Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe and winlogon.exe no description in taskmgr no malware detected...


  • Please log in to reply
3 replies to this topic

#1 Windows_Usr

Windows_Usr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 March 2015 - 09:22 AM

Hey folks, 
 
I have tried to get help on other forums to no avail.  No one replied, but I am hoping this forum is better.  So I have removed many pieces of malware using MBAM and junkware removal tool, however, there are still a few sneaky looking things in my task manager, I have googled them and come back with things like PANIC!! YOU ARE UNDER ATTACK FROM KIM JANG UN!!  I know this may not be as serious as all that, nonetheless my machine is using half of its ram at 1% cpu.  There's definitely something up.  So if you have anything to offer as far as advice / help, I would be eternally grateful.  
 
I have run MBAM scans and MBAR scans as well as AVG (useless) and junk ware removal tool and adwcleaner, all of these seem to be coming back clean.  Please help?!

Edited by Queen-Evie, 29 March 2015 - 09:38 AM.
moved from Windows 7 to the appropiate forum


BC AdBot (Login to Remove)

 


#2 Windows_Usr

Windows_Usr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 March 2015 - 09:41 AM

Also, I just noticed my browser is being hijacked as well so... there's that.



#3 Windows_Usr

Windows_Usr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 March 2015 - 11:33 AM

Here's the log from JRT, not sure if I'm supposed to post it here but maybe it will be of use? 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joe on Sun 03/29/2015 at 12:12:03.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    BluetoothS    REG_EXPAND_SZ    rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
 
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/29/2015 at 12:26:14.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 Windows_Usr

Windows_Usr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 30 March 2015 - 03:43 PM

Update:

 

 

Atieclxx and atiesrxx are in my task manager when they have never been there before.  I am infected and it is beyond my ability to remove this junk.  My anti virus applications are not detecting or removing the threat.  Please help!

 

Also I ran an md5 checksum on these and it does not match any official copies I have found online.  


Edited by Windows_Usr, 30 March 2015 - 03:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users