Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Causing High bandwidth usage


  • This topic is locked This topic is locked
5 replies to this topic

#1 Shinkon_Nakami

Shinkon_Nakami

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 September 2014 - 07:01 AM

One of my clients have reported Popups, we instructed how to removed, then they get a extreme high usage Bill 300% over. This afternoon we have tracked it down to one PC by installing a lightweight Network bandwidth which showed in a minute 20 MB downloaded and continues to go up. under task manager Found iexplorer.exe high memory usage. Ran Adwcleaner which found some PUP but same problem, malwarebytes same thing. booted to safe mode with networking same problem. Removed Internet explorer 11 from add and remove features, now instead of Iexplorer.exe is it under it is under Explorer.exe. If you try to close the problem process fixes the problem for few seconds but starts backup. We can gone through Auto runs (all tabs) nothings out of the ordinary, failing all this we have ran combofix on the infected computer this found MBR infection but unfortunately after a restart same problem. Tomorrow i will be clearing the java cache and running MBAM Rootkit tool time and access is not a luxury if we cant solve problem by afternoon we will have to reinstall makes this worse only access is remotely. 

 

Any advise would be fantastic 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 15 September 2014 - 07:09 AM

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Shinkon_Nakami

Shinkon_Nakami
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 September 2014 - 07:38 AM

Surely will

 

Have you had this one before



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 15 September 2014 - 08:47 AM

Without seeing a log I cannot say what infection this is exactly.
But chances are high that I've seen this one before. The symptoms sound familiar.
As soon as you post the logs from TDSSKiller and FRST here we know more.

Edited by aharonov, 15 September 2014 - 08:48 AM.


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 19 September 2014 - 03:38 PM

I haven't heard from you for some time.
Do you still need help?

#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 29 September 2014 - 09:19 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users