Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I still have the FBI thing on this machine?


  • Please log in to reply
3 replies to this topic

#1 MB Steve

MB Steve

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 18 October 2012 - 11:27 AM

I ran the EMSI scan in safe mode twice, both times my computer turned off, somewhere in the middle of step 4, in the Windows folders.. it had already found the ctfmon file, as expected, but nothing else.. I moved and renamed the cftmon file manually, so I'm back on the machine, but I know the REAL file is still lurking out there, somewhere..

a big thanks to everyone who is sharing their knowledge here..

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Quote

Quote

  • Banned
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 AM

Posted 18 October 2012 - 12:37 PM

Hello and welcome to BC!

Pleas download and install Malwarebytes' Anti-Malware. When you started the program chek for updates and run a quick scan. Post the logfile in your next reply. Include also your EMSI Scan logfile in the next reply.

In your next reply I want this logfiles:
  • Malwarebytes' Anti-Malware
  • EMSI Scan
I wait for your reply.

#3 MB Steve

MB Steve
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 18 October 2012 - 05:29 PM

thank you, Quote.. here's the log to the EMSI.. I re-ran it.. not the total complete scan, the one before that.. still took an hour and a half, found nothing:

Emsisoft Emergency Kit - Version 2.0
Last update: 10/18/2012 10:59:00 AM

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\
Scan archives: Off
ADS Scan: On

Scan start: 10/18/2012 01:46:58 PM


Scanned 588223
Found 0

Scan end: 10/18/2012 02:56:21 PM
Scan time: 1:09:23


then I ran the Malwarebyte app.. it found another ctfmon file, in another Temp folder, also with a problem.. and another issue, but I'm guessing that it is not related:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.18.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Steven :: STEVEN-PC [administrator]

10/18/2012 05:23:04 PM
mbam-log-2012-10-18 (17-23-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208411
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Steven\AppData\Local\Temp\GiantSavings.exe (PUP.GamePlayLabs) -> No action taken.
C:\Users\Steven\AppData\Local\Temp\Dealio.exe (PUP.Dealio.TB) -> No action taken.
C:\Users\Steven\Downloads\winrar setup.exe (PUP.AdBundle) -> No action taken.
C:\Users\Steven\AppData\Local\Temp\ctfmon.dll (Trojan.Phex.Tgen) -> Quarantined and deleted successfully.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.

(end)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:15 PM

Posted 18 October 2012 - 05:30 PM

Malwarebytes was successful in removing the FBI rogue.Lets run some more scans

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users