Author Topic: Tr.Poweliks  (Read 4783 times)

0 Members and 1 Guest are viewing this topic.

October 30, 2014, 11:49:48 pm

manty

  • Guest
Tr.Poweliks
« on: October 30, 2014, 11:49:48 pm »
see original Poweliks detection log

A few days ago I came up with and infection opening dll.host files filling up memory HD etc.. Made several scans with Rogue and just about everything else I could think of and thought I had it all until today.

see Found and removed Today log

Today something else popped up and it was opening regsvr32.exe processes

 Rogue found and killed that stuff but I still keep getting hits in rootkit area which leads me to believe something still exists.

see last logs from after Rouge and a GMER

Thank You for any help you can give and the time for looking at the logs. If nothing else ill just reinstall windows 7 and be done with it.

I think I picked up these infections on a freeware installation.


Update:

Another GMER scan after UnHackme and New Malwarebytes run. Plus several Antivirus scans.



« Last Edit: October 31, 2014, 06:39:21 am by manty »

Reply #1October 31, 2014, 08:52:57 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Tr.Poweliks
« Reply #1 on: October 31, 2014, 08:52:57 am »
Hello
I don't see any Poweliks now.. Looks like it downloaded several friends in the background.
What did Malwarebytes say?

Reply #2October 31, 2014, 09:17:52 am

manty

  • Guest
Re: Tr.Poweliks
« Reply #2 on: October 31, 2014, 09:17:52 am »
Hi,

Thank you for looking at the logs and the response.

 Malwarebytes hadn't reported anything since it first found it. The only thing it didn't remove the problem just some of the msiexec files it made.

The good thing it did for me was identify it or I wouldn't have found this site.

Reply #3October 31, 2014, 07:15:39 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Tr.Poweliks
« Reply #3 on: October 31, 2014, 07:15:39 pm »
Ok, so you noticed some strange behavior since then?

Reply #4October 31, 2014, 08:59:19 pm

manty

  • Guest
Re: Tr.Poweliks
« Reply #4 on: October 31, 2014, 08:59:19 pm »
Yes,

Yesterday I had removed the few friends you had mentioned. This could of just been a random browser hijack off of a compromised website and a coincidence.

It was 5 days after the first detection and removal of poweliks. I was just assuming it was related which it may not have been. I guess I run a pretty tight pc I watch in and out going ips and have virtually nothing going in or out except ISP contacts and the occasional windows contact. So when I get bombarded by IPS I know somethings up.

 I believe I made the mistake of downloading what looked like a legit video editing freeware and it was packed with that as shortly after my problems started.

So far the last 12 hours or so has been really quiet no ips no hits on any scans.
« Last Edit: October 31, 2014, 09:02:02 pm by manty »