Lodder
Members-
Posts
20 -
Joined
-
Last visited
Reputation
0 Neutral-
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Seems allright, i am beginning to think that a previous round of scans and removals i did few weeks ago on this system actually was enough to cleanse it, and that the remaining oddities like win defender getting disabled (i recently changed from nod32 to MS security essentials) and the empty setup log file are just false alarms. Just the sometimes incomplete or blocked webpages remaining then, but that might have had other causes and i yet have to see if that remains. Thanks alot for your help, i am setting up my main system at the moment, hardening it before i go online, if gmer still crashes and awsmbr still give initialization error i wil make a new post for that. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.78 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Exploit mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Just found that windows defender is superseeded and disabled by default when installing MS security essentials, i feel stupid now for worrying about not being able to get it running : / -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Here the combofix log. ComboFix.txt -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
I will be unable to respond for the coming 10 hours. Thanks alot so far! -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Ok did so, here the output. Btw i started windows defender service again some 15 mins ago and set it to automatic and now i got back at the laptop it is stopped again and put on manual. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01Ran by Blobber at 2014-01-02 03:12:10 Run:1Running from C:\Users\Blobber\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************DeleteJunctionsInDirectory: C:\Program Files\Windows DefenderDeleteJunctionsInDirectory: C:\Program Files\Microsoft Security ClientTask: {223FC82C-1C48-4A2D-9004-4FAA338A2D59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)Task: {58285ABD-E5FE-4BF8-84B3-BE4CFE7AEE47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION ***************** "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started."C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{223FC82C-1C48-4A2D-9004-4FAA338A2D59} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{223FC82C-1C48-4A2D-9004-4FAA338A2D59} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58285ABD-E5FE-4BF8-84B3-BE4CFE7AEE47} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58285ABD-E5FE-4BF8-84B3-BE4CFE7AEE47} => Key deleted successfully.C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ==== Rebooting. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Realised i'd better firstly write zero's to the hdd and then flash, so starting with that. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Maybe you got additional tips for doing that properly? I just now started with detaching the hdd, depowering the system, clear bios, unplug the power plug from mainboard, wait a minute, plug it back in and powering up the system. Now will boot from cd made at a clean pc with dos prompt and flash utility and after that will load system defaults. Then i will connect hdd again and boot from a pc tool cd and write zeros to the hdd. Then will do a genuine MS dvd windows 7 setup, and i have clean cd with offline win7 sp1, eset nod32 and mbam to install, before i will plug in the lan cable to run further updates. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Meanwhile i started on my main system to give it a clean install starting with a bios flash since gmer and aswmbr still would give errors or crashes after the last clean install. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
That went fast, below the results. Nothing found at all in all scans it seems? But somehow now i'm able to start windows defender which i was not able to before so that's a plus. Farbar output cannot be posted, attached it. Addition.txt FRST.txt -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Eset scan came out clean, now running farbar. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Ok will do, allthough i ran it as admin the session before. While running the eset scan i got a little bored and tried to see if windows defender still would not run and started it manually (which i was not able to so before) and now it will start...(?) Stopped the service again for now. Afraid the system is not that fast, more to come. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Blobber :: COUCH-POTATO [administrator] 2-1-2014 0:49:12 mbam-log-2014-01-02 (00-49-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204240 Time elapsed: 3 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
ohh and a bunch ERUNT of more errors after that, regarding not being able to access registry keys regarding SAM and lots of others. -
Think i have challenge, suspected undetectable rootkit.
Lodder replied to Lodder's topic in Resolved Malware Removal Logs
After a reboot required by adwcleaner i got the following popup from ERUNT which i ran the session before: "Unable to create file: C:\Windows\ERDNT\Autobackup\2-1-2014\ERDNT.INF Registry backup will continue, but no restore information for the ERDNT program will be saved, This means that later restoration of the registry can only be done manually, by using another OS to copy back the files." Now continuing with mbam scan.