Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 22 Posts

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hello Veirdonis,

Who advised you to run Combofix? Are or were you being helped at another forum?

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

· Registered
Joined
·
26 Posts
Discussion Starter · #4 ·
No, I wasn't getting help on this issue before. On other issues it was normal for the second post to request a combofix.

Many odd occurrences have started happening. Can't use down arrow, backspace, or delete keys. iexplore.exe starts running in the background 4 instances at a time and will one or two of them will be among the highest usage of memory. Had a malware warning from chrome. Google searches will sometimes redirect to ad sites.

In short, it's pretty obvious something is seriously attacking my system.
 

Attachments

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

While you may see Combofix typically being run in these threads, we are not running it without having first seen initial diagnostic scans and knowing what infection is onboard, and what we expect ComboFix to remove. :wink:

Also, while you may see ComboFix being used quite often without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Going forward, I highly recommend you heed such instructions. As explained in Post 2 of our pre-posting topic...

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.
Let's continue and run more diagnostics to try to root out the source. Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
 

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Ok, let's get a look without Windows being loaded. Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

Download the attached fixlist.txt and save it to the same flash drive where FRST64.exe is located.

Same as before, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter language, keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in the following and press Enter.
    H:\frst64.exe
  • The tool will start to run.
  • When the tool opens click the Fix button just once, and wait.
  • When it has completed, exit the Command prompt and restart the computer.

The tool will have saved a log on the flash drive named Fix.txt. Please post that in your next reply.
 

Attachments

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

How is the machine behaving now? What symptoms remain?
 

· Registered
Joined
·
26 Posts
Discussion Starter · #12 ·
Just ran a quickscan of Malwarebytes anti-malware, log attached.

I am having some program giving errors about programs missing components, (driver software, java), I have 4 iexplores running in the background (with the most intensive of which using 250,000k memory), I keep having a "dial-up connection" error pop-up under different process names (if I end the process the error will come up under a different process) and when I plug in my flash drive I will get another "no disk error" (both are viewable in the attached .png). On the good side, all of my keys are working now and nothing else seems amiss.
 

Attachments

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

Please run a scan with mbar.exe instead of mbam.

Send me the log when it has completed.
 

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

Please repeat the previous procedure for running a scan with FRST and send me the fresh log.
 

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

I'm not finding the loading point. Please run frst.exe again, and this time uncheck the box next to 'white list known .dll's'

Post the frst.txt when it has completed.
 

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
Hi Veirdonis,

Run ComboFix.exe again.

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
1 - 20 of 22 Posts
Status
Not open for further replies.
Top