Jump to content

Effectdll.dll Infected

GruntWorker
 Share

Recommended Posts

  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Hello again. No need to run another MBAR scan. It's discarding those results. The real question is why is the file being detected. I'd like to get a look at the original file.

Delete this folder if it still exists:

C:\ProgramData\Malwarebytes' Anti-Malware (portable)

 

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/beta/SystemLook/SystemLook_x64.exe
http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe

Double-click SystemLook_x64.exe to run it.
Copy the info below and paste it into the main text field(don't miss the colon : in front of :filefind)


:filefind
EffectDLL.dll


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan.

Once that is run a log will be created and presented to the monitor and saved to the desktop, attach it in your next reply.
Please save using the default Notepad format.

 

 

Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Self-protection is still enabled.
 

 

Chameleon:    4 (The service is running.)

 

    EarlyStartSelfProtection:                                  true
    SelfProtection:                                            true

 

 

Please **disable** self-protection as requested and then restart the computer.

 

To disable self-protection:

  1. Go to Settings in the top navigation
  2. Go to Advanced Settings
  3. Uncheck Enable self-protection module
Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Ok, according to the logs, self-protection is now disabled, but mbamchameleon is still running. Do this next, with MBAR

 

•Please run Malwarebytes Anti-Rootkit (MBAR), but we need to run it a special way. Open the \mbar folder, then hold the right shift key and right click a blank space in the folder.

•Select "open command window here"

•In the black command prompt box, type in the following and press Enter:
mbar.exe /r

(note - there is a space between mbar.exe and /r)

•You should see a small message box indicating the protection driver was removed. Please confirm.
 It's possible you may need to run mbar.exe /r more than once to complete this task.

 

Restart your computer.

 

Run mbam-check once more and send the new log.

Thanks!

 

 

Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

OK, now I'd like you to copy a couple of those files in MBAM's programdata directory as shown in your earlier screenshot.

 

Like these:

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\EffectDLL.dll-r.mbam

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\effectDLL.dll-k.mbam

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\effectDLL.dll-k.mbam-k.mbam

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\EffectDLL.dll-u.mbam-k.mbam-r.mbam

 

Zip them up and attach them in reply.

You can delete the rest if they still exist. Also, you can now delete this folder:

 

C:\ProgramData\Malwarebytes' Anti-Malware (portable)

Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Ok, these are copies of a file that the rootkit scanner makes sometimes during examination, in this case an ASUS file. I'm not sure why MBAM/MBAR are detecting these, and using SystemLook, we didn't find that file on your system anywhere.

 

Let's try this once more. Run SystemLook again, using this code

 

:filefind

EffectDLL.*

 

 

Double-click SystemLook_x64.exe to run it.
Copy the info below and paste it into the main text field(don't miss the colon : in front of :filefind)


:filefind
EffectDLL.*


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan.

Once that is run a log will be created and presented to the monitor and saved to the desktop, attach it in your next reply.
Please save using the default Notepad format.

 

Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

OK, so nothing there but the Recent Windows history and the rar file you made.

 

Try running MBAR again. Be sure to update it's database. See if the EffectDLL.dll still detected during the scan. Send the new system-log.txt after the scan is done and you've exited MBAR.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.