Author Topic: Problems return after reboot  (Read 26152 times)

0 Members and 6 Guests are viewing this topic.

Reply #30May 22, 2016, 11:18:42 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Problems return after reboot
« Reply #30 on: May 22, 2016, 11:18:42 PM »
Hi jpraymond,

I've sucessfully analysed the registry dump your provided.
Please follow the following process to found Malwarebytes Anti-Malware's report.

To retrieve the scan log information (Method 1) :
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select the box next to Scan Log. Choose the most current scan.
  • Click the Export button and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the scan log information (Method 2) :
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click the Export button and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
  • -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
  • -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
Quote from: jpraymond
Also still working to upgrade present version.
We recently made a few changes in the Updater that breaks compatibility with older RogueKiller versions.
Could you please download and manually install RogueKiller latest version ?

Regards.

Reply #31May 23, 2016, 01:25:45 AM

jpraymond

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Problems return after reboot
« Reply #31 on: May 23, 2016, 01:25:45 AM »
Here are the results (With new version, thank you!)

Method 1 - No Export
Method 2 - No View, No Export
Method 3 - Settings, History Settings, Export? No Export Log button, although checked.
Method 3a - Manually find Dir. with log, copy newest log to desktop.

MBam- log-201...04-04).xml (xml not included in allowed file types) Will include with .zip file.

Before and after .jpg files for view with new version.

Other files generated by RogueKiller, also attached... changed .tmp generated when I save results to .txt

Thanks again, (and for this, and for that), thanks!!!

JPR
« Last Edit: May 23, 2016, 02:01:35 AM by jpraymond »

Reply #32May 23, 2016, 03:51:30 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Problems return after reboot
« Reply #32 on: May 23, 2016, 03:51:30 PM »
Hi jpraymond,

Thanks for the reports.

Please download Farbar Recovery Scan Tool (x86) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Reply #33May 23, 2016, 06:00:03 PM

jpraymond

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Problems return after reboot
« Reply #33 on: May 23, 2016, 06:00:03 PM »
Thanks... was up until 3:00, and just woke up...

It seems Rootkit.Fileless.MTGEN became active overnight, when I was sleeping. Ran Malwarebytes, it says it is now gone, but no idea what triggered it?

Should I run Fix on FRST or RogueKiller? Will wait until you reply.

Thanks again for all the work you're doing to help! Best customer service I've ever experienced!

JPR

Reply #34May 23, 2016, 06:10:50 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Problems return after reboot
« Reply #34 on: May 23, 2016, 06:10:50 PM »
Hi jpraymond,

The fix will be using FRST.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is the computer running now ?

Regards.

Reply #35May 23, 2016, 07:15:58 PM

jpraymond

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Problems return after reboot
« Reply #35 on: May 23, 2016, 07:15:58 PM »
After reboot, computer is running slow, and strangly...  (i.e. when trying to log in after FRST suggested reboot, there are 2 pages to enter Comcast mail. It was repeating the 1st step (Welcome to Comcast page) 2 - 3 times, prior to actually enter "mail" that I had clicked on in the 1st page, then same 2nd page, and finally was able to log into my email so I could respond to to you. Right now, I am typing the text, and wait until it actually shows up. Ok, now typing as usual. Ran as you directed, and will attach the file you asked for. While you analyze that, going to run MWB to see if the RootKit.List.MTGen appears.

Thank you again,

JPR

Reply #36May 23, 2016, 07:36:32 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Problems return after reboot
« Reply #36 on: May 23, 2016, 07:36:32 PM »
Hi jpraymond,

I want to make sure the infection is now really gone.
Please download SystemLook and save it to your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: [Select]
:dir
C:\Documents and Settings\Jeff\Application Data
C:\Documents and Settings\Jeff\Local Settings\Application Data
:regfind
mshta javascript
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Regards.

Reply #37May 23, 2016, 08:16:17 PM

jpraymond

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Problems return after reboot
« Reply #37 on: May 23, 2016, 08:16:17 PM »
Ran MWB and RogueKiller and came up with nothing at all!

Rather hesitant to connect to the E: drive... should you come up with a modification of your software, please let me know. Do you recommend I delete previous files, .tmp, ,jpg, and others associated with this problem?

Thank you seems insufficient for all the work, and help you've provided, but until better words come to mind, or someone else's mind, THANK YOU!

SystemLook.txt will be attached in a few... I know this has been a PITA for you, and thanks for your patience, kindness, and I think I've said before, the BEST customer service I have ever experienced... Peace!

JP

Reply #38May 23, 2016, 08:36:47 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Problems return after reboot
« Reply #38 on: May 23, 2016, 08:36:47 PM »
Hi jpraymond,

Quote from: jpraymond
Ran MWB and RogueKiller and came up with nothing at all!
Good. :)

Quote from: jpraymond
Rather hesitant to connect to the E: drive... should you come up with a modification of your software, please let me know. Do you recommend I delete previous files, .tmp, ,jpg, and others associated with this problem?
I don't think the infection is propagating through drives, so you can reconnect it.
Please don't delete those files for now, there is still a folder we must take care of.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Quote from: jpraymond
Thank you seems insufficient for all the work, and help you've provided, but until better words come to mind, or someone else's mind, THANK YOU!
SystemLook.txt will be attached in a few... I know this has been a PITA for you, and thanks for your patience, kindness, and I think I've said before, the BEST customer service I have ever experienced... Peace!
It was not so difficult but you are very welcome. :)

Regards.