1
Malware removal help / Help with log
« on: September 06, 2017, 03:56:01 AM »
Hi all,
I've had this virus since Sept 2nd. I've tried several programs and not one even Rogue killer can get rid of this one. I select all and then hit remove selected but it comes back immediately.. After deleting the entries all lines say killed except the first line under registry:RUN. It says error [5] The virus seems to block some .exe programs and give me the blue screen once in a while. Please help ...
RogueKiller V12.11.13.0 (x64) [Sep 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Timm129 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/05/2017 19:52:31 (Duration : 00:55:27)
¤¤¤ Processes : 5 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] unixfjd.exe(2356) -- C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3788) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3924) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3636) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(5672) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
¤¤¤ Registry : 3 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | unixfjd : "C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe" -starup [-] -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Timm129\AppData\Local\regtool -> Found
[Tr.GameAssist][Folder] C:\Program Files (x86)\Company\GameAsist -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 6a995915d1e1b3446e7f1d99047829a5
[BSP] 3c6943f7aa496a9511a646613b9069bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
I've had this virus since Sept 2nd. I've tried several programs and not one even Rogue killer can get rid of this one. I select all and then hit remove selected but it comes back immediately.. After deleting the entries all lines say killed except the first line under registry:RUN. It says error [5] The virus seems to block some .exe programs and give me the blue screen once in a while. Please help ...
RogueKiller V12.11.13.0 (x64) [Sep 4 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Timm129 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/05/2017 19:52:31 (Duration : 00:55:27)
¤¤¤ Processes : 5 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] unixfjd.exe(2356) -- C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3788) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3924) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(3636) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
[VT.Adware.Yelloader] utcuini.exe(5672) -- C:\Users\Timm129\AppData\Local\unixfjd\utcuini.exe[-] -> Found
¤¤¤ Registry : 3 ¤¤¤
[VT.TrojanProxy:Win32/Wonknod.A] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | unixfjd : "C:\Users\Timm129\AppData\Local\unixfjd\unixfjd.exe" -starup [-] -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Timm129\AppData\Local\regtool -> Found
[Tr.GameAssist][Folder] C:\Program Files (x86)\Company\GameAsist -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 6a995915d1e1b3446e7f1d99047829a5
[BSP] 3c6943f7aa496a9511a646613b9069bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK