Jump to content

Matthew P

Honorary Members
  • Posts

    97
  • Joined

  • Last visited

Everything posted by Matthew P

  1. Also in regards to the file tile repository, I follow the instructions and fixed that, and to the other question I don't recall making any firewall rules so I'm not sure what made them.
  2. I had actually already ran kvrt before I made this post and it came back clean, so if you think it's probably safe I'll keep the net on and just be cautious for now Thank you for the advice and help.
  3. Ok I've updated the applications you listed with the exception of java which I just removed for the time being. I'll keep my PC offline from the internet for the time being. And use my phone for now. Thank you very much for your help so far. I look forward to **hopefully** seeing that I overreacted lol.
  4. Scanned with ESET and used the Other Scanner tool. ESET Finished and found 4 items. 2 of which were an Old Visual Studio Project of mine probably some keylogging tutorial on youtube I followed along with when I was a kid. It's on my Old PC folder so it's backed up from there. Defently isn't causing any harm on my pc, and also isn't active. The other two items were Installers found in my downloads folder. Called spsetup132.exe Which I think is Speedfan installer? According to ESET came with a google tool bar bundle. So all in all I don't believe anything serious was found. I'll post the logs of both applications below though. SecurityCheck.txt esetScanLog.txt
  5. All 5 of the most recent IP blocked have been attached below: ProLog.txt ProLog2.txt ProLog3.txt ProLog4.txt ProLog5.txt
  6. The malwarebytes scan came up clean. The adAware scan came up with Honey *the browser extension* as a PUP. And the logs requested are attached below. PS: I should note I have 4 Hard Drives, and I don't know if threat scan, goes beyond your main drive unless you do a custom scan. ScanReport.txt Addition.txt FRST.txt
  7. So recently every few days or so. I get 2-3 Outbound port 137 IP blocks. Usually from some Indian IP. My initial assumption with this being an outbound connection, would mean I have malware on my pc calling home. Some people told me this isn't necessary the case, but to be sure I wanted to get another opinion. Attached are some related images from Malwarebytes. The second issue is that they are Saying "File: System" which makes me think it's my system calling home? So 100% an infection. I don't know much about networking though so I could be incorrect in my way of thinking there. In fact as of posting this another one happened again. So it's spooking me pretty bad. When I look up the IP's on Domain Whois I get the following: India Bengaluru Hathway Cable And Datacom Limited. So some IP using Halthway as there ISP not much else. When this happens I immediately disconnect my internet. Run several scanners, and look through task manager for anything suspicious. I don't install many applications on this PC. I disabled sync on firefox, as per some suggestions online, and I uninstalled cFosSpeed which came with my gigabyte motherboard. The computer runs Windows 10 *Legit Copy* and is only a few years old. What would you like me to do next?
  8. It's used for reading process monitor logs, for further analysis of files. To my understanding this has always been the official site. (owned by cert(dot)at) If I'm some how incorrect I apologize in advance.
  9. Well this is going to sound dumb so I'll start off with the first things I'd like to say. I'm posting this here because even tho I have left the mbam forums for a long time I've always found it's community to be far more nice and helpful then reddit and other communities and tbh I find reddit annoying as a medium. So I'm glad to be able to post it somewhere like this (I also own a copy of Malwarebytes Premium :P). Anyways I was just doing my daily stuff today. I had updated firefox (last night?) and what not. I will not lie. And I will admit. I have no yet updated windows for the patch that blocks the NSA exploits. *STUPID I KNOW* but I'm so far behind in updates I just haven't got around to it. :/ If someone could tell me exactly which updates fix that i'd speed download them first if that's even possible on windows 10. Getting to the point: I was on a website and windows firewall poped up saying it was blocking parts of firefox *no i didn't pay attention to the file path to see if it's the right firefox but I think it was?* So I freaked out and closed that tab. I then ran wireshark *which I had just installed that day* sadly I think I forgot to restart anyways missing driver and wireshark BSODed my PC. I think that happened before. So I freaked out. I have like 15 boot scan disk all over my floor *ok just a linux boot disk I couldn't find my boot scanners*. But It wouldn't run for some reason. So I booted into safemode and scanned a full scan with mbam. ZERO THREATS. I am still concerned. What could I do next to ensure I'm safe? I know I'm being pernoid. But I just wanan cover all my bases since if I have it it hasn't yet activated *cause i'm in safemode and bsoded at time of possible infection blah blah* Recommendations?
  10. I have the same problem and it's January now. I'd really like this fixed
  11. I might just upgrade it to windows 10, if you don't think that would case more issues.
  12. Thank you very much. Hope your felling better. Also when this event happened I did shut off my Pc incorrectly because I kind of paniced. So I'm not sure if that means that the error log wouldn't have been saved? The event happened on October 3rd I believe. I haven't had it happen again since. But from time to time (before the event) I have had my screen go all wacky to where you can't see everything and it looks like video card or monitor failure. Everythings goes with lines through it etc. Hard to explain but I'm sure you know what I mean, which is why I think it could be my video card. Also I don't know if I mentioned. I do have a failing harddrive with sectors that get corrupted over and over. It however, isn't my boot drive. So I dunno if that is an issue. EDIT: I found the area it failed at in the event log (other errors around it such as the failing hard drive but yah). "A critical system process, C:\Windows\system32\lsm.exe, failed with status code 255. The machine must now be restarted." October 3rd 2015.rar
  13. Sorry attached file now if ir still matters, maybe just a look can tell you if it's actually an error windows has, also this site is extremely hard to navigate on mobile but I'll give that thread a look like you said sorry if I posted this in the wrong area
  14. So today i today i was relaxing and watching videos on YouTube when all of a sudden a horrifying error pops up on my screen. Let me preferaise this with the fact i havent had a virus in over maybe 10years, which doesn't mean i don't now but still im just saying i am ultra careful and pretty much don't go to any unofficial sites or download things. Malwarebytes Pro is always on and i have several link scanners (web of trust, site advisor etc). When i do go anywhere it's on my phone or on a virtual machine in vmware with security protection on it too as well as all file sharing disabled. Anyways here is the message attached to this post. I am currently on my phone as im to afraid to touch my own pc. I use to fix other peoples pcs with virus issues no problem but when it's my own i get very phobic lol thanks for your help in advance Edit: forgot to mention i have a failing hard drive and i think my gpu or some other component is also failing so i do believe i have hardware issues on top of this if it isn't related maybe it is error doesn't sound real hope it is. Also my boot drive isn't failing its an ssd but most of my stuff is installed on the failing drive
  15. Yep it is fixed now. Thank you.
  16. Sorry I keep forgeting how this patacular forum works not use to it. Forgot I have to add the attachment to post after I add it. Use to SMF forums. Attached: steam_api.zip
  17. Alright not sure if this is the wrong section for this since I am using Malwarebytes 2.0 Beta, but... The file is part of a steam game called AirMech I believe. Attached is the file in question.
  18. It was a few days out of update. So that could have been it seems to be fine now after updateing. Thanks. If anything else comes up I'll be sure to make note of it. Thanks.
  19. Sorry, I dont know how that happened. I sware I had attached the file. Anyways. It also just now dected Xfire Uninstaller as a Trojan as well. So I'll upload that too. uninst.zip 151.zip
  20. C:\ProgramData\Xfire\151.exe Trojan.Agent Xfire, a popular instant messenger that I use just finished updateding and a while after this poped up: It's one of the most used gaming IM's to date. And was even at one point owned by Viacom (Owner of CBS TV Station) So I think it's safe to assume this is an FP. So just sending it in to check and make sure the file is attached below. Thank you.
  21. System restore will keep showing these files if you leave it on. I'm not saying you should turn off system restore but if you don't yes it will probably keep coming up as the System restore makes new restore points every day so often (I don't know if it's daily).
  22. Maybe related since i got 24 kies results too. But Slightly different. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6444 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26/04/2011 6:42:47 AM mbam-log-2011-04-26 (06-42-45).txt Scan type: Full scan (C:\|) Objects scanned: 344447 Time elapsed: 6 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 12 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KiesHelper (Trojan.Agent) -> Value: KiesHelper -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\KIES.EXE (Trojan.Agent) -> Value: KIES.EXE -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\COMMON\KIES.COMMON.MEDIADB.DLL (Trojan.Agent) -> Value: KIES.COMMON.MEDIADB.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\COMMON\KIES.COMMON.PIMS.DLL (Trojan.Agent) -> Value: KIES.COMMON.PIMS.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\COMMON\KIES.COMMON.UTIL.DLL (Trojan.Agent) -> Value: KIES.COMMON.UTIL.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\COMMON\KIES.TEST.PIMS.DLL (Trojan.Agent) -> Value: KIES.TEST.PIMS.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\ASTORE\ASTOREPLUGIN.DLL (Trojan.Agent) -> Value: ASTOREPLUGIN.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\DEVICEHOST\SYNCPROVIDER.DLL (Trojan.Agent) -> Value: SYNCPROVIDER.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\DISCRIPPING\DISCRIPPING.DLL (Trojan.Agent) -> Value: DISCRIPPING.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\MUSICSTORE\MUSICSTORE.DLL (Trojan.Agent) -> Value: MUSICSTORE.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\PHONEBOOK\PHONEBOOK.DLL (Trojan.Agent) -> Value: PHONEBOOK.DLL -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\SAMSUNG\KIES\PLUGINS\PHOTOMANAGER\PHOTOMANAGER.DLL (Trojan.Agent) -> Value: PHOTOMANAGER.DLL -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files (x86)\Samsung\Kies\kieshelper.exe (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Kies.exe (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Common\kies.common.mediadb.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Common\kies.common.pims.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Common\kies.common.util.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Common\kies.test.pims.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\AStore\astoreplugin.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\devicehost\syncprovider.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\discripping\discripping.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\musicstore\musicstore.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\phonebook\phonebook.dll (Trojan.Agent) -> No action taken. c:\program files (x86)\Samsung\Kies\Plugins\photomanager\photomanager.dll (Trojan.Agent) -> No action taken. Below I've ziped and attached all the files in question fpbank.zip
  23. I have kies as well and with my version I get about 25 (just 12 if you look at it because the rest just pertain to the reg edits of those 12 files so 2 birds 1 stone deal) Infected files Would you like me to upload mine as well?
  24. EDIT: Sorry for double post fixed the first post you can delete this one. EDIT2: Oh yeah, and heres the file in question... SGLauncher.exe.zip
  25. This is a file used for a game engine to launch your games with a more attractive launcher. The Dev Freaked at me when I accussed him of having a Trojan Downloader and he probably has good reason. 0/40 AV's detect it as anything. Attached is the LOG. mbam-log-2011-04-03 (09-48-35).txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.