Jump to content

ej7

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Just rechecked and it seems to be working great now! No more issues with bikiniland coming up. Thank you so much for your help!
  2. Here is the content from the MBAR files after fixing 1 malware issue detected: Malwarebytes Anti-Rootkit BETA 1.09.1.1004www.malwarebytes.org Database version: main: v2015.02.22.05 rootkit: v2015.02.22.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.17633Houk :: HOUK-PC [administrator] 2/22/2015 1:03:35 PMmbar-log-2015-02-22 (13-03-35).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 357870Time elapsed: 34 minute(s), 27 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Windows\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gw64.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [d54177d7554330f9438837b9788590f1] Physical Sectors Detected: 0(No malicious items detected) (end) From system log file: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.09.1.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17633 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.194000 GHzMemory total: 2074062848, free: 562155520 Downloaded database version: v2015.02.22.05Downloaded database version: v2015.02.22.01Downloaded database version: v2014.12.06.01=======================================Initializing...------------ Kernel report ------------ 02/22/2015 13:03:21------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\N360x64\1506000.020\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\system32\drivers\N360x64\1506000.020\ccSetx64.sys\SystemRoot\system32\drivers\N360x64\1506000.020\Ironx64.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gw64.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150221.001\IDSvia64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150203.001\BHDrvx64.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\rtl8192se.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\L1C62x64.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\N360x64\1506000.020\SRTSP64.SYS\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150221.003\EX64.SYS\??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150221.003\ENG64.SYS\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\oleaut32.dll\Windows\System32\sechost.dll\Windows\System32\normaliz.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\wininet.dll\Windows\System32\user32.dll\Windows\System32\imm32.dll\Windows\System32\iertutil.dll\Windows\System32\msctf.dll\Windows\System32\comdlg32.dll\Windows\System32\usp10.dll\Windows\System32\gdi32.dll\Windows\System32\shlwapi.dll\Windows\System32\shell32.dll\Windows\System32\psapi.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll\Windows\System32\nsi.dll\Windows\System32\msvcrt.dll\Windows\System32\difxapi.dll\Windows\System32\lpk.dll\Windows\System32\rpcrt4.dll\Windows\System32\kernel32.dll\Windows\System32\ws2_32.dll\Windows\System32\advapi32.dll\Windows\System32\imagehlp.dll\Windows\System32\Wldap32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\userenv.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\System32\profapi.dll----------- End -----------Done! Scan startedDatabase versions: main: v2015.02.22.05 rootkit: v2015.02.22.01 <<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800268b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800268b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800268b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800223b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...Done!Drive 0This is a System driveScanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: CA0BB992 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 27469824 Numsec = 285108224 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytesSector size: 512 bytes Done!File C:\Windows\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gw64.sys will be destroyedInfected: C:\Windows\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gw64.sys --> [PUP.Optional.Sanbreel.A]Scan finishedCreating System Restore point...Cleaning up...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred======================================= FRST02.txt Addition02.txt
  3. I am having the same bikiniland malware issues as some other users here. Any help would be greatly appreciated! Thanks, ej7 FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.