iroc9555

Members
  • Content count

    58
  • Joined

  • Last visited

About iroc9555

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    Venezuela
  1. Hi Maurice. Good Morning. Nothing was lost. I did my share of mistakes too. Attached log for DelFix. Tomorrow is my next schedule MBAM scan. If I am not around, it ran uneventfully. Otherwise I'll be knocking on your door Thank you again Maurice. Wish you the best. DelFix.txt
  2. I did. My only concern is that they are only 1 KB in size while the one I misstook for one of the files removed by ComFix is 7 KB. I hope ComboFix did not do anything to them. Now What ? Clean all tools from my sys ? Thank again Maurice and I apologize for my questioning and inquisitiveness, and mistakes.
  3. Yes I did. I did downloaded the Cfscript.txt to my desktop where I have the ComboFix.exe. I dragged it and dropped it into ComboFix.exe just like the image .gif you attached above. ComboFix was launched, and It asked me if I wanted to upgrade because they have a new version. Here I said no because I was just restoring files. I thought ComboFix was doing its thing, but now you said that it just ran a regular scan so I am as baffled as you are. I have to go back a make a correction though. The file in my system32\drivers\ is 1028_Dell_DIM_DXP061.mrk. I relized the mistake I made later on, but I couldn't edit the reply and I didn't want to post again. However, I did dragged and dropped the script into ComboFix. That I am sure of. So, Do I try ComboFix again, or just get the files out of quarantine ( fix the embedded spaces and remove the vir ending ) and drop them in the drivers folder ?
  4. Wierd ! I did. The only thing was I did not updgrade ComboFix when it said they have a new version. Also what the heck 1028_DELL_XPS_Dell DXP061.MRK is doing there ( C:\WINDOWS\system32\driver ) if it was removed by Combofix the first run and it did not removed now ? Do I run Combofix with the restore cfscript again ?
  5. Hi Maurice. Folowed instructions, but only 1 of the files was restored. This one: 1028_DELL_XPS_Dell DXP061.MRK ( there was no space between the name or the dot or the MRK. Good ) I can not find DELL_XPS_Dell DXP061.MRK anywhere in my system. Attached new log. Any db with fixes released before yesterday ? What were those fixes if any ? Otherwise it means that at any time running a scan I can get another BSOD. I am not calling it but.... if we do not know what happened, How can I be sure it will not happens again ? Thanks Maurice. Awating for new instructions. ComboFix.txt
  6. Sorry for my late response Maurice. I appreiate it Maurice. I do not know what they are and I could not find any info on them. I could have asked in DeLL forums, but I was lazy about it. Besides the ComboFix-quarantined-files.txt report, I also attached a copy of the files themselves. You would know what to do with them Someone else was curious about similar files for another DeLL model three years ago. https://www.virustotal.com/es/file/9377fd1e115548f004d3f9501c206590c7d9bbfb0b7d5835c60987a92c811db6/analysis/ I did not bother to send them to VT because the .vir name given by Combofix when they are placed into quarantine might not give a good analysis. May be I am wrong though So Maurice.. What do you think was the cause of the BSOD ? I appreciate your helping me with this. Thank you so much Maurice. ComboFix-quarantined-files.txt DeLLdrivers.rar
  7. Thank you Mieke. Not being detected with db 2014.10.20.6 Apologies for the "sir". Ma'am
  8. Hi Maurice. Not to worry. It was a F/P. Already reported here and fixed with new db update. https://forums.malwarebytes.org/index.php?/topic/159211-mbdefexe-fp/ At first the name thru me off because the MB ( MBAM ) and the date, I thought it was from MB tool then I realized I had an error doing a database restore with my Creative Player, and a friend hinted me to the right file. Besides I never take action on files detected. I rather research the file and make sure it is not a F/P. If it is for real, the malicious file is there anyway, but if it is a F/P, it can bogged down a program eventhough it is restored. Ok, I did another scan and it seems everything is fine now. Now, the million dollar question. What was it ? The wininit.ini and FF prefs.js deleted by JRT ? The changes made by ComboFix ? Besides deleting a bunch of temps, which some of them are back, and the DeLL files, and stopping CTFMON.exe fron running automatically on boot. My sys was otherwise clean. No infection. wasn' it ? BTW. Is there a way to restore those DeLL files ? I do not want to take a chance they are needed for DeLL diagnostic tool or to restore DeLL hidden image. c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 c:\windows\system32\drivers\DELL_XPS_Dell DXP061 Another thing. I do not know if you noticed in the logs for system event viewer that it still reports an error for : Timeout (30000 ms.) transaction response to the service for MBAMService ( or something for that stile. It is difficult to translate exactly ). Attached report. But this is happening since MBAM v. 2.0.2. It did not happened in v. 1.75 or older. I think all is well. Crossing my fingers. Awaiting next instructions. I thank you again Maurice. Kudos to you MBAM 2 Threat scan.txt Event viewer.txt
  9. You are welcome. This 40 seg thing about MBAM quarantining files is hard to avoid. MBAM wants to quarantine a file does not matter what. Thank you sir.
  10. Hi Malware proteccion and Threat Scan ( db 2014.10.20.4 ) are detecting: C:\WINDOWS\MBDEF.exe as Spyware Zbot.VXGen. It is a Creative Default setting restorer of Sound Blaster Audigy ADVANCED MB http://www.shouldiremoveit.com/Sound-Blaster-Audigy-ADVANCED-MB-12323-program.aspx VT analysis: https://www.virustotal.com/es/file/b0735eb57739a49531ac713cd16a43ea72d33cf5fb192ed21c99cdff49b050ca/analysis/1413815716/ Thanks.
  11. Good morning Maurice. I ran a Threat Scan which ended without a BSOD However, it found C:\WINDOWS\MBDEF.exe as Spyware Zbot.VXGen. I imagined it was from one of the tools I've been running since it showed up in my system the 16th of this month when I downloaded mbam-check. I tried to ignored it to look for advice here and to send it to VT to know more about it, but MBAM quarentined it anyways through Malware Protection when I was looking for its properties to get more info about it. Now what ? Many thanks. MBAM ThreatScan.txt
  12. Ok. I let you know. What else ? Do I run again a threat scan or you want me to run another tool before we try MBAM ?
  13. Attached JRT report. Sorry for my English. I meant that CTFMON was removed from startup program list. It does not start automatically anymore. It is not in Processes in Task Manager. Well... I just hope I do not have any use for those DeLL files. I do not have the slightest idea what they were for. c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK files are use for digital imaging in Photografy. JRT besides deleting my preference for FF, It also deleted wininit.ini. This is the first time I have run JRT that this particular file is found and deleted. Could not find any concrete info on the file. A ot of info on WININIT.EXE but not .ini. Waiting for more instructions. Thanks Maurice. JRT.txt
  14. Thanks Maurice. Attached CombFix log. For some reazon it decided to eliminate CTFMON.exe from start up when booting. Also replaced my original host file ( it has instructions on how to make changes in it ) to plain 127.0.01 LocalHost. I am concerned it deleted some DeLL folders in System32\drivers. Hope they are not necessary. After the ComboFix finnished and I rebooted, 10 min later the sys BSOD with: IRQL_NOT_LESS_OR_EQUAL 0X0000000A (0X415EE84D, 0X000000OC, 0X00000000, 0X805023B3) No dump though. I rebooted again and now it is behaving fine. May be it did not like to be poked around I'll wait for you to tell me to try another Threat Scan after you check the logs. Thanks again for the help. ComboFix.txt
  15. Hi Maurice. With regards to MBAM update and another scan. Yes. My db is 2014.10.19.5 and I ran others Thread scans after chkdsk and memtest. I also ran a scan in safe mode. All of them ended in BSOD during heuristic scan. Same 0x00000077 but different 4th parameter. I have Minidump and a full memory dump if you want them. I located prefs.js I had to zip it for attacment. also attached is minidump. The MEMORY.DMP is to big ( 581 MB ) prefs.rar IROC9555 Minidump.rar