Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Heantrad

Pages: 1 ... 5 6 [7]
91
RogueKiller / Re: svchost.exe process and a bunch of PUM
« on: July 14, 2015, 10:44:18 pm »
I don't know anything about that ISP thing, can you explain me all the things I should do?

92
First of all, sorry for my bad english.

A while ago, Adwcleaner detected a registry error related to a Proxy server, I delete it, I cleaned the registry with CCleaner, did a full scan with MalwareBytes, SuperAntiSpyware and Microsoft Security Essentials and they detected some viruses, but nothing related to the Proxy.
I tried everything I could to fix it, but it was impossible, it reapeared everytimes I turned on the PC, however, some guys who knew about informatic told me that it was probably a false positive, so I forgot about it.

A pair of days ago, I entered AZLyrics (dumb choice from my part) and beause those types of sites have bad reputation, I asked on Reddit if that place was dangerous, luckily it seems that only the adds contained malware, and AdBlock Plus blocked it.
However, I runned all those scans I mentioned before (except the full Microsoft Security Essentials scan, because 6 hours of scan is too much) and I used RKill this time too, but, none of them detected nothing (except AdwCleaner and the Proxy thing).

So, I decided to try RogueKiller, because TroneScript uses it in it's scans, and it detected the proxy problem from AdwCleaner but much bigger.
Obviously, I runned every scan again (complete Microsoft Security Essentials scan included), and none of them detected anything again (except AdwCleaner), so I clean the registry with RogueKiller, and it seems to work, however it doesn't detect the "PorxyOverride <-loopback>" thing, but I decide to ignore it.
Everything seems fixed, but the next day, all of that appears again, with a svchost.exe process included, I clean all of that, cleaned the registry again with AdwCleaner and checked every svchost process with the task administrator (every of them was from System32 folder)

I don't know what else to do, I'm in danger or it's just a false positive?
I have some reports, but I'll leave the one which detected all the problems at once:

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/14/2015 10:32:31

¤¤¤ Procesos : 1 ¤¤¤
[Proc.Svchost] svchost.exe(3452) --
  • -> Eliminado [TermThr]


¤¤¤ Registro : 10 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

If you need some more information or I forgot to explain something, tell me and I'll reply the fastest I can.
Edit: also, I know I'm running an 32 bit version of RogueKiller, but is because I use a 32 bit version of the OS and I don't have the installation disk for Windows 7 (I borrowed it from a guy I know).
Thanks.

Pages: 1 ... 5 6 [7]