Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysterious Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 jinaragunlark

jinaragunlark

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 January 2015 - 07:19 PM

Hey guys,
 
So, recently I got an infection on windows 7 (from being stupid). It affected flash content in browsers (as in Twitch.tv would no longer work, pandora would skip about 30-50 seconds at a time) and it stopped my downloads (so if I tried to update steam, games or viral definitions, it stopped them at 50% and deleted the new information.)
 
I did everything I could think of and, having dealt with this sort of thing before, determined it was a rootkit or possibly a bootkit. I switched from 7 to 8.1 to take advantage of the UEFI configuration, just in case this was a bootkit, and it seemed to work pretty well for a while, but now I'm getting the same symptoms (programs cant update; pandora and twitch arent working).
 
I'm currently running Avast, bitdefender and Malwarebytes premium. None of them are picking it up.
 
Does anyone have any ideas as to what I could do and what it is?

Edit: Topic moved from Windows 8 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 22 January 2015 - 07:44 PM

Hello would you please run Rkill and MBAM (Malwarebytes) immediately after that and post back 2 logs.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jinaragunlark

jinaragunlark
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 January 2015 - 07:59 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2015 07:50:28 PM in x64 mode.
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/22/2015 07:52:10 PM
Execution time: 0 hours(s), 1 minute(s), and 42 seconds(s)
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/22/2015
Scan Time: 7:52:24 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.12
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: No

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326262
Time Elapsed: 6 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 22 January 2015 - 08:03 PM

Ok we need a deeper look.. Please repost your 1st post in a new topic.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jinaragunlark

jinaragunlark
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 January 2015 - 08:28 PM

I'm unable to post in the new thread. The connection is being timed out and blocked.



#6 jinaragunlark

jinaragunlark
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 January 2015 - 08:40 PM

And I am now getting the error that my posts are too long in the new topic despite halving and even trying to post 1/3 of the log



#7 jinaragunlark

jinaragunlark
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 22 January 2015 - 08:45 PM

Fixed and posted. It seemed to just be related to the posting size.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 AM

Posted 22 January 2015 - 09:07 PM

Ok good to hear it.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users