Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disaster strikes!


  • This topic is locked This topic is locked
10 replies to this topic

#1 JohnnyBravo_666

JohnnyBravo_666

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 02 April 2014 - 03:22 AM

Hi there, folk!

Recently I got this strange thing in my computer. I use Avast antivirus and suddenly it was faulty.

A couple of days later I could restablish it, but I got a message from Windows that I should get an antivirus and start windows defender. The next thing I got was my malwarebytes-antimalware. Suddenly it stopped working. If I try to install it, I get an error message "0" and "404". Thats valid for any kind of application that has something to do with security. I cannot access my hardware, I am not allewed to see the processes in my computer. The only thing I want to know is what kind of rootkit am I facing here?

thanks in advance

 JB



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 02 April 2014 - 06:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 JohnnyBravo_666

JohnnyBravo_666
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 03 April 2014 - 03:14 AM

Hi- TB-Psychotic

First of all, thanks for your help.

This is to inform you that due to my lack of time, I will not to be able to answer you as soon as you wish. Pls. do not drop me.I will send you the logs you require, but that will take a few days.

 

Best regards

JB



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 03 April 2014 - 04:44 AM

OK!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 JohnnyBravo_666

JohnnyBravo_666
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 04 April 2014 - 02:58 AM

Hi again TB-Psychotic!
Well, I managed to carry on the checking of my machine. But first I want to point out a couple of things:
1) Sometimes, when I boot my computer, I got a BSOD (Irq nor less or equal), strangely related to Malwarebytes(?).
2) The system keeps downloading a single update (I think it is something with the DCOM server)
3) Is it wise to keep the computer connected to the Internet while you try to repair it?

 

 

Best regards

JB

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 04 April 2014 - 03:27 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 JohnnyBravo_666

JohnnyBravo_666
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 04 April 2014 - 05:57 AM

Sorry to bother you...

I am helping a friend with his computer (he can not speak english), that is why I do not have so much time...

As for the pirated software you refer to, I apologize on behalf of my friend. I would like to know exactly which programs we should

delete from the system, so this will not happen again and we can continue with the process.

Once again sorry

 

Best regards

JB



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 04 April 2014 - 05:59 AM

It looks like the whole windows and the office software are cracked.

Have a chat with your friend and ask him if this a paid or an illegal version. ;)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 JohnnyBravo_666

JohnnyBravo_666
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 04 April 2014 - 06:08 AM

Oh my!

He says that other people helped him to install the system  in the computer... It seems that we have an issue here:(



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 04 April 2014 - 06:25 AM

If you want detailed information, I could tell you the entries that mention we have a pirated copy here.

When this issue is fixed, I´ll certainly provide more assistance.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 09 April 2014 - 03:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users