Jump to content


Photo
- - - - -

malware bytes malicious website blocking disabled


  • This topic is locked This topic is locked
70 replies to this topic

#1 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 09:20 AM

Please see the attached logs after diagnostic scans. Please help remove any infections and have the feature enable on my installation.

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 10:43 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 10:53 AM

Thanks Charlie. Please see the attached log.

Attached Files



#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 11:02 AM

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 11:24 AM

Please see the attached reports.

Attached Files



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 11:28 AM

That was clean, are you on a wireless network or network? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 11:31 AM

I am on wireless network.

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 11:33 AM

OK, please do this...............

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassoci...T-Tools/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 11:52 AM

Please find attached the requested logs.

Attached Files



#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 12:02 PM

I would like you to run ComboFix but there's a chance that it may cause you to lose your connection.

So...............

Please back up the registry:
http://www.geekstogo...ry-using-erunt/

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to
the C:\WINDOWS\ERDNT folder and run ERDNT.exe to restore the registry.
Reboot and see if it's OK now.
If that doesn't work....use that system restore point and that will correct the problem.


Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 12:28 PM

Thanks. I will do as advised and post the results. In the meantime, I am kind of worried as we have done quite a few scans using different tools, still it appears we have not been to isolate the problem. Please advise what you have been able to find out so far, and is it something we can fix? Your help is much appreciated.

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 01:07 PM

This is in your DDS log and is an indication of a ZeroAccess infection:

LSP: mswsock.dll

http://www.systemloo...swsock_dll.html

None of the scans show the infection so far.

That's the story, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 03:04 PM

The scanning for infected files....has been running for almost 3 hours now. Should I let it continue or should I cancel this task and reboot the system? Please advise.

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 03:13 PM

Cancel it, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 03:16 PM

Thanks. Please advise what me of next steps.

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 26 September 2012 - 03:17 PM

Try it like this......
Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 26 September 2012 - 03:19 PM

Okay. I will try this and let you know how it goes.

#18 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 27 September 2012 - 07:42 AM

Hi Charlie, I tried running using 'Safe Mode', but McAfee Antivirus Enterprise server was not getting diabled. The scan started and ran for about an hour...but did not complete the job. I cancelled and rebooted my system and noticed that Malwarebytes website blocking is not enabled. I am not sure what really happened, but Malware bytes seems to be fully functional at this time.
Please advise if there is anything I need to do to a second check to make sure it not a false positive and my system is indeed free of any virus or malware.

#19 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 27 September 2012 - 07:43 AM

Hi Charlie, I tried running using 'Safe Mode', but McAfee Antivirus Enterprise server was not getting diabled. The scan started and ran for about an hour...but did not complete the job. I cancelled and rebooted my system and noticed that Malwarebytes website blocking is now enabled. I am not sure what really happened, but Malware bytes seems to be fully functional at this time.
Please advise if there is anything I need to do to a second check to make sure it not a false positive and my system is indeed free of any virus or malware.



#20 atldude

atldude

    New Member

  • Members
  • Pip
  • 41 posts

Posted 27 September 2012 - 07:45 AM

Sorry for the duplicate post. My earlier post had a type "not" which should be "now". To repeat, Malwarebytes appears to be fully functional at this time. Please advise how I confirm all is well with the system.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users