Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 236dave

Pages: [1]
1
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 30, 2015, 10:14:17 AM »
Hi Curson,
I successfully installed the 'Intel Chipset Device Software' and then tried installing from your link on post #20, but it failed again with the same error, see attached.
Dave

2
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 29, 2015, 08:23:08 PM »
Hi Curson,

I've just purchased the Premium version :)
Which is in appreciation of your continued support!
& this software that is spotting problems that my paid Malwarebytes is not.

btw I tried the new link but still no joy, see attached screen prints.
Regards
Dave



3
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 28, 2015, 12:57:38 AM »
Hi Curson,
Laptop is still running fine with no return of my original problem.

I followed your instructions:
ie,
Copied and pasted the code into command prompt - see screen print attached
also
uninstalled existing Intel RST, but new installation failed - see screen print attached

Thanks for the continued support.
Dave

4
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 27, 2015, 08:07:45 PM »
Hi Curson,
I saved fixlist.txt to my desktop, where I have FRST64, is this what you meant by they must be in the same location?

I then opened FRST64 and ran a scan, before hitting the Fix button.

The fixlist.txt then disappeared from my desktop?

So far the problem hasn't reappeared, and Ive been using my laptop for a few hours now.
It would normally return after about 1/2hr usage.

There are still a few queries (pic attached), such as:
Internet histogram in tray shows a yellow dot, instead of white reception strength bars (its been this way for a few weeks)
Intel RST is not running.

But my laptop is running much quieter and quicker, so a big thanks to you!

btw - To answer your question, I have not been helped in another forum, its only been yourself who has helped me.

I have also attached the Fixlog.txt that you asked for.
Regards
Dave


5
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 24, 2015, 07:48:32 PM »
Hi Curson,
Followed your instructions, and attached the logs.
The FRST64 stalled a few times, ie it displayed (not responding), but then continued to run.
The logs had too many characters to cut and paste, so I have attached zip files.
Hope you can help.
Dave

6
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 23, 2015, 08:56:12 PM »
Hi Curson,
I'm a bit puzzled, how will whitelisting help?

I still have the original problem, where extra iexplorer pages (normally ads) are being opened up in the background, which slows up my laptop.

How do I get rid of this problem?
Thanks for helping.
Dave

7
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 22, 2015, 11:35:05 PM »
Hi Curson,
Good to hear there was nothing malicious found.
Excuse my ignorance, but am I right in thinking by whitelisting the injection, it will be automatically blocked by Roguekiller?

Thanks for your efforts, I would like to purchase your premium version.
Is it now safe to make the financial transaction on my laptop.
I have been reluctant to make any financial transactions with the problem Ive had.
Could you give an estimate of when the whitelist will be introduced.
Thanks
Dave

8
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 15, 2015, 08:15:35 PM »
Thanks Curson!

Your help is much appreciated.

Dave

9
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 15, 2015, 12:51:49 AM »
Hi Curson,

Hope you get the chance to look at my previous post with the attachments.
Its now near bed time over here in the uk, but I will check in tomorrow after work.
All the best.
Dave

10
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 14, 2015, 12:28:44 AM »
Hi Curson,

Sorry I'll try again.
I am now getting another iexplorer running in the background, it shows up in the Applications tab of task manager.
I have found two different instances of iexplore in procexp, so I have attched links to both, the 2nd one I renamed iexplore2:
https://drive.google.com/file/d/0B3HVkdtL-bK7WjVRTS13dFExYnM/view?usp=sharing
https://drive.google.com/file/d/0B3HVkdtL-bK7ZmZSbkljNE5fQUk/view?usp=sharing
Hope this helps.
Dave

11
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 13, 2015, 08:57:23 PM »
Hi Curson

Followed your instructions, and here here the link to the dump file.
https://drive.google.com/file/d/0B3HVkdtL-bK7NG1rSF9Nd1lQYlU/view?usp=sharing

Thanks
Dave

12
Malware removal help / Re: Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 13, 2015, 07:35:45 PM »
Hi Curson,

Before seeing your reply I found this thread http://forum.adlice.com/index.php?topic=273.0 and downloaded Processhacker, where I terminated the iexplorer.exe process tree, which was giving the background iexplorer pages. Task manager shows that they are no longer running, for now anyway.

I then saw your reply and followed the instructions.
Here is the latest report run with Roguekiller(x64):
Hope you can help.
Thanks
Dave

RogueKiller V10.5.9.0 (x64) [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dave [Administrator]
Started from : C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TSJTDUW\RogueKillerX64.exe
Mode : Delete -- Date : 04/13/2015  18:22:16

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] (SVC) RapportCerberus_43926 -- \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys[7] -> ERROR [41c]

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RapportCerberus_43926 (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RapportCerberus_43926 (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RapportCerberus_43926 (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys) -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 9c50ca4918e89af5c43423daea0b5f77
[BSP] 450a4243d6e193ea8fdc87af2a3def53 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700789 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1435625472 | Size: 14312 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04092015_172117.log - RKreport_DEL_04092015_172439.log - RKreport_SCN_04102015_000703.log - RKreport_DEL_04102015_002419.log
RKreport_SCN_04102015_152317.log - RKreport_DEL_04102015_153400.log - RKreport_SCN_04112015_003307.log - RKreport_DEL_04112015_003408.log
RKreport_SCN_04112015_113057.log - RKreport_DEL_04112015_113843.log - RKreport_DEL_04112015_113906.log - RKreport_SCN_04112015_121327.log
RKreport_DEL_04112015_123147.log - RKreport_SCN_04122015_085229.log - RKreport_DEL_04122015_085909.log - RKreport_SCN_04122015_092810.log
RKreport_SCN_04122015_203612.log - RKreport_SCN_04132015_002004.log - RKreport_DEL_04132015_083301.log - RKreport_SCN_04132015_091040.log
RKreport_DEL_04132015_091115.log - RKreport_SCN_04132015_115021.log - RKreport_DEL_04132015_115123.log - RKreport_SCN_04132015_181016.log

13
Malware removal help / Proc Infected - iexplorer.exe - Keeps returning - Please Help!
« on: April 13, 2015, 01:17:55 PM »
Hi,
I have a HP laptop running Windows 7 and ask for help in getting rid of Malware.

I have run Roguekiller several times, but the problem keeps returning.
I have read the article http://www.adlice.com/userland-rootkits-part-1-iat-hooks/ which I was direced to after one of the scans, but I am not a computer techie, and would like a simple laymans guide on how to get rid of this problem.

I have saved the last Roguekiller report if thats any help?  (see below)

Can someone please help me?
It would be much appreciated.
Thanks
Dave

RogueKiller V10.5.9.0 [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dave [Administrator]
Started from : C:\Users\Dave\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/13/2015  11:51:23

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] iexplore.exe(8464) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Suspicious.Path] (SVC) RapportCerberus_43926 -- \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys[7] -> ERROR [41c]

¤¤¤ Registry : 2 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RapportCerberus_43926 (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RapportCerberus_43926 (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys) -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 9c50ca4918e89af5c43423daea0b5f77
[BSP] 450a4243d6e193ea8fdc87af2a3def53 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04092015_172117.log - RKreport_DEL_04092015_172439.log - RKreport_SCN_04102015_000703.log - RKreport_DEL_04102015_002419.log
RKreport_SCN_04102015_152317.log - RKreport_DEL_04102015_153400.log - RKreport_SCN_04112015_003307.log - RKreport_DEL_04112015_003408.log
RKreport_SCN_04112015_113057.log - RKreport_DEL_04112015_113843.log - RKreport_DEL_04112015_113906.log - RKreport_SCN_04112015_121327.log
RKreport_DEL_04112015_123147.log - RKreport_SCN_04122015_085229.log - RKreport_DEL_04122015_085909.log - RKreport_SCN_04122015_092810.log
RKreport_SCN_04122015_203612.log - RKreport_SCN_04132015_002004.log - RKreport_DEL_04132015_083301.log - RKreport_SCN_04132015_091040.log
RKreport_DEL_04132015_091115.log - RKreport_SCN_04132015_115021.log

Pages: [1]