Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HackTool.RootKit


  • This topic is locked This topic is locked
18 replies to this topic

#1 ElDopeSan

ElDopeSan

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 19 May 2014 - 09:44 AM

Hello, i heard i could get some helpful information to fix my computer! Or even an guide to do it!
Like an week ago my computer was infected by a virus called HackTool.RootKit, my anti virus warned me about it three times [avg2014internet security] i clicked protect me, but still after ten minutes of surfing the web my computer shutted down, it like rebooted itself, when i typed in the user password, everything was so slow i couldn't even open an simple notepad folder it took forever. Now im on safemode trying everything to fix it, even system restore didn't work, please help!


Edited by hamluis, 19 May 2014 - 09:48 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 19 May 2014 - 11:51 AM

Boot into Safe Mode with Networking and do the following.

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 06:44 AM

These are the EsnetScan log files-
C:\games\CS1.6v44\sHoLe v2.0 EXE FIXER\sHoLe v2.0.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
C:\Users\Administrative\Desktop\Some bleep ;D\Games\CS.16\11_Bunnyhop__css_v.rar a variant of Win32/GameHack.FQ potentially unsafe application deleted - quarantined
C:\Users\Guest\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 Win32/Somoto.A potentially unwanted application deleted - quarantined
C:\Users\Sandra\AppData\Roaming\searchya\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.O potentially unwanted application deleted - quarantined
C:\Users\Sandra\Desktop\cs bhop hack by ProCSHacks\sHoLe v2.0 cfg\sHoLe cfg\sHoLe v2.0 AIMBOT [CFG] NG [EAC,VAC] W100%\sHoLe v2.0 AIMBOT [CFG] NG [EAC,PZ] W100%\sHoLe v2.0 EXE FIXER\sHoLe v2.0.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
C:\Users\Sandra\Documents\Games'n bleep\sHoLe v2.0 AIMBOT [CFG] NG [EAC,PZ] W100%\sHoLe v2.0 EXE FIXER\sHoLe v2.0.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
C:\Users\Sandra\Downloads\ccsetup413pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Sandra\Downloads\sHoLe v2.0 cfg\sHoLe cfg\sHoLe v2.0 AIMBOT [CFG] NG [EAC,VAC] W100%\sHoLe v2.0 AIMBOT [CFG] NG [EAC,PZ] W100%\sHoLe v2.0 EXE FIXER\sHoLe v2.0.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
C:\Users\Sandra\roatpkzv5\roatpkzv5.zip a variant of Java/JShrink.A potentially unsafe application deleted - quarantined
C:\Users\Sandra\roatpkzv5\Data\Sprites\JFrame\WorldMap\WorldMap.jar a variant of Java/JShrink.A potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe Win32/HackTool.Crack.BC potentially unsafe application deleted - quarantined
D:\My Documents\Splinter Cell Conviction Crack SKIDROW.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
D:\My Documents\2013-04-18\Desktop\Sp?les\Cs 1.6, GTA SA\sHoLe v2.0 cfg\sHoLe cfg\sHoLe v2.0 AIMBOT [CFG] NG [EAC,VAC] W100%\sHoLe v2.0 AIMBOT [CFG] NG [EAC,PZ] W100%\sHoLe v2.0 EXE FIXER\sHoLe v2.0.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
D:\System Volume Information\_restore{2111A213-0B96-407A-83C7-8FA446BE99D8}\RP20\A0005339.exe a variant of Win32/GameHack.BB potentially unsafe application deleted - quarantined
D:\System Volume Information\_restore{2111A213-0B96-407A-83C7-8FA446BE99D8}\RP91\A0060360.exe Win32/HackTool.Crack.BC potentially unsafe application deleted - quarantined
D:\System Volume Information\_restore{2111A213-0B96-407A-83C7-8FA446BE99D8}\RP94\A0062285.exe Win32/HackTool.Crack.BC potentially unsafe application deleted - quarantined
 
Unable to access quarantine information: Error code 20001=============================================================
Malwarebytes won't let me see!

http://gyazo.com/47e1517f4ea531292f867b8b0c9bace0             It's an gif, thats the best i could do trough safe mode.

Edited by ElDopeSan, 20 May 2014 - 06:45 AM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 08:10 AM

What about the Malwarebytes log?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 08:15 AM

It's in the gayzo gif cause when i scrolled down to the bottom all i saw was this - 

Unable to access quarantine information: Error code 20001=============================================================


Edited by ElDopeSan, 20 May 2014 - 08:22 AM.


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 08:27 AM

 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time run Malwarebytes again
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run succefully you should reboot the computer to restore the processes and Windows Registry entries. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 09:06 AM

I did all that, i logined in my user account it was quite faster, but  the screen is black, i only see how  i'm moving my mouse.
I waited for twenty minutes nothing changed, and i rebooted in safe- mode, and here i am!


Edited by ElDopeSan, 20 May 2014 - 09:07 AM.


#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 09:27 AM

You ran RKill and then Malwarebytes?

 

Did you restart the computer after running these two programs?

 

If you ran both of these programs there should be a log for each of them.  Please post these.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 09:38 AM

Yes, i did!

 

Here are the Rkill logs-

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/20/2014 04:42:48 PM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * ALERT: ZEROACCESS Reparse Point/Junction found!
 
     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MsMpRes.dll => c:\windows\system32\config [File]
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * WinDefend (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/20/2014 04:43:14 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
 
The malwarebytes didn't find any harmfull files or malwares.


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 10:19 AM

I want to see the Malwarebytes log.  Telling me that it didn't find anything just doesn't work for me.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 10:28 AM

What do i paste in then? When i scroll down to the Quarantined files theres just =============================== and thats it.



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 10:38 AM

Use the method below to open the log.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 10:41 AM

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0205726244.quar                         File Size: 20013776  BYTES FileVersion:  N/A            MD5: [e470ede0bcf2318e636a1e11278a132f]
0282775052.quar                         File Size: 17335648  BYTES FileVersion:  N/A            MD5: [2e34291bec040b5b7886d6f97527260d]
2509600312.quar                         File Size: 11454656  BYTES FileVersion:  N/A            MD5: [645664dcaba91343aee7adb4db7a00cb]
2710577686.quar                         File Size: 1194      BYTES FileVersion:  N/A            MD5: [2f46c7315e634a480a91e1d3e25de543]
3482040668.quar                         File Size: 10353064  BYTES FileVersion:  N/A            MD5: [014e33a33be1c1cd8783d1fa6b2a5719]
4223191752.quar                         File Size: 260       BYTES FileVersion:  N/A            MD5: [900215f7525a5b2d4d32338977c315d8]
6204295349.quar                         File Size: 28        BYTES FileVersion:  N/A            MD5: [3523014da9ff0ecdc9f7af6fc198f56b]
6497217785.quar                         File Size: 694       BYTES FileVersion:  N/A            MD5: [b4b268186bda81c93551c9b0d3b675d5]
6600149390.quar                         File Size: 254       BYTES FileVersion:  N/A            MD5: [d8f441804857c4e13d86f8f434e44b27]
6704187703.quar                         File Size: 2488      BYTES FileVersion:  N/A            MD5: [5168ebca5c095b0340d4f53b1e9f7614]
6872345895.quar                         File Size: 498       BYTES FileVersion:  N/A            MD5: [d28c74eac33c5e01fafee9d35d153d83]
6931108270.quar                         File Size: 704       BYTES FileVersion:  N/A            MD5: [dfd466f0819b5e0ab15fa6bcc25cdf18]
6996140312.quar                         File Size: 652       BYTES FileVersion:  N/A            MD5: [9b20f9f58ddca0584e86b407c93e5a07]
8497767549.quar                         File Size: 400       BYTES FileVersion:  N/A            MD5: [9e9d426ec8b0b408d0d4b9a3d5f4b418]
9342472459.quar                         File Size: 1190      BYTES FileVersion:  N/A            MD5: [ad739b238d5a17becf2111f1b090e7ff]
9733521683.quar                         File Size: 474       BYTES FileVersion:  N/A            MD5: [4ecb94eece8db215e98b58f6a2df8437]
9815045318.quar                         File Size: 496       BYTES FileVersion:  N/A            MD5: [ee6e739056d5ab1a884bef52db1ca956]
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE
 
Thats all there is!


#14 ElDopeSan

ElDopeSan
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 20 May 2014 - 10:44 AM

These are the Quarantined files from the last few scans!

 

http://gyazo.com/b7ae83f6c34efb21be942126078893ad

 

http://gyazo.com/20dc82722d0bb09bbc8a853feb504bc7



#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 PM

Posted 20 May 2014 - 10:54 AM

You are infected with Zero Access, ZA's a backdoor and has rootkit roots.

 

There are tools which cannot be used in this forum which will be needed to clean your computer.  For this reason you will need to open another topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.
 
Before posting your topic there you will need to read and follow the instructions in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.
 
This forum is always busy, for this reason it may take a couple of days before a member of the Malware Removal Team will be able to get to your topic.  Do not add anything once you have posted your log.  The Malware Removal Team members look for topics which have not been addressed, if you post any additional information it will make it appear that the topic is being addressed.
 
After you have posted your new topic a Moderator will close this topic.  If after cleaning the infection it is determined that you have a software or hardware issue you can contact a Moderator to have your topic reopened. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users