Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
IAT Hook
« previous
next »
Print
Pages: [
1
]
Author
Topic: IAT Hook (Read 11819 times)
0 Members and 1 Guest are viewing this topic.
September 25, 2015, 05:27:34 AM
neophyte
Newbie
Offline
7
Reputation:
0
IAT Hook
«
on:
September 25, 2015, 05:27:34 AM »
There is some form of malware--possibly virus--affecting my computer. Maybe an hour ago I went on Amazon.com, clicked on a product and a weird tab opened up trying to sell me something. Last night I used all the programs listed on this reddit forum
https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/
Apparently, they couldn't get everything. I just ran RogueKiller and it seemed to pick up an unidentified IAT Hook, but I don't know how to make heads or tails of it. I was hoping someone might be able to help me. If there isn't malware or virus here do you have any idea of what I might try next?
Thanks!
«
Last Edit: October 06, 2015, 03:58:14 AM by neophyte
»
Logged
Reply #1
September 28, 2015, 04:50:16 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #1 on:
September 28, 2015, 04:50:16 PM »
Hi neophyte,
Welcome to Adlice.com Forum.
Could you please copy/paste Malwarebytes report in your next reply ?
The report you posted was generated with the 32 bits version of RogueKiller.
Please download
RogueKiller (64 bits version)
, redo a full scan and post the report obtained in your next reply.
Regards.
Logged
Reply #2
September 30, 2015, 07:28:40 PM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #2 on:
September 30, 2015, 07:28:40 PM »
I'm pretty sure I still have some malware. The moment I clicked on reply another tab randomly opneded. It had a blue screen and told me that I had a virus or something. Ugh
I attached it in a document because it was too long to copy and paste. Let me know if I need to copy/paste it into multiple posts--I tried several times, but even halving it was too long.
«
Last Edit: October 06, 2015, 03:57:56 AM by neophyte
»
Logged
Reply #3
September 30, 2015, 09:35:44 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #3 on:
September 30, 2015, 09:35:44 PM »
Hi neophyte,
This is indeed suspicous.
Could you please attach Malwarebytes report in your next reply ?
Please download
Farbar Recovery Scan Tool (x64)
and save it to your Desktop.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click
Yes
to disclaimer.
Press
Scan
button.
It will produce a log called
FRST.txt
in the same directory the tool is run from.
Please attach log back here.
The first time the tool is run it generates another log (
Addition.txt
- also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.
Logged
Reply #4
October 01, 2015, 04:24:21 AM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #4 on:
October 01, 2015, 04:24:21 AM »
Thanks for your response. Attached are the files you requested. The Malwarebytes scan identified three potential threats. I quarantined them--hopefully that was the right action.
«
Last Edit: October 06, 2015, 03:57:40 AM by neophyte
»
Logged
Reply #5
October 01, 2015, 04:18:25 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #5 on:
October 01, 2015, 04:18:25 PM »
Hi neophyte,
Your computer is indeed infected.
I noticed you use cracking tools. Please keep in mind that some of them could be used to reinfect your computer.
Download attached
fixlist.txt
file and save it to the Desktop.
NOTE.
It's important that both files,
FRST64
and
fixlist.txt
are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run
FRST64
and press the
Fix
button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Please download
TDSSKiller
and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on
Change parameters
.
Check
Loaded Modules
and
Detect TDLFS file system
.
If you are asked to reboot because an "Extended Monitoring Driver is required" please click
Reboot now
.
Click
Start Scan
and allow the scan process to run.
If threats are detected select
Skip
for all of them unless I instruct you otherwise.
Click
Continue
Click
Reboot computer
Please attach the file
TDSSKiller.[Version]_[Date]_[Time]_log.txt
found in your root directory (typically C:\) in your next reply.
Regards.
«
Last Edit: October 01, 2015, 04:58:42 PM by Curson
»
Logged
Reply #6
October 02, 2015, 03:33:02 AM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #6 on:
October 02, 2015, 03:33:02 AM »
The TDSSkiller didn't seem to find anything. Here are the logs.
«
Last Edit: October 06, 2015, 03:57:13 AM by neophyte
»
Logged
Reply #7
October 05, 2015, 02:18:30 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #7 on:
October 05, 2015, 02:18:30 PM »
Hi neophyte,
The logs seems OK.
How is the computer running now ?
Regards.
Logged
Reply #8
October 05, 2015, 07:17:01 PM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #8 on:
October 05, 2015, 07:17:01 PM »
I haven't had a problem since I wrote last. Shall we assume that everything is fixed?
Best.
Logged
Reply #9
October 05, 2015, 07:42:24 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #9 on:
October 05, 2015, 07:42:24 PM »
Hi neophyte,
Yes.
If something gone wrong again, please let me know.
Regards.
Logged
Reply #10
October 09, 2015, 09:02:38 PM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #10 on:
October 09, 2015, 09:02:38 PM »
Damn. I just had more malware pop-up. I haven't gone to any sites that would contain it--unless a link from reddit accidentally took me to one. Any advice?
Logged
Reply #11
October 10, 2015, 01:43:57 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #11 on:
October 10, 2015, 01:43:57 AM »
Hi neophyte,
Could you please generate a new FRST log and attach it in your next reply ?
Regards.
Logged
Reply #12
October 10, 2015, 02:47:19 AM
neophyte
Newbie
Offline
7
Reputation:
0
Re: IAT Hook
«
Reply #12 on:
October 10, 2015, 02:47:19 AM »
Thanks for the speedy response. Here they are.
Logged
Reply #13
October 12, 2015, 02:03:51 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IAT Hook
«
Reply #13 on:
October 12, 2015, 02:03:51 PM »
Hi neophyte,
The logs are clean.
Please download
Malwarebytes Anti-Malware
and save it to your desktop.
Double-click on the setup file (mbam-setup.exe), then click on
Run
to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
Click on
Update Now
to download the current database definitions, then click the
Scan Now
button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
Launch a "FULL SCAN".
When the scan has completed, the results will be displayed. Click on
Quarantine All
, then click on
Apply Actions
.
To complete any actions taken you will be prompted to restart your computer...click on
Yes
.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and past the
mbam.log
in your next reply.
To retrieve the scan log information (Method 1) :
Open Malwarebytes Anti-Malware.
Click the
History Tab
at the top and select
Application Logs
.
Select the box next to
Scan Log
. Choose the most current scan.
Click the Export
button
and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the scan log information (Method 2) :
Open Malwarebytes Anti-Malware.
Click the
Scan Tab
at the top.
Click the
View
detailed log link on the right.
Click the
Export
button and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
Regards.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
IAT Hook