Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential rootkit infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 Mayank_108

Mayank_108

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 August 2015 - 04:17 AM

I suspect that my PC has a rootkit. I tried scanning it with a BitDefender Live CD and it did found a few files(trojans, i suppose). It deleted them and the subsequent scans came out to be clean but I still have a nagging doubt in my mind.

FARBAR Scan logs:​

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Mayank Singh (administrator) on DESKTOP-ET8UQ75 (17-08-2015 14:41:54)
Running from C:\Users\Mayank Singh\Downloads
Loaded Profiles: Mayank Singh (Available Profiles: Mayank Singh)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1783844352-1617344357-2516838954-1001\...\Run: [OneDrive] => C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-17] (Microsoft Corporation)
HKU\S-1-5-21-1783844352-1617344357-2516838954-1001\...\RunOnce: [Uninstall C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1783844352-1617344357-2516838954-1001\...\RunOnce: [Uninstall C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mayank Singh\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1783844352-1617344357-2516838954-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1783844352-1617344357-2516838954-1001] => 10.3.100.207:8080
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1783844352-1617344357-2516838954-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
Tcpip\Parameters: [DhcpNameServer] 144.16.192.55 144.16.192.1
Tcpip\..\Interfaces\{c0c69e68-9b97-48a4-96f0-d131f611b5db}: [DhcpNameServer] 144.16.192.55 144.16.192.1
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-10] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [149504 2015-07-10] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [956928 2015-07-10] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1202176 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [924672 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-07-10] (Qualcomm Atheros Communications, Inc.)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [45056 2015-07-10] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
U3 afxdqpob; C:\Users\Mayank Singh\AppData\Local\Temp\afxdqpob.sys [56496 2015-08-17] (GMER) [File not signed]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 22:03 - 2015-08-17 08:40 - 00000000 ____D C:\Windows\Panther
2015-08-17 14:41 - 2015-08-17 14:42 - 00011262 _____ C:\Users\Mayank Singh\Downloads\FRST.txt
2015-08-17 14:40 - 2015-08-17 14:41 - 00000000 ____D C:\FRST
2015-08-17 14:40 - 2015-08-17 14:40 - 02173440 _____ (Farbar) C:\Users\Mayank Singh\Downloads\FRST64.exe
2015-08-17 14:27 - 2015-08-17 14:27 - 00016148 _____ C:\Windows\system32\DESKTOP-ET8UQ75_Mayank Singh_HistoryPrediction.bin
2015-08-17 14:26 - 2015-08-17 14:26 - 346430565 _____ C:\Windows\MEMORY.DMP
2015-08-17 14:26 - 2015-08-17 14:26 - 00281008 _____ C:\Windows\Minidump\081715-18515-01.dmp
2015-08-17 14:26 - 2015-08-17 14:26 - 00000000 ____D C:\Windows\Minidump
2015-08-17 14:24 - 2015-08-17 14:24 - 00380416 _____ C:\Users\Mayank Singh\Downloads\k17s14fw.exe
2015-08-17 09:02 - 2015-08-17 09:02 - 03990528 _____ C:\Users\Mayank Singh\Downloads\stickifier.exe
2015-08-17 08:57 - 2015-08-17 08:57 - 00001051 _____ C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-08-17 08:48 - 2015-08-17 08:48 - 00000000 ____D C:\Users\Mayank Singh\AppData\Roaming\Macromedia
2015-08-17 08:46 - 2015-08-17 09:02 - 666894336 _____ C:\Users\Mayank Singh\Downloads\bitdefender-rescue-cd.iso
2015-08-17 08:45 - 2015-08-17 08:45 - 00000000 ____D C:\Users\Mayank Singh\AppData\Local\MicrosoftEdge
2015-08-17 08:43 - 2015-08-17 14:31 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-17 08:43 - 2015-08-17 14:28 - 00002359 _____ C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-17 08:43 - 2015-08-17 14:28 - 00000000 ___RD C:\Users\Mayank Singh\OneDrive
2015-08-17 08:43 - 2015-08-17 08:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-17 08:42 - 2015-08-17 08:42 - 00000000 ____D C:\Users\Mayank Singh\AppData\Local\Publishers
2015-08-17 08:41 - 2015-08-17 13:46 - 00000000 ____D C:\Users\Mayank Singh
2015-08-17 08:41 - 2015-08-17 08:59 - 00000000 ____D C:\Users\Mayank Singh\AppData\Local\Packages
2015-08-17 08:41 - 2015-08-17 08:41 - 00016148 _____ C:\Windows\system32\DESKTOP-ET8UQ75_defaultuser0_HistoryPrediction.bin
2015-08-17 08:41 - 2015-08-17 08:41 - 00000020 ___SH C:\Users\Mayank Singh\ntuser.ini
2015-08-17 08:41 - 2015-08-17 08:41 - 00000000 ___RD C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 08:41 - 2015-08-17 08:41 - 00000000 ____D C:\Windows\CSC
2015-08-17 08:41 - 2015-08-17 08:41 - 00000000 ____D C:\Users\Mayank Singh\AppData\Roaming\Adobe
2015-08-17 08:41 - 2015-08-17 08:41 - 00000000 ____D C:\Users\Mayank Singh\AppData\Local\VirtualStore
2015-08-17 08:41 - 2015-08-17 08:41 - 00000000 ____D C:\Users\Mayank Singh\AppData\Local\TileDataLayer
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 __RSD C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ____D C:\Users\Mayank Singh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-17 08:38 - 2015-08-17 08:38 - 00000000 __SHD C:\Recovery
2015-08-17 08:36 - 2015-07-10 16:29 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-08-17 08:34 - 2015-08-17 08:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-17 08:33 - 2015-08-17 08:33 - 00000398 _____ C:\Windows\PFRO.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 22:03 - 2015-07-10 16:34 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-08-17 14:41 - 2015-07-10 17:52 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-08-17 14:28 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\system32\sru
2015-08-17 14:26 - 2015-07-10 17:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 14:01 - 2015-07-10 16:25 - 00000000 ____D C:\Windows\CbsTemp
2015-08-17 09:28 - 2015-07-10 14:35 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-08-17 09:10 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\AppReadiness
2015-08-17 08:44 - 2015-07-10 17:50 - 00011419 _____ C:\Windows\setupact.log
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Windows\PrintDialog
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Windows\MiracastView
2015-08-17 08:41 - 2015-07-10 16:34 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-17 08:40 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\rescache
2015-08-17 08:37 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-17 08:36 - 2015-07-10 16:35 - 00002133 _____ C:\Windows\DtcInstall.log
2015-08-17 08:36 - 2015-07-10 16:34 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-17 08:36 - 2015-07-10 14:35 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-17 08:33 - 2015-07-10 14:35 - 00000000 __RHD C:\Users\Default
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-08-17 08:33
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:54 PM

Posted 18 August 2015 - 05:50 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to consult with my instructor and I will be back with more information.

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:54 PM

Posted 18 August 2015 - 01:02 PM

Hi there :)

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

Your logs did not show anything pointing to a rootkit. Is there anything that made you suspect a rootkit infection?

There is a proxy set on Internet Explorer - did you set it yourself? If not, we will remove it.

Let me know your answers.

Regards,
Alex

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:54 PM

Posted 22 August 2015 - 03:54 AM

Hi there,

Are you still with me? It's been three days since my last post.

Regards,
Alex

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,625 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:54 PM

Posted 24 August 2015 - 07:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users