Author Topic: I am heavily infectived of a nasty virus cant remove  (Read 6181 times)

0 Members and 1 Guest are viewing this topic.

November 09, 2017, 05:50:04 PM

woofer

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
I am heavily infectived of a nasty virus cant remove
« on: November 09, 2017, 05:50:04 PM »
I received this back from support and was advised to list here my log to see if someone can help.  Thanks in advance.

Hi Jack,

Your computer is infected by a nasty malware.
Could you please open a new thread in the Malware Removal section of our forum: https://forum.adlice.com/index.php?board=5.0 and attach RogueKiller log with your message ?

Regards.

Ticket: https://adlice.freshdesk.com/helpdesk/tickets/3161
On Thu, 9 Nov at 5:33 PM , Jdbdenby <jdbdenby@gmail.com> wrote:
It keeps showing the same threats but never removes them.
 
RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : jdbde [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/09/2017 10:52:32 (Duration : 00:32:34)
 
¤¤¤ Processes : 7 ¤¤¤
[VT.Unknown] IntelAudioService.exe(4560) -- C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe[7] -> Killed [TermProc]
[Suspicious.Path] upmwlrk.exe(9692) -- C:\Users\jdbde\AppData\Local\upmwlrk\upmwlrk.exe
  • -> Killed [TermThr]
[Suspicious.Path] sbcmtnv.exe(10812) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
  • -> Killed [TermThr]
[Suspicious.Path] sbcmtnv.exe(3228) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
  • -> Killed [TermThr]
[Suspicious.Path] sbcmtnv.exe(10548) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
  • -> Killed [TermThr]
[Suspicious.Path] sbcmtnv.exe(10652) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
  • -> Killed [TermThr]
[Suspicious.Path] sbcmtnv.exe(6928) -- C:\Users\jdbde\AppData\Local\upmwlrk\sbcmtnv.exe
  • -> Killed [TermThr]

 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZFLV512HCJH-000MV +++++
--- User ---
[MBR] 8a8f0d0964f232a36a3f9403e7e56551
[BSP] 88913fd1a0c19de0265a0c33bfd00c34 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 487094 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 998367232 | Size: 902 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 

Reply #1November 09, 2017, 11:09:56 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: I am heavily infectived of a nasty virus cant remove
« Reply #1 on: November 09, 2017, 11:09:56 PM »
Hi woofer,

Thanks for supporting our product and welcome to Adlice.com forum.
You are indeed infected by the SmartService rootkit.

Please follow the instruction in shadowwar post and attach MBAR log with your next reply.

Regards.