Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am I really clean from a bad infection...

  • Please log in to reply
1 reply to this topic

#1 mlyle11


  • Members
  • 2 posts
  • Gender:Male
  • Location:Central Illinois
  • Local time:01:56 AM

Posted 16 February 2015 - 11:58 AM

Hello all!

Thanks in advance for review and assistance. I will try and make a long story shorter.

Back in October, I was notified by Comcast that my PC was the victim of a "bot" due to the large amount of traffic they detected on my network. The guilty PC is a desktop running 7 premium, was guarded by a premium subscription to Trend Micro, and largely used by kids. It was set up with a separate account for general use. The admin account only access able by me. I don't use it often so when I checked it, it was really slow! I was not worried because of my awesome premium Trend protection. I ran scans... all clear, but internet was crippling slow. I noticed lots of weirdness in task manager, and at the advise of my IT team at work I downloaded Malware Bytes (MB). Yeah... MB went crazy and found 15+ infections on my PC! I then downloaded Avira, it found 2 more. So I disabled Trend, bough premium MB and trial avira. All seemed good for a day or two, then alerts started from MB, something got back in. I went to the MB forums and for about 2 months I fought a very deeply rooted infection, that two length attempts with MB couldn't find. Then I downloaded the Comcast provided Norton 360,  thinking I might as well try another one. Low an behold it found poweliks, and I hoped all was good, but it only lasted for a few days again. For several weeks I had dual alerts from MB and Norton. MB blocking something coming in, Norton something trying to get out. In frustration, I wiped the hard drive with a 9 hour boot and nuke from Darik and a windows reinstall from CD. Sure enough, within a day, MB and Norton started the same routine. Blocking intrusions inbound and outbound. Nothing actually detected in the form of malware or a virus. Just these daily alerts for intrusion. The IT team at work gave me several ideas and I ran multiple different malware and anti-virus variants, all of them indicated my PC was clean.  


I started a forum thread on Norton and about 3 weeks ago someone recommended the ESET poweliks tool. I didn't have much hope as I had ran several other tools and they always found nothing, but the daily alerts from MB and Norton had me freaked out, so why not. BINGO ESET's tool found poweliks and took action. The alerts immediately stopped and have not returned for over 3 weeks. I posted on the Norton form as resolved with many thanks... then I was warned. Still do not trust that machine go to Bleeping and find out if it is really clean.


So there you have it! I don't trust this PC for anything other than kids games. A waste, and maybe I should never trust it again, but my hope are clean bill of health. MB Premium and Norton 360 are actively running, and kids (teenagers of the squirrelist sort!) don't have the admin password.


What can I do to fully trust this machine? The IT team at work says to destroy the hard drive, and donate the PC and start over, that or take it to a local shop that specializes in malware/virus remove. Minimum bill there is $100. I would rather donate that to a new machine! I'm not against getting a new one, and 4 years is pretty old in computer years, but it works just fine other than the past infection.


What say you Bleeping sages?


Thanks again!


BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,569 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:02:56 AM

Posted 23 February 2015 - 02:07 PM

Ok well lets run these and see what may be here.

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users