1
RogueKiller / Re: IRP hooks found by Roguekiller
« on: April 19, 2016, 09:27:07 PM »
Thank you so much for your help! It is greatly appreciated. Now I don't have to worry. 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
RogueKiller / Re: IRP hooks found by Roguekiller
« on: April 19, 2016, 01:06:19 AM »
Thank you!
Yeah my computer did need a restart. I noticed in the log that the fixlist was looking for Combofix, but I had removed it after I used it the first time because that other forum thread suggested deleting it. Should I redownload Combofix and run the fixlist again?
Here's the log for now.
And thanks for the reassurance about the PUM.
Yeah my computer did need a restart. I noticed in the log that the fixlist was looking for Combofix, but I had removed it after I used it the first time because that other forum thread suggested deleting it. Should I redownload Combofix and run the fixlist again?
Here's the log for now.
And thanks for the reassurance about the PUM.
3
RogueKiller / Re: IRP hooks found by Roguekiller
« on: April 18, 2016, 10:27:35 PM »
I ran the Farbar Recovery tool and uploaded the logs.
As it turns out I was running Daemon Tools after all, and after closing it and running Roguekiller again those IRP hooks no longer showed up. However, the PUM on my homepage is still there - I'm still not sure what that is. I'm guessing it's most likely harmless?
As it turns out I was running Daemon Tools after all, and after closing it and running Roguekiller again those IRP hooks no longer showed up. However, the PUM on my homepage is still there - I'm still not sure what that is. I'm guessing it's most likely harmless?
4
RogueKiller / Re: IRP hooks found by Roguekiller
« on: April 18, 2016, 08:21:36 PM »
Thank you very much for your continued help.
This is the removal process I followed: http://www.bleepingcomputer.com/forums/t/509791/dwmexetrojanbitcoinminer-detected-by-malwarebytes/ I'm not the person who made that thread, I just followed the instuctions because it seemed like a similar infection.
As for the original MalwareBytes log, I had to do some digging through old results to find it, as I've done a number of scans with MalwareBytes since and they have all come back clean. The original scan (done on the 7th) found a virus in dwm.exe.
I then used Roguekiller and found more infected files, including mdi064.dll, which I also was able to remove. I included that log from Roguekiller as well.
The only thing things that are still showing up in Roguekiller are the IRP hooks, and MalwareBytes isn't showing any infected files in scans currently.
As for Daemon Tools, I have not recently updated it or reinstalled it or anything like that, and it doesn't appear to be running currently. Do you think that it could still be causing those hooks to show up? BTW the version of Daemon Tools is the 4.47 Lite version.
This is the removal process I followed: http://www.bleepingcomputer.com/forums/t/509791/dwmexetrojanbitcoinminer-detected-by-malwarebytes/ I'm not the person who made that thread, I just followed the instuctions because it seemed like a similar infection.
As for the original MalwareBytes log, I had to do some digging through old results to find it, as I've done a number of scans with MalwareBytes since and they have all come back clean. The original scan (done on the 7th) found a virus in dwm.exe.
I then used Roguekiller and found more infected files, including mdi064.dll, which I also was able to remove. I included that log from Roguekiller as well.
The only thing things that are still showing up in Roguekiller are the IRP hooks, and MalwareBytes isn't showing any infected files in scans currently.
As for Daemon Tools, I have not recently updated it or reinstalled it or anything like that, and it doesn't appear to be running currently. Do you think that it could still be causing those hooks to show up? BTW the version of Daemon Tools is the 4.47 Lite version.
5
RogueKiller / Re: IRP hooks found by Roguekiller
« on: April 18, 2016, 04:45:48 PM »
I use MalwareBytes Anti-Malware Premium for scanning and protection. When I first got infected I believe I removed the dll file with MalwareBytes but I was still getting a lot of CPU slowdown so I googled it and found someone who had the same problem (an infection in mdi064.dll). Someone replied recommending running both Roguekiller and Combofix (which I have used before) and after running both successfully, it seemed the infection was dealt with, aside from that PUM on my homepage. But then on a more recent scan those IRP hooks suddenly appeared (they hadn't been there previously).
I do use DAEMON Tools quite regularly. However I'd had it installed for a long time and only recently found these IRP hooks.
Thank you for moving this to the correct subforum.
I do use DAEMON Tools quite regularly. However I'd had it installed for a long time and only recently found these IRP hooks.
Thank you for moving this to the correct subforum.
6
RogueKiller / IRP hooks found by Roguekiller
« on: April 18, 2016, 03:24:27 AM »
I had an infection that was in a dll file originally - there was a lot of CPU slowdown until I was able to remove it - and since then have had to remove a number of things with Roguekiller. For a time there was nothing else showing up on subsequent scans except a PUM on my homepage that would return immediately on the next scan whenever I removed it. Now I'm getting a number of IRP hooks that are (as documented) not removable. They were not appearing before, which leads me to believe I'm still infected. I do not have the technical know-how to remove them without some advice, so any help would be greatly appreciated. I have attached my latest log as a text file.
Pages: [1]
