Adlice forum

General Category => Malware removal help => Topic started by: RKuser on November 14, 2015, 08:03:17 PM

Title: Request help to review scan results
Post by: RKuser on November 14, 2015, 08:03:17 PM

I just scanned my system and just wanted you to review the attached txt file for sanity sake.  I am experiencing high CPU usage and trying to pinpoint the issue.  I suspect VSE as the culprit but maybe something else is going too.  Thanks in advance for your time.

Title: Re: Request help to review scan results
Post by: RKuser on November 14, 2015, 08:45:33 PM

I forgot to mention that I also had local area network connection issues (not connecting to the local ISP and creating new network connections on its own) and have found out under TCP/IPv4 properties the DNS address is configured to route via CyberGhost servers.  I had removed the s/w and tried re-configuring to automatically get the address (i.e. DHCP) but it keeps reverting back to their IP's in DE & USA.  I found you on the internet (Google) thru a Malwarebytes thread.  I decided to follow the procedure outlined by MB and suggestion to pass along the file for review.  I am a first time user of your software and not at the sys admin level either.  I'm using a student version of Server 2008 R2 and the server is used from home.  Any help is appreciated.  Thanks again. 

Title: Re: Request help to review scan results
Post by: Curson on November 16, 2015, 06:47:32 PM

Hi RKuser,

The detection of McAfee VirusScan Enterprise is a false positive which will be fixed in RogueKiller next release.

Please uninstall CyberGhost software.
Then launch the command prompt windows (cmd) with admin rights and copy/paste the following command :

Code: [Select]

ipconfig /flushdns && netsh winsock reset all && netsh int ip reset %USERPROFILE%\Desktop\Resetlog.log"
Please reboot the computer then attach the file Resetlog.log in your next reply.

Regards.

Title: Re: Request help to review scan results
Post by: RKuser on November 17, 2015, 02:56:57 PM

Hello Curson,

I manually remove the reminents of CyberGhost 5 from the registry.  I tried to flush the DNS from the cmd prompt using your script but I was denied access and been trying to figure it out.  I have attached a screenshot for you.  Any ideas?  I've seen some threads in regards to UAC causing an issue for other Windows OS versions.  Thanks.

Title: Re: Request help to review scan results
Post by: RKuser on November 17, 2015, 06:30:28 PM

Hi Curson,

It looks like it was blocked by the VSE access protection, once I shut it off I was able to do the dns flush script you provided except did not get the reset log.  I searched for it all over the place.  Afterwards I went back into the IPv4 ipconfig settings and it still had it pointing to the CG dns servers.  I was able to change it too so now I have DHCP running right.  Of particular note I tried to do a flush after turning back on the access protection and had no issues running a flush...?  Anyways thanks for your time and appreciate your help!

Title: Re: Request help to review scan results
Post by: Curson on November 17, 2015, 06:49:04 PM

Hi RKuser,

Quote from: RKuser

[...]did not get the reset log

I made a mistake in the script which caused the issue about the log. Sorry about that.
Anyway, the fix itself seems to have worked.

Quote from: RKuser

Anyways thanks for your time and appreciate your help!

You are very welcome. :)

Regards.