Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware infection.


  • Please log in to reply
13 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 03 March 2016 - 12:03 PM

I have a HP 15F009wm Notebook Pc. Running Win 10 64bit.

So far we have been able to determine it is not data corruption.

 

My resident AV/Windows Defender and Malwarebytes Premium both the scanner and the browser protector. None have found any issue so far. I have also ran FRST, Rkill, and eset online scan nothing found.

 

One thing of note FRST stalled for about 15 seconds first time I ever saw it do that. I have the logs when needed. I tried to run 2 rootkit tools [just in case] Reveal and GMER. Reveal is 32 bit only and kicked me out.

 

GMER tried to run, at first I would get a pop up saying something else was already running but I waited a few seconds and the pop up disappeared and GMER showed  csr something with 3 threads running.

 

I tried to run the scan anyway and it ran for a few seconds then a window popped up saying windows had to shut down, collected some info and rebooted the machine.

 

I tried running GMER 3 times same results.

 

Should I try other specific tools.  While we all run them on our own I know better than try to fix anything without direction.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 03 March 2016 - 01:04 PM

What makes you think that you are infected in the first place?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 03 March 2016 - 03:09 PM

Thank you. Unexplainable.memory useage in task manager sometime 80 t0 90 % but when you add up the individual memory being used it equals far less than the total memory being used.  Something unknown would seem to be useing the extra memory used.

 

Sometimes when opening programs or desk top short cuts instead of just opening I get a drop down menu of options.

Other times I get random menus opening on the desk top in different places like I was rt clicking all over the place and my hands are not on the keyboard.

 

Something turned off Windows Defender and changed its settings. both Malwarebytes have had their settings changed and are no longer running on their regular schedual.

While checking for data corruption I found that something is keeping me from being able to get a copy of the event logs for the BSOD team.  Also the last entry recorded was in January untill I forced an event viewer log.  The log itself now shows a lot of errors.

 

Since it is not corruption that pretty much leaves malware or a specificly designed hack. I am trying to control my paronia.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 03 March 2016 - 03:21 PM

Unexplainable.memory useage in task manager sometime 80 t0 90 % but when you add up the individual memory being used it equals far less than the total memory being used. Something unknown would seem to be useing the extra memory used.


I'll like to get a Speccy snapshot of your computer to see your hardware.

HpLn1DX.pngSpeccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:
  • Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
    Note: You can opt-out the Google Toolbar installation if you want;
  • Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  • After that, click on the File menu in the top left corner, and select Publish Snapshot;
  • A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  • A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to your clipboard, then paste it in your next reply and post it;
Also, how do you add up the memory from individual processes yourself? What are the top 3 processes that takes up the most RAM?

Sometimes when opening programs or desk top short cuts instead of just opening I get a drop down menu of options.
Other times I get random menus opening on the desk top in different places like I was rt clicking all over the place and my hands are not on the keyboard.


Are you using a laptop with touchpad/trackpad? Or a desktop computer?

Something turned off Windows Defender and changed its settings. both Malwarebytes have had their settings changed and are no longer running on their regular schedual.


What settings are we talking about here, only scheduled scans? If not, can you list the settings that were altered?

While checking for data corruption I found that something is keeping me from being able to get a copy of the event logs for the BSOD team. Also the last entry recorded was in January untill I forced an event viewer log. The log itself now shows a lot of errors.


What error are you getting when trying to get the copy of the event log?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 03 March 2016 - 03:58 PM

I will have to leave for a little while but here is you speecy report.

http://speccy.piriform.com/results/layA8gPORkmklW6BuC5GINp


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#6 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 04 March 2016 - 10:03 AM

I will try to answer your other questions as best I can.

 

1. Memory usage: As you know memory will fluctuate depending on what is running and the job it is doing and can fluctuate fairly rapidly. Makes it a little hard to tell at times.

However going to full screen when viewing you can get a pretty good idea. Notations with paper and pencil still work pretty good and fairly fast. Observing for several minutes will give you a good idea but not exact.

 

2 I use a laptop/notebook designed for Win8 with the problematic synaptic touch pad.

However the behavior sometimes occurs without my hands even touching the computer or even being near the touch pad. I have observed the waveing of the hand near the touch pad before. This ain't it lol

 

3 Copying the event log:  While I can create the log it is too big to copy and paste even into a word document.  I use 7 Zip but the feature to send to the zip folder are greyed out and will not work.

When I choose export nothing happens, I get no menu of options to export where. Searching documents and C-drive I find nothing that looks like it may be it.

 

Thank you for your continued help. I may not respond as quickly as I usually do I am having health issues at this time. USAMA also gave me a list of other things to try as well. It will take a little while.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 04 March 2016 - 10:10 AM

According to your Speecy snapshot, Windows Defender and Malwarebytes are using the most RAM on your system.

So basically, a random right-click will happen on your desktop, without you touching the laptop? Does the contextual menu close after (like if another left click was done), or does it stays open?

You need to export the Event Log, not copy/paste it. Can you give me a screenshot of which Export option you are using?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 04 March 2016 - 04:43 PM

Well now I am completely stumped. It does not seem to be system corruption nor  does it seem to be any type of malware. I have run over a dozen different scanners and tools without finding anything.

 

So what else is left for it to be?  My imagination?


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#9 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 PM

Posted 04 March 2016 - 06:09 PM

Unexplainable.memory useage in task manager sometime 80 t0 90 % ....

...

Sorry, You're talking about 80% -90%, but better to talk about how much it really is.
How much You have memory (RAM) at all? What it means 80-90%?


#10 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 04 March 2016 - 07:15 PM

Fair question. That is 80 to 90% percent of the memory being used by the pc. Total installed memory is 2, 4 GB sticks a total of 8 GB.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 04 March 2016 - 07:50 PM

Well now I am completely stumped. It does not seem to be system corruption nor  does it seem to be any type of malware. I have run over a dozen different scanners and tools without finding anything.
 
So what else is left for it to be?  My imagination?


You could always seek a more advanced check-up in the MRL section, but so far, I don't see anything which makes me think that malware is involved.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:10:34 PM

Posted 04 March 2016 - 08:02 PM

I have to agree I have run over a dozen different anti malware programs and tools. None report anything found except Malwarebytes Anti exploit. It shows it blocked exploit code on 3-2-2016 but does not say what code, no real log file just a notation.

I assume it was able to block it all.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 04 March 2016 - 08:38 PM

If it notified you, then yes, it indeed blocked it. I haven't seen MBAE blocking an exploit but let it go through.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 PM

Posted 04 March 2016 - 08:51 PM

Fair question. That is 80 to 90% percent of the memory being used by the pc. Total installed memory is 2, 4 GB sticks a total of 8 GB.

Does this mean then 80-90% of 8GB, ie 6.4GB-7.2GB
If it is in so idle and always, then it isn't normal. if only sometimes, then is everything normal.
You have always some background processes running. If there are something, what not needed to run always, simply turn it off. Also disable these auto start programs and scheduled tasks, what isn't mandatory.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users