings within Internet Explorer but this didn't help.
Looking through some online forums has therefore lead me to using RogueKiller which has picked up quite a few files in the AntiRootkit tab. As suggested from a separate post I have also conducted a Kaspersky TDSS Killer scan with 'Check Loaded Modules' and 'Detect TDLFS file system' checked within the preferences option. However this also gave me a clean scan.
At this point I've pretty much used up all my knowledge in this area and would greatly appreciate any help you may be able to give me. I've attached the log from my latest RogueKiller scan.
Thanks,
James
-
Hi James,
Welcome to Adlice.com Forum!
Could you please copy here the full message your antivirus is giving you ?
Please download (using another browser) TCPView (http://live.sysinternals.com/Tcpview.exe), then open it.
Locate the column "Local Port" and copy/paste the line that has the value 55486 (you can sort the column) in your next reply.
Regards.
-
Hi Curson,
Thanks for getting back to me so quickly. Im just running a full scan again now so will post when it is done. I've downloaded and run TCPView but have been unable to locate the local port 55486, it just jumps from 54xxx to 57xxx.
Thanks again,
James
-
I've just completed the scan and all it says is the amount of files it has scanned and the fact that no infections have been found.... :/
-
Hi attackofbobs,
Please restart RogueKiller and remove the following entries :
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55486;https=127.0.0.1:55486
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55486;https=127.0.0.1:55486
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55486;https=127.0.0.1:55486
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:55486;https=127.0.0.1:55486
Please post the report obtained in your next reply.
How is the computer running now ?
Regards.
-
Hi Curson,
I've deleted those entries from within RogueKiller and have attached the report.
My computer seems to be running fine in general expect for some reason I cant download files within Chrome any more.
Thanks for all your help though,
James
-
Hi James,
Your report is clean.
Regarding the issue your are experiencing with Chrome, could you please follow this procedure (https://support.google.com/chrome/answer/3296214?hl=en) and tell me if this helps ?
Regards.
-
Hi Curson,
Thanks for all your help in this. I've reset the settings within both IE and Chrome but I still cant download any files. I'm really confused, is there still a chance that I could have a rootkit but it not being picked up in either RogueKiller or other anti-malware software?
Thanks,
James
-
HI Curson,
I think Ive got the problem solved now. I had a thought that it may of been my anti virus software that was causing the issue even though it didn't do anything if I temporarily disabled it. So I uninstalled it completely and went back to my normally default antivirus software, Avast, and the problem has completely gone away, at least for the time being anyway.
Thanks for all your help though mate, its been greatly appreciated.
James
-
Hi James,
You are welcome.
I am pleased to hear that the issue is now solved.
Out of curiosity, which antivirus sotware was causing this behaviour ?
If you have anymore questions, feel free to ask.
Regards.
-
HI Curson,
I was using a version of Microsoft Security Essentials that they gave me free in work. Apparently there's a glitch or something where it thinks it replaces Microsoft Defender but leaves some of the files behind which IE etc. still try to use to scan the downloads. Im not really sure to be honest I'm just glad everything's back working again. It just shows that once you've found an Antivirus you like you should just stick with it.
Thanks again for everything though mate,
James
-
Hi James,
Thanks for letting me know.
I'm glad I was able to help you. :)
All the best.