Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM finds infection, freezes when scanning


  • Please log in to reply
7 replies to this topic

#1 Rewster

Rewster

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 15 December 2013 - 05:10 PM

I ran a scan last night with MBAM and it found an infected file. But, soon after the entire computer would freeze up, with the audio of whatever I had playing still going. I've been trying my other programs I have installed to find what is causing this, but I haven't been able to find anything at all.

 

MBAM will run a successful Flash scan and find nothing. Running a quick scan causes the computer to lock up very soon after, with nothing found. Full scan will find an infected file, then soon after the computer will lock up.



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:11 AM

Posted 15 December 2013 - 05:39 PM

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 15 December 2013 - 06:03 PM

# AdwCleaner v3.015 - Report created 15/12/2013 at 16:47:49
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Chance - CHANCE-PC
# Running from : C:\Users\Chance\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Chance\AppData\Roaming\Mozilla\Firefox\Profiles\1s40ov7i.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Chance\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1383 octets] - [15/12/2013 16:46:42]
AdwCleaner[S0].txt - [1322 octets] - [15/12/2013 16:47:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1382 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 Pro x64
Ran by Chance on Sun 12/15/2013 at 16:55:18.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/15/2013 at 16:57:46.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Farbar Service Scanner Version: 05-12-2013
Ran by Chance (administrator) on 15-12-2013 at 17:01:52
Running from "C:\Users\Chance\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 07:25] - [2013-08-22 07:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84
 
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-15 15:32] - [2013-10-08 04:13] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A
 
C:\Windows\System32\dnsrslvr.dll
[2013-11-15 15:32] - [2013-10-07 23:48] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9
 
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-12 21:58] - [2013-10-12 15:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D
 
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-15 15:32] - [2013-10-06 20:13] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-15 15:32] - [2013-09-14 03:11] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50
 
C:\Windows\System32\iphlpsvc.dll
[2013-11-15 15:32] - [2013-10-07 22:50] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:11 AM

Posted 15 December 2013 - 06:05 PM

Now try MBAM again

#5 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 15 December 2013 - 08:46 PM

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.15.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Chance :: CHANCE-PC [administrator]
 
Protection: Disabled
 
12/15/2013 5:22:54 PM
mbam-log-2013-12-15 (17-22-54).txt
 
Scan type: Full scan (C:\|D:\|E:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 620397
Time elapsed: 1 hour(s), 11 minute(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Chance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Miner\bfgminer\bfgminer.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
K:\Games\Risk of Rain\39dll.dll (PUP.HackTool.DDoS) -> Quarantined and deleted successfully.
 
(end)


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:11 AM

Posted 15 December 2013 - 08:54 PM

How is the PC now?

#7 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 15 December 2013 - 09:11 PM

Seems fine. Only issue was MBAM causing the computer to lock up. Wasn't sure if I had something to worry about since I know viruses will do that.



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:11 AM

Posted 15 December 2013 - 09:24 PM

keep an eye on it for 24 hours and if anything changes post back.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users