Messages

2296

RogueKiller / Re: Translations!

« on: January 11, 2015, 01:08:43 am »

Good evening greysmouth,

Thank you for your contribution. It will be updated on next release.

Regards.

2297

RogueKiller / Re: I have no skills please read these for me

« on: January 08, 2015, 04:49:06 pm »

Hi,

Did you install PAExec on purpose ? If that's not the case, you should uninstall it.
Please delete the following entry :

[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

2298

Malware removal help / Re: What should I do ?

« on: January 08, 2015, 04:39:19 pm »

Hello flemanour,

[Suspicious.Path] explorer.exe(4668) -- C:\Users\FLM.DOMMCA\AppData\Local\StartIsBack\StartIsBack64.dll[-] -> Déchargé(e)

This module is legit. It is related to StartIsBack software.

Are the problems you described on your first post still present ?

Regards.

2299

Malware removal help / Re: Strange Rootkit Detections, Help Please

« on: January 07, 2015, 03:07:23 pm »

Hello Firedark142,

Welcome to Adlice.com Forum.
These drivers are indeed legit. They will be whitelisted in the next release of RogueKiller.

Regards.

2300

Malware removal help / Re: getting redirected all the time

« on: January 06, 2015, 04:42:31 pm »

Hi,

RogueKiller has not detected any malware.
We need to investigate this more thoroughly.

1. Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
  

• Click on Update Now to download the current database definitions, then click the Scan Now button.
  If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  

The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

To complete any actions taken you will be prompted to restart your computer...click on Yes.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.

After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the scan log information (Method 1) :

• Open Malwarebytes Anti-Malware.
• Click the History Tab at the top and select Application Logs.
  
• Select the box next to Scan Log. Choose the most current scan.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the scan log information (Method 2) :

• Open Malwarebytes Anti-Malware.
• Click the Scan Tab at the top.
  
• Click the View detailed log link on the right.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:

• -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
• -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

2. OTL

Please download OTL by OldTimer and save the file to your desktop.

• Double-click on the setup file (OTL.exe)and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.

Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Regards.

2301

RogueKiller / Re: Blue Screen Error

« on: January 06, 2015, 04:34:41 pm »

Hello Lucas.Berg2000, Tigzy,

There are many reasons why a crash dump could not be produced.
Please read "If crash dumps are not written out" and verifies that none of the points listed in the section does not apply to you.
I hope this will help you.

Regards.

2302

RogueKiller / Re: Anti-rookit results? Unsure what to do with these

« on: January 06, 2015, 04:23:57 pm »

Hi KOTARE, Tigzy,

Many thanks for the tip Tigzy, I wasn't aware of this behaviour.

The driver is legit and will be whitelisted in a next release of RogueKiller.

Regards.

2303

RogueKiller / Re: Examine my RogueKiller logs please!

« on: January 06, 2015, 04:18:11 pm »

Hi GreatAntiMalwareTool,

Glad to hear your problems are now solved.
The error you encontered is not very serious but will surely be adressed. If the registry entry is gone after a rescan
this means that it has clearly been removed.

Regards.

2304

RogueKiller / Re: Need help for scan report items

« on: January 06, 2015, 04:08:24 pm »

Hi darthdoull, GreatAntiMalwareTool,

I have forwarded your suggestion to Tigzy. It will be reviewed and eventually added in a future version of RogueKiller.

Many thanks for your contribution.
Regards.

2305

RogueKiller / Re: Examine my RogueKiller logs please!

« on: January 05, 2015, 02:51:04 pm »

Hi GreatAntiMalwareTool,
Welcome to Adlice.com Forum.

Did you ran RogueKiller because you believe your computer to be infected ?
Are you using a proxy on purpose ? If that's not the case, you can remove the following entries :

[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 192.168.24.2:8080  -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-21-682003330-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 192.168.24.2:8080  -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 192.168.24.2:8080  -> Not selected

MBR Check : Error reading LL2 MBR! ([1] Incorrect function. )
What does it mean? Is anything wrong?

This line indicates that RogueKiller was unable to read the MBR within your hardrive because of some reason.
In my opinion, there is nothing to worry about.

Regards.

2306

Malware removal help / Re: help help help!

« on: January 05, 2015, 01:56:13 pm »

Hi NoobNeedsHelp, Tigzy,

RogueKiller has not detected any malware and the logs of Avast you provided are not helping us either.
We need to investigate this more thoroughly.

1. Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
  

• Click on Update Now to download the current database definitions, then click the Scan Now button.
  If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  

The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

To complete any actions taken you will be prompted to restart your computer...click on Yes.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.

After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the scan log information (Method 1) :

• Open Malwarebytes Anti-Malware.
• Click the History Tab at the top and select Application Logs.
  
• Select the box next to Scan Log. Choose the most current scan.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the scan log information (Method 2) :

• Open Malwarebytes Anti-Malware.
• Click the Scan Tab at the top.
  
• Click the View detailed log link on the right.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:

• -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
• -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

2. OTL

Please download OTL by OldTimer and save the file to your desktop.

• Double-click on the setup file (OTL.exe)and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.

Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Regards.

2307

Malware removal help / Re: help help help!

« on: January 04, 2015, 04:32:58 pm »

Hi NoobNeedsHelp,

At first sight, the MBR dump seems alright.

I just noticed you are using an outdated version of RogueKiller.
Please download the latest version HERE, redo a full scan and paste the content of the log file in your next post.

Regards.

2308

Malware removal help / Re: clean or no clean

« on: January 04, 2015, 04:13:55 pm »

Hi olivierdulac8,

This is a DNS hijacker.
Please follow the following process as closely as possible.

1. Router disinfection / securisation

There is a possibility your router to be compromised. Such malware scan the network to find routers with weak/default passwords or firmware vulnerabilities and change their DNS settings.
Please follow these instruction to hard reset your router and update it.

2. Please delete the following registry entries

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D22CC4A4-7C77-4A45-BB71-62EF2B9D53D2} | DhcpNameServer : 40.20.1.201 40.20.1.202 [UNITED STATES (US)][UNITED STATES (US)]  -> Trouvé(e)

Eventually, I strongly advise you to change your passwords and be especially warry of unauthorized transactions if you use online banking since there is a probability your passwords may have been stolen.

Regards.

2309

RogueKiller / Re: Anti-rookit results? Unsure what to do with these

« on: January 04, 2015, 03:14:25 am »

Hi KOTARE,

Could you try to attach the file on your next post ? If you do so, I will upload it to VT myself.

Regards.

2310

Malware removal help / Re: help help help!

« on: January 04, 2015, 01:39:47 am »

Hello NoobNeedsHelp,

Welcome to Adlice.com Forum.
Could you please post Avast's log ? It could potentially help us locating the infection.

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

Note : This thread has been moved to the "Malware removal help" section for clarity.