Messages

1

Malware removal help / Re: Hidden.ADS infections - gs5sys

« on: November 18, 2016, 01:27:20 AM »

Ok, good to know! Thank again for all your help and for creating Rogie Killer, a fantastic product, and for making it available.

cheers

2

Malware removal help / Re: Hidden.ADS infections - gs5sys

« on: November 16, 2016, 10:25:47 AM »

Hi, I was able to get the RDS.txt file from

more < C:\Users\Client\AppData\Roaming:gs5sy >> %USERPROFILE%\Desktop\ADS.txt

gs5sy was missing letter s to make it gs5sys. No problem, I just added it.   Although before I ran that command into cmd admin I had completed another scan using RK and this time I didn't delete the Hidden.ADS, so that's why maybe now it showed up, Here is the attached file as requested. Hope it helps

Thanks again.

3

Malware removal help / Re: Hidden.ADS infections - gs5sys

« on: November 15, 2016, 09:53:17 PM »

Thank you for your time and energy. Very much appreciated. Looking forward to any solution.

Best regards

4

Malware removal help / Re: Hidden.ADS infections - gs5sys

« on: November 15, 2016, 09:09:05 PM »

Hi,  Bit Defender is turned off because I have Emsisoft running

Zemana is also installed, I turned it off at Start Up, but ZAM shows up in background processes

I runs scans manually with SuperAntispyware, Herd Protect, RK (of course), Junk File removal tool, Eset online scanner, MalwareBytes, ADW cleaner

Thanks

5

Malware removal help / Re: Hidden.ADS infections - gs5sys

« on: November 14, 2016, 11:39:34 PM »

Thanks very much for your reply. I copy-pasted:
 
more < C:\Users\Client\AppData\Roaming:gs5sy >> %USERPROFILE%\Desktop\ADS.txt

into cmd (admin ) but only received this response: The system cannot find the file specified.

6

Malware removal help / Hidden.ADS infections - gs5sys

« on: November 14, 2016, 04:45:08 AM »

Hello, Rogue Killer scans keep coming up with Hidden.ADS infections, even after being deleted. 

My latest RK scan results:

RogueKiller V12.8.0.0 (x64) [Nov  7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Client [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/13/2016 20:41:55 (Duration : 00:24:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 135.19.0.18 70.80.0.66 24.200.0.1 ([Canada][Canada][-])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f5360646-7351-40e3-9350-ddd70472812e} | DhcpNameServer : 135.19.0.18 70.80.0.66 24.200.0.1 ([Canada][Canada][-])  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Hidden.ADS][Stream] C:\Users\Client\AppData\Roaming:gs5sys -> Deleted
[Hidden.ADS][Stream] C:\Users\Client\AppData\Local:gs5sys -> Deleted
[Hidden.ADS][Stream] C:\ProgramData:gs5sys -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A SCSI Disk Device +++++
--- User ---
[MBR] aa4fbfb426fcf5267b120e2e5d8e11d8
[BSP] 143fdc32b0aa50c7e931aecb7d91ff29 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 927815 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1900167168 | Size: 450 MB
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 1901090816 | Size: 25599 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD3202ABYS-01B7A0 +++++
--- User ---
[MBR] 96c730a9420de6f531c48a026eb3890c
[BSP] 6a4cdbb4432ea14b8cbaef9136369d0b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 304207 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Thanks and best regards
 

7

RogueKiller / Re: ==> Proc.Injected <==

« on: November 08, 2016, 02:56:27 AM »

Hi Tigzy,  I have zipped .dmp file from ProcessHacker regarding my repeated Proc.Injected detections by Rogue Killer here is link:
 
http://www.filedropper.com/processhackerexe

Looking forward to your analysis.

Here is report from most recent RK scan ( no longer detects the Proc.Injected processes )

RogueKiller V12.8.0.0 (x64) [Nov  7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Client [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/07/2016 21:01:16 (Duration : 00:22:47)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 135.19.0.18 70.80.0.66 24.200.0.1 ([Canada][Canada][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f5360646-7351-40e3-9350-ddd70472812e} | DhcpNameServer : 135.19.0.18 70.80.0.66 24.200.0.1 ([Canada][Canada][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A SCSI Disk Device +++++
--- User ---
[MBR] aa4fbfb426fcf5267b120e2e5d8e11d8
[BSP] 143fdc32b0aa50c7e931aecb7d91ff29 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 927815 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1900167168 | Size: 450 MB
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 1901090816 | Size: 25599 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD3202ABYS-01B7A0 +++++
--- User ---
[MBR] 96c730a9420de6f531c48a026eb3890c
[BSP] 6a4cdbb4432ea14b8cbaef9136369d0b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 304207 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Best regards
DD