Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
General Category
»
Malware removal help
»
Help in reading first RK scan
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help in reading first RK scan (Read 10810 times)
0 Members and 1 Guest are viewing this topic.
September 24, 2016, 11:12:53 PM
99Sport
Newbie
Offline
7
Reputation:
0
Help in reading first RK scan
«
on:
September 24, 2016, 11:12:53 PM »
First time poster, here.
I've had a problem with a person who feels a psychotic need to track me. I have two laptops, one of which has disabled by a malicious MBR.
This is my first scan with RK, and have several questions about the interpretation of the results.
i've read the documentation, and am getting a better understanding of the code used to interpret the results....that being said, I'm a total noob at this.
I've posted the results of the first scan as an attachment, and would like an experienced opinion of these results.
As for the highlighted entries, I have not disabled them as of yet.....I'm wondering if it would be possible to track them down and save them for tracking the sender.
I'm not certain if this is the correct place to post this question, so please move to proper location.
With interest, I will keep an eye on this thread.
Logged
Reply #1
September 25, 2016, 11:54:43 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #1 on:
September 25, 2016, 11:54:43 PM »
Hi 99Sport,
Your computer is infected with Kovter.
The Kovter infection is a Trojan that performs click-fraud while running on your computer. This infection is typically installed via exploit kits found on hacked web sites or Trojan-Downloaders and is not used in tracking purposes.
Delete all entries detected by RogueKiller, then follow the following process :
Please download
Farbar Recovery Scan Tool (x64)
and save it to your Desktop.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click
Yes
to disclaimer.
Press
Scan
button.
It will produce a log called
FRST.txt
in the same directory the tool is run from.
Please attach log back here.
The first time the tool is run it generates another log (
Addition.txt
- also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.
Note : This thread has been moved to the "Malware Removal help" section for clarity.
Logged
Reply #2
September 26, 2016, 08:07:46 PM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #2 on:
September 26, 2016, 08:07:46 PM »
Thanks, Curson.
I've deleted all active infections and rebooted and re-scanned the hd. All seems to be good, except for a question I have about a few PUM DNS entries.
The entries are on both of my laptops, and am wondering if it may be a (user defined) proxy, or something more malicious in intent.
I've deleted them on both of the pc's and they keep showing up on re-scans.
"ipTRACKERonline.com"
IP Address Quick Report
IP Address:[/b] 67.142.174.10 67.142.174.11
Organization:[/b] Hughes Network Systems
City:
Country of Origin:
United States
* For a complete report on this IP address goto
ipTRACKERonline
They are traced to a private art museum in Kansas, of which I have no association with.
I'll dl FRST and follow your instruction.
Thanks for the guidance.
Logged
Reply #3
September 26, 2016, 08:44:44 PM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #3 on:
September 26, 2016, 08:44:44 PM »
Curson...
Per instruction, I'm attaching the txt logs you requested.
I see a few "hidden" files, some of which have no identifying author. Will wait for your response and advice, in the meantime, no real work will be done here.
I'll keep an eye open for the reply.......
Logged
Reply #4
September 26, 2016, 09:37:57 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #4 on:
September 26, 2016, 09:37:57 PM »
Hi 99Sport,
Do you have any link with direcway service ?
Leftovers of the infection are still present.
Download attached
fixlist.txt
file and save it to the Desktop.
NOTE.
It's important that both files,
FRST64
and
fixlist.txt
are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run
FRST64
and press the
Fix
button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Regards.
Logged
Reply #5
September 27, 2016, 12:47:17 AM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #5 on:
September 27, 2016, 12:47:17 AM »
Here we go, Curson...
Not that I'm aware, do I have a service with direcway. Probably fishy, if anything. I've been a little careless with this pc, lately. Not so, with my new one.
Here is the fixlog you asked for.
Logged
Reply #6
September 27, 2016, 01:15:13 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #6 on:
September 27, 2016, 01:15:13 AM »
Hi 99Sport,
Could you please tell me the name of your Internet service provider ?
Regards.
Logged
Reply #7
September 28, 2016, 07:47:03 PM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #7 on:
September 28, 2016, 07:47:03 PM »
Curson....
the current ISP is Hughes Network.
Prior to that is was Charter Communications, with a few hotspot connections along the way.
I've been trying to chase down an IP that is traced to an art gallery in Kansas, according to the IP's that show on the scan.
Any help would be greatly appreciated.
Thanks,
Logged
Reply #8
September 28, 2016, 09:47:55 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #8 on:
September 28, 2016, 09:47:55 PM »
Hi 99Sport,
This IP is linked to Hughes Network Systems, so you don't have to worry about it.
Your computer is now clean. You can now delete FRST and related directories.
Regards.
Logged
Reply #9
September 29, 2016, 07:17:21 PM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #9 on:
September 29, 2016, 07:17:21 PM »
Thanks, Curson, for your assistance.
I do have a single question about MBR's. What would cause an RK scan to list "unknown MBR" drive0; unknown MBR empty?
Logged
Reply #10
September 29, 2016, 08:40:35 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #10 on:
September 29, 2016, 08:40:35 PM »
Hi 99Sport,
You are welcome.
The "Unknown MBR" means the MBR is legit but not standard (OEM manufacters).
The "MBR empty" indicates that the device don't have any MBR (like USB mass storage devices, SD card readers, etc.).
Regards.
Logged
Reply #11
September 29, 2016, 11:43:17 PM
99Sport
Newbie
Offline
7
Reputation:
0
Re: Help in reading first RK scan
«
Reply #11 on:
September 29, 2016, 11:43:17 PM »
Got it.
Thanks for all of your help.
I'm ordering the upgraded version of RK. Great program, excellent support.
Logged
Reply #12
September 30, 2016, 04:06:13 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Help in reading first RK scan
«
Reply #12 on:
September 30, 2016, 04:06:13 PM »
Hi 99Sport,
You are welcome.
Thanks for the kind words and for supporting our product.
Regards.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
General Category
»
Malware removal help
»
Help in reading first RK scan