Author Topic: Request help to review scan results  (Read 7003 times)

0 Members and 1 Guest are viewing this topic.

November 14, 2015, 08:03:17 PM

RKuser

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Request help to review scan results
« on: November 14, 2015, 08:03:17 PM »
I just scanned my system and just wanted you to review the attached txt file for sanity sake.  I am experiencing high CPU usage and trying to pinpoint the issue.  I suspect VSE as the culprit but maybe something else is going too.  Thanks in advance for your time.

Reply #1November 14, 2015, 08:45:33 PM

RKuser

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Request help to review scan results
« Reply #1 on: November 14, 2015, 08:45:33 PM »
I forgot to mention that I also had local area network connection issues (not connecting to the local ISP and creating new network connections on its own) and have found out under TCP/IPv4 properties the DNS address is configured to route via CyberGhost servers.  I had removed the s/w and tried re-configuring to automatically get the address (i.e. DHCP) but it keeps reverting back to their IP's in DE & USA.  I found you on the internet (Google) thru a Malwarebytes thread.  I decided to follow the procedure outlined by MB and suggestion to pass along the file for review.  I am a first time user of your software and not at the sys admin level either.  I'm using a student version of Server 2008 R2 and the server is used from home.  Any help is appreciated.  Thanks again. 

Reply #2November 16, 2015, 06:47:32 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Request help to review scan results
« Reply #2 on: November 16, 2015, 06:47:32 PM »
Hi RKuser,

The detection of McAfee VirusScan Enterprise is a false positive which will be fixed in RogueKiller next release.

Please uninstall CyberGhost software.
Then launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
ipconfig /flushdns && netsh winsock reset all && netsh int ip reset %USERPROFILE%\Desktop\Resetlog.log"
Please reboot the computer then attach the file Resetlog.log in your next reply.

Regards.

Reply #3November 17, 2015, 02:56:57 PM

RKuser

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Request help to review scan results
« Reply #3 on: November 17, 2015, 02:56:57 PM »
Hello Curson,

I manually remove the reminents of CyberGhost 5 from the registry.  I tried to flush the DNS from the cmd prompt using your script but I was denied access and been trying to figure it out.  I have attached a screenshot for you.  Any ideas?  I've seen some threads in regards to UAC causing an issue for other Windows OS versions.  Thanks.

Reply #4November 17, 2015, 06:30:28 PM

RKuser

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Request help to review scan results
« Reply #4 on: November 17, 2015, 06:30:28 PM »
Hi Curson,

It looks like it was blocked by the VSE access protection, once I shut it off I was able to do the dns flush script you provided except did not get the reset log.  I searched for it all over the place.  Afterwards I went back into the IPv4 ipconfig settings and it still had it pointing to the CG dns servers.  I was able to change it too so now I have DHCP running right.  Of particular note I tried to do a flush after turning back on the access protection and had no issues running a flush...?  Anyways thanks for your time and appreciate your help!

Reply #5November 17, 2015, 06:49:04 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Request help to review scan results
« Reply #5 on: November 17, 2015, 06:49:04 PM »
Hi RKuser,

Quote from: RKuser
[...]did not get the reset log
I made a mistake in the script which caused the issue about the log. Sorry about that.
Anyway, the fix itself seems to have worked.

Quote from: RKuser
Anyways thanks for your time and appreciate your help!
You are very welcome. :)

Regards.