Messages

1

Malware removal help / Re: Problems return after reboot

« on: May 23, 2016, 08:16:17 PM »

Ran MWB and RogueKiller and came up with nothing at all!

Rather hesitant to connect to the E: drive... should you come up with a modification of your software, please let me know. Do you recommend I delete previous files, .tmp, ,jpg, and others associated with this problem?

Thank you seems insufficient for all the work, and help you've provided, but until better words come to mind, or someone else's mind, THANK YOU!

SystemLook.txt will be attached in a few... I know this has been a PITA for you, and thanks for your patience, kindness, and I think I've said before, the BEST customer service I have ever experienced... Peace!

JP

2

Malware removal help / Re: Problems return after reboot

« on: May 23, 2016, 07:15:58 PM »

After reboot, computer is running slow, and strangly...  (i.e. when trying to log in after FRST suggested reboot, there are 2 pages to enter Comcast mail. It was repeating the 1st step (Welcome to Comcast page) 2 - 3 times, prior to actually enter "mail" that I had clicked on in the 1st page, then same 2nd page, and finally was able to log into my email so I could respond to to you. Right now, I am typing the text, and wait until it actually shows up. Ok, now typing as usual. Ran as you directed, and will attach the file you asked for. While you analyze that, going to run MWB to see if the RootKit.List.MTGen appears.

Thank you again,

JPR

3

Malware removal help / Re: Problems return after reboot

« on: May 23, 2016, 06:00:03 PM »

Thanks... was up until 3:00, and just woke up...

It seems Rootkit.Fileless.MTGEN became active overnight, when I was sleeping. Ran Malwarebytes, it says it is now gone, but no idea what triggered it?

Should I run Fix on FRST or RogueKiller? Will wait until you reply.

Thanks again for all the work you're doing to help! Best customer service I've ever experienced!

JPR

4

Malware removal help / Re: Problems return after reboot

« on: May 23, 2016, 01:25:45 AM »

Here are the results (With new version, thank you!)

Method 1 - No Export
Method 2 - No View, No Export
Method 3 - Settings, History Settings, Export? No Export Log button, although checked.
Method 3a - Manually find Dir. with log, copy newest log to desktop.

MBam- log-201...04-04).xml (xml not included in allowed file types) Will include with .zip file.

Before and after .jpg files for view with new version.

Other files generated by RogueKiller, also attached... changed .tmp generated when I save results to .txt

Thanks again, (and for this, and for that), thanks!!!

JPR

5

Malware removal help / Re: Problems return after reboot

« on: May 22, 2016, 07:05:58 PM »

i'm sorry, my attempt to reply did not work. I will try to zip the HKCR.hiv, then attach the zip file. Again, had to change .tmp to .txt.

Since the most recent time I ran Malwarebytes, was this AM after a forced  reboot (machine had not been shut down for 1 1/2 - 2 days), so please tell me where the report generated is found, and I'll attach it.

Also included is today's RK run, with a 2nd internet explorer affected, as before there was only 1. I could find no files generated after cleaning. Also still working to upgrade present version.

JPR

6

Malware removal help / Re: Problems return after reboot

« on: May 21, 2016, 05:11:29 AM »

This time, ran in safe mode. Ran RogueKiller first, (without driver)  found 15848b, and zipped it to be attached, and a couple others. however, when the system reboots (from Off, as to clear memory) to start, it all returns.

As far as upgrading, I purchased the license for 1 year, and don't want to buy, or extend yet, so what's the problem in trying to upgrade to newer version?

Thanks... will blow up system with Semtex if not fixed by Sunday   

7

Malware removal help / Re: Problems return after reboot

« on: May 20, 2016, 09:48:09 PM »

After a couple of reboots, and finding the problems came back each time, noticed it slows Mozilla Firefox down to a crawl after a short period of time, delaying my attempts to get back to the forum.

I've done everything possible to manually remove errors that return each reboot. I have 5 files to attach.

As the 47 items were on the screen, there was  an attempt to take a file from my system, to upload it to a virus database of some sort, but Malwarebytes blocked it every time. I will try to write down the IP address and try to add that to malwarebytes approved IP addresses.

Also tried to upgrade to a current version, but have problems trying to do such.

8

Malware removal help / Back again... {Sigh}

« on: May 19, 2016, 08:10:35 PM »

 Hi Curson, sorry to return with the "Same old story..." but it's back. After running Anti-Malware, after reboot, this appeared...

 "Cannot export C:\DOCUM~T\Temp/HKCURUNONBU.reg
:Error writing the file. There may be a disk of file system order."

 In a basic dialogue box that had "Ok", again appeared over the 1st box, then normal screen appeared under the 2, just before I clicked on X. Attached are screen shots.

 After many tries, I have yet to find something in both apps to cause it to check E: which is a problem.

 Could you explain what are the steps to take to cause both C: and E: to be scanned at the same time? I am stuck here and can go no further. Can't find anything under both SW programs to even check the E: drive alone. Need extra help here please?

In the AfterRK Run, you'll notice I did not check the box

             Detection                          Type
"Suspicious Path|Vt.unknown | Registry:Run ... as I was concerned the "Type" - Registry Run might make it worse.
If you think there is no damage, I'll run it again (will most likely will HAVE to anyway) after reboot. Attached is rk_1.tmp, and 2 saved screen shots.

Thanks for the advice on PDF-XChange Viewer ... it works GREAT!

Please advise when convenient for you...

Thanks yet again Curson!

(No directory was created as with previous work) Ok, now what? rk_1.tmp. will try to rename file with .txt extension

You cannot upload that type of file. The only allowed extensions are doc, gif, jpg, jpeg, pdf, png,t xt, zip, rar, 7z,log, json(?)

Addition: Anti-Malware continues to find
RootKit.Fileless.MYGen return after reboot, and running Rogue Killer this time nothing showed up, nor create new .tmp file. 

Also, forgot to mention, prior to this new problem, I have address book names, some new, and some old that had been deleted. These are still there, and have tried copying file, then import into "OpenOffice Calc" hoping to be able to edit/delete. The names that show when I forward, reply and any function in E-Mail I never added must be in a different file, that only shows up as mentioned.

I'm guessing when I attached E: (500 GB), and something there  probably caused the virus to return. Will try to redirect scan to both C: and E:, and will let you know what, if anything shows up.

I'll edit after trying this, normal, then safe mode (Unsure if the drivers load needed to run either, or both Anti-MalWare and RogueKiller, and hope for the best. Be back to let you know what happens.

9

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 08:58:52 PM »

That appears to have worked... next is "Hives_NoUsers"

7.27 KB

Ok. that seems to have worked... please email me it you encounter any problems with the files.

Thanks again Curson!

JP

10

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 08:50:41 PM »

If I don't succeed the first time, try, try again 

1.713 KB... what is the limit should this fail?

11

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 08:20:42 PM »

Sorry. you now have 2 "Logs"... how about a "Quarantine.zip" file, then I'll break down the hives.

FYI, Shockwave crashed, and has been doing that for over a week. With virus / trojan gone,Shockwave sucks!

12

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 08:13:48 PM »

Does not look like the Hives.zip or Logs.zip worked, will try smaller sub-dirs...

13

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 08:00:41 PM »

I hope the first zip file went through ok? Here are the "Logs" content. Never mind my question in previous reply, as I did not know I could reply to the same post more than once... (if the first one did not work, then this will be the first and I'll have to split the previous .zip file)

Much like life, this is a continuous growing experience, or a permanent learning curve... 

14

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 05:27:38 AM »

Will try tomorrow after court in order to zip smaller files, as the whole thing just won't upload. I need to shower, and get up in 5 hours. Thanks for everything! Peace,

Attachment file from running RK program, coming out clean... perhaps someday you'll be able to address the hooks?

JP

15

Malware removal help / Re: Problems return after reboot

« on: May 03, 2016, 12:52:53 AM »

After running the PDF-Viewer then install, opened .jpg file, still have... was checking with the drop down menus in PDF-Viewer, went to Tools-Basic Tools - Select Tool allowed the pointer to return.

You're an amazing master of the codes! After working at DEC for !4 years, then PC repair business after the BIG "downsizing" of DEC.  Never have been able to find anything close to what I was doing at DEC, or come close to what I was making, I (barely) get by.

Thanks for the assistance (FAR beyond my expectations!!!) I'll run Rogue Killer to ensure that is clear, and get back to the files, which hopefully will allow me "Grandparent Rights" to see my 2 grandsons I've never seen, and hopefully get to know them, and continue on with the relationship. Also hope to reconcile things with my daughter, who for reasons beyond my imagination, hasn't seen me since 2008 (all her choices, not mine)

Should anything new show up after the running of the RK SW, I'll let you know... otherwise, thanks doesn't seem to be enough for all the support! It's been an amazing experience!!!

Best regards, and God bless you and those you love and care for in ways only He can!

JP