Jump to content

CJN853

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Bumping this thread. Problems persist, but Malwarebytes Antimalware cannot identify anything wrong.
  2. OK, getting stranger now... Restore points are now all deleted (I had made a new one after running disk check). Also IE has cleared my "home" web site setting.
  3. LiquidTension helped me out with WGA, Cryptowall, and Poweliks last year, so turning to you guys for help again. For the last two weeks, my computer Start menu says that it wants to install a Windows update upon Shutdown, but when I shut down, no update is installed. When I manually go to windows update, no updates are available to install (ie I am all up to date). Windows Action Center wants me to troubleshoot a hard disk problem, but running scandisk yesterday uncovered nothing. Other than these two issues, everything seems to be fine, but when I go hit last year, there was a month of strange behavior like this leading up to the Cryptowall attack. Malwarebytes uncovered nothing.... FRST logs attached. Addition.txt FRST.txt Shortcut.txt
  4. Adam: Is it possible to use one of these tools to recover a deleted system restore point from say the 8th of November, if my first "real" accessible point is the 12th? If that is stored in a deleted hidden system file or directory and I knew where to look, is that worth a shot? Otherwise I will start working on piecing together my backup. Lesson learned.... Use a backup system that does not use drive letter mapping. Grrrr... Thanks again, Chris
  5. Bummer but not surprising. I'll have a look at those... Thanks for trying, Adam. Chris
  6. Any update on the decrypt, Adam? Thanks for the advice on the AV tools.... Any reason for ESET over Kaspersky? Or just personal preference and history of success? Would I need a separate firewall enhancer like I have with Trend today, or is that redundant to Windows already? Another thought, what is your opinion of the use of Software Restriction Policies as described at http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information? Thanks, Chris
  7. I think you are spot on with Trend based on trying your suggestion. Knowing that my annual subscription is coming due in a month (and that Trend let some nasties through last month), I wonder if there is something that both runs lighter and works better.... Looking forward to the outcome of your encryption analysis, regardless of how it turns out. Thanks, Adam. Chris
  8. Safemode fires right up without any spurious disk activity after login.
  9. Adam Basically no difference with or without the clean boot settings. Seems to coincide with Trend just being real slow to start up... So should I just put things back the way they were? Chris
  10. OK, so after the login screen, there is still about 10 minutes of disk activity. Trend seems to have turned its service back on, but I am still thinking I need Seagate and the two Adobes on as well. Boot time and performance really don't seem all that different, although srvhost went from 214,100k before changing the startup settings, now to 167,100k.
  11. OK... So for documentation purposes, this is what got disabled: Services Adobe acrobat updater Adobe flash updater Trend micro solution platform Seagate service Shadow explorer service Startup THXAudio Creative Updreg Seagate freeagent Adobe reader and acrobat manager MFManager Aren't some of those worthwhile, like the auto updaters, antivirus, and Seagate backup?
  12. You are correct, Adam, that MBAM found and removed the ransomware. The original log from last Monday is attached. original mbam log.txt
  13. Adam: No issues with the Trend uninstall/install. Updated OK, didn't detect anything on a full system scan, and fires up automatically on reboot. It seems to run a little lighter now. So while there is a lot of disk activity for about 5-10 minutes on startup, once that stops the computer is quite responsive. Possibly lousy page file settings or still too many useless services starting? ID tool results below: Infection Detection Tool v1.6 - Nathan Scott -------------------------------------------- Date/Time: 11/20/2014 10:03:02 PM Operating System: Windows 7 Service Pack: Service Pack 1 Version Number: 6.1 Product Type: Workstation -------------------------------------------- [Detected Flags]
  14. Adam: File is uploaded... Word document containing lyrics to the Chicago Bears fight song. Yes, all updates are successfully installed. In fact, Windows autoupdated and restarted on a security update dated today. Good news on the security check? Awesome... Thanks for your help getting to this point! Yes, no open programs. Disk usage is normal at the moment and svchost is using about 193k. I'll let you know if I have any issues with Trend. Thanks, Chris
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.