Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer suddenly restarts & more


  • Please log in to reply
2 replies to this topic

#1 CRussum

CRussum

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 17 November 2015 - 05:50 PM

Thanks in advance for the time and effort you folks put into this forum!

 

Windows 7 based desktop that is used by multiple people.  For the last couple of weeks, the computer has suddenly restarted after showing a blue screen of death with a memory error (sorry don't remember the error code).  At times the browsers (Chrome & IE 11) have also refused to work by not loading or not connecting.  In general, we are not able to keep the machine running without it restarting multiple times a day and certain programs are working less consistently.

 

Have run Malware Bytes every/every other day and some days it comes up clean and others it has not.  Trojan.Miuref, Backdoor.bot, Rootkit.Fileless.MTGen are a couple of issue that have been found. 

 

Have run MSE and it found some of the same programs.

 

11/3/15 MBAM log:

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2015/11/03 11:51:49 -0700</date><logfile>mbam-log-2015-11-03 (11-51-47).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.2.0.1024</version><malware-database>v2015.11.03.06</malware-database><rootkit-database>v2015.10.28.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>ELEVATIONSALES2</hostname><ip>10.1.10.22</ip><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Elevation Sales 2</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>331883</objects><time>707</time><processes>0</processes><modules>3</modules><keys>0</keys><values>4</values><datas>0</datas><folders>0</folders><files>3</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>warn</pup><pum>enabled</pum></options><items><module><path>C:\Users\Elevation Sales 2\AppData\Local\Uvbxmedia\msxEnum.dll</path><vendor>Trojan.Miuref</vendor><action>delete-on-reboot</action><hash>e1c1f683b0db8fa77f2b2772df226f91</hash></module><module><path>C:\Users\Elevation Sales 2\AppData\Local\Uvbxmedia\msxEnum.dll</path><vendor>Trojan.Miuref</vendor><action>delete-on-reboot</action><hash>e1c1f683b0db8fa77f2b2772df226f91</hash></module><module><path>C:\Users\Elevation Sales 2\AppData\Local\Uvbxmedia\msxEnum.dll</path><vendor>Trojan.Miuref</vendor><action>delete-on-reboot</action><hash>e1c1f683b0db8fa77f2b2772df226f91</hash></module><value><path>HKU\S-1-5-21-139741244-3834428195-1143620282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Uvbxmedia</valuename><vendor>Trojan.Miuref</vendor><action>success</action><valuedata>regsvr32.exe "C:\Users\Elevation Sales 2\AppData\Local\Uvbxmedia\msxEnum.dll"</valuedata><hash>e1c1f683b0db8fa77f2b2772df226f91</hash></value><value><path>HKU\S-1-5-21-139741244-3834428195-1143620282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Osgmics</valuename><vendor>Backdoor.Bot</vendor><action>success</action><valuedata>C:\Users\Elevation Sales 2\AppData\Local\Osgmics\9423562.exe</valuedata><hash>059d2e4b4a41e05643164f4bef129070</hash></value><value><path>HKU\S-1-5-21-139741244-3834428195-1143620282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>^58026dde</valuename><vendor>Rootkit.Fileless.MTGen</vendor><action>success</action><valuedata/><hash>158dceab7d0e81b56f33d96eb251b44c</hash></value><value><path>HKU\S-1-5-21-139741244-3834428195-1143620282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>^ea68ecf1</valuename><vendor>Rootkit.Fileless.MTGen</vendor><action>success</action><valuedata/><hash>91116e0bc1cada5c9b07e364c73c9e62</hash></value><file><path>C:\Users\Elevation Sales 2\AppData\Local\Uvbxmedia\msxEnum.dll</path><vendor>Trojan.Miuref</vendor><action>delete-on-reboot</action><hash>e1c1f683b0db8fa77f2b2772df226f91</hash></file><file><path>C:\Users\Elevation Sales 2\AppData\Local\Osgmics\9423562.exe</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>059d2e4b4a41e05643164f4bef129070</hash></file><file><path>C:\Users\Elevation Sales 2\AppData\Local\Temp\9423562.exe</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>abf724551a71d4623a1f87137f82f30d</hash></file></items></mbam-log>

 

Newer MBAM log from 11/17/15:

 

 

 

 

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2015/11/17 14:52:52 -0700</date><logfile>mbam-log-2015-11-17 (14-52-40).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.2.0.1024</version><malware-database>v2015.11.17.07</malware-database><rootkit-database>v2015.11.14.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><hostname>ELEVATIONSALES2</hostname><ip>10.1.10.22</ip><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Elevation Sales 2</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>335531</objects><time>962</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>warn</pup><pum>enabled</pum></options><items> </items></mbam-log>

 

Thanks again!

 

 



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:06 PM

Posted 17 November 2015 - 06:31 PM

Hi CRussem,

 

Please follow this preparation guide to request assitance, so you can get the best help for your issue.

 

Regards

 

TsVk!



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:06 PM

Posted 17 November 2015 - 06:35 PM

Important

 

I highly recommend you change your important passwords (banking, paypal, primary email, etc) from another secure computer and refrain from using these on your problem machine until your issue is resolved.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users