Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I THINK my PC may be infected - need help.


  • Please log in to reply
11 replies to this topic

#1 Kuszotke

Kuszotke

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2016 - 12:19 PM

I previously made a thread here but this time i'll ask a different question. Is my PC infected? My disk randomly shuts off, always when reading/writing data, sometimes when idling. 

 

I think it may be an infection, so i'd like to fully, in-depth check my PC if it may be malware. If it's not, then i know what it is.

I already scanned the computer with: MBAM, Stinger (Real Protect running all the time now), RogueKiller, AdwCleaner, MB Anti-Exploit running all the time now.

 

Please help me check if my PC is infected or not. Thank you for your help.

 

NOTE: Please do not give me hardware related answers. I just want to see if my PC is infected.


Edited by Kuszotke, 30 August 2016 - 12:21 PM.


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 PM

Posted 30 August 2016 - 02:47 PM

Hi Kuszotke,
 
It sounds more like an Hardware issue.
 
Please make sure you back up your data before continuing.
 
Step 1
 

51e15692b05a4-MiniToolbox.PNG Scan with MiniToolBox
 
Please download MiniToolBox by Farbar and save it to your desktop.

  • Right-click on 51e15692b05a4-MiniToolbox.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • In the main window please checkmark the following checkboxes:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Report FF Proxy Settings;
    • List content of Hosts;
    • List IP configuration;
    • List Winsock Entries;
    • List last 10 Event Viewer log;
    • List Installed Programs;
    • List Devices (Only problems);
    • List Users, Partitions and Memory size;
    • List Minidump Files.
  • Click Go and wait paiently.
  • Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.

Please include the content of that file in your next reply.
 
Step 2
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
Step 3
 
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2016 - 03:52 PM

Emsisoft log (it's in Polish, sorry!)

 

Spoiler
 
 
Malwarebytes log is coming, when using MiniToolbox my Antivirus alerts me of a hacker activity (changing login password)


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 PM

Posted 30 August 2016 - 03:59 PM

Hi Kuszotke
 

 

when using MiniToolbox my Antivirus alerts me of a hacker activity (changing login password)

 

 

MiniToolbox is a safe program to use. I would recommend disabling your Anti-Virus before running the tool and then re-enabling it afterwards.

 

If your not sure on how to disable your Anti-Virus :-

 

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

 

 

Emsisoft log (it's in Polish, sorry!)

 

 

Not a problem If I have an issue translating I will let you know :)

 

I will await your MalwareBytes and Minitoolbox logs.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2016 - 04:01 PM

Malwarebytes log:

 

Spoiler
 
Running MiniToolbox now, one minute and it's done.
 
MiniToolbox: (for some reason it's partially in Polish too)
 
Spoiler

Edited by Kuszotke, 30 August 2016 - 04:05 PM.


#6 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2016 - 04:16 PM

It just seemed weird because MiniToolbox never did that before :P



#7 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 30 August 2016 - 06:00 PM

Logging off soon and taking the PC to the service so if anyone wants to post something this is about time.



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 PM

Posted 31 August 2016 - 12:45 PM

Hi Kuszotke

Do you still require my assistance?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 31 August 2016 - 03:59 PM

The PC is at the service but id still like to hear the logs analysis and I may need to continue the cleanup after I pick the pc up ;)

#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 PM

Posted 01 September 2016 - 04:21 PM

Hi Kuszotke,

 

Step 1


This will need resolving ASAP as it looks like you are bypassing security measures for Prepar3D v3

 

 

127.0.0.1 precisionmanuals.com
127.0.0.1 www.precisionmanuals.com
127.0.0.1 license.precisionmanuals.com

 

Also a warming about P2P

 

warning.gif P2P warning!
 

  • µTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine.

 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 September 2016 - 04:44 PM

I use uTorrent to download things like game updates and modifications etc. - not really downloading any fishy stuff and it's pretty essential. 

 

HOWEVER i have no idea what the Prepar3D related addreses are doing in the hosts file. Precision Manuals are making Prepar3D add-ons and i don't have those installed, never did and i did not screw around with that file. I'll just restore it to default just to be sure, probably it was some plugin (friend was helping me setup VATSIM for P3D and he basically told me to download a bunch of plugins).

 

I'm pretty sure that editing the hosts file will be enough.


Edited by Kuszotke, 01 September 2016 - 04:44 PM.


#12 Kuszotke

Kuszotke
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 01 September 2016 - 04:57 PM

I think this thread can be closed. The PC is at the service and it's a hardware related problem.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users