Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Activity and infected with VBS:malware.gen


  • Please log in to reply
1 reply to this topic

#1 ag.dabears

ag.dabears

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dinuba, Ca
  • Local time:08:00 PM

Posted 27 February 2017 - 05:02 PM

i was infected with vbs:malware.gen which infected over 300 files so i assume it is a virus. avast did remove it but computer still running slower than usual specially playing any media player makes it take forever to change songs. i also have rootkit activity and was detected by gmer i saved the log file so i will post it at the end. i do not know which rootkit or if it will b impossible to removed so any advice would be appreciated. thanks  p.s i also renamed gmer to pick-a-boo. when i changed the name is when it found the infections but no longer will detect them so i assume i am infected by rootkit.

 

 

 

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-02-27 04:19:35
Windows 6.2.9200  x64
Running: pickA-boo.exe

---- Services - GMER 2.2 ----
Service  C:\WINDOWS\system32\drivers\hitmanpro37.sys (*** hidden *** )                                                           [MANUAL] hitmanpro37     <-- ROOTKIT !!!
 
Service  C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe (*** hidden *** )                                     [AUTO] WsAppService  <-- ROOTKIT !!!
 
Service  C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe (*** hidden *** )                                          [MANUAL] WsDrvInst  <-- ROOTKIT !!!
 
---- Registry - GMER 2.2 ----
Reg - HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                    1455034511
 
Reg - HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\ParametersInstup_14865758592652286@SetupOperations                    ???Q?????Q?Q?Q?R?R?R?R?S?S?S?S?T?T?T?????????????2??????????????????????????????? ???????P?????S?????Q??????????P?/??????\???????????G???????Q?Q?Q?Q?Q?S?S?S?????????????n??t8????????????????????????P??Q????????h?????\SystemRoot\system32\drivers\aswSnx.sys?ys???????????S?????????e?????Q??????????????MoveFile("\??\C:\Program Files\AVAST Software\Avast\HTMBE2.tmp","\??\C:\Program Files\AVAST Software\Avast\HTMLayout.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\avBEE3.tmp","\??\C:\Program Files\AVAST Software\Avast\avBugReport.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\AvD102D.tmp","\??\C:\Program Files\AVAST Software\Avast\AvDump32.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\x64\AvD1138.tmp","\??\C:\Program Files\AVAST Software\Avast\x64\AvDump64.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE051.tmp","\??\C:\Program Files\AVAST Software\Avast\aswcmlx.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\aswE0CF.tmp","\??\C:\P
 
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                  0x7F 0x6D 0x58 0xFA ...
 
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                       0x7F 0xD5 0x1C 0x5C ...
 
Reg - HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                        0x7F 0x05 0x94 0x98 ...
 
Reg - HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw                                                                                             0x64 0x62 0x03 0x00 ...
 
Reg - HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask                                                                                 0x64 0x62 0x03 0x00 ...
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ForegroundColorInactive                  -1
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonBackgroundColor                     0
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonHoverBackgroundColor          -13750738
 
Reg -
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonPressedBackgroundColor       -12303292
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonBackgroundColorInactive         0
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationFrame\TitleBar\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge@ButtonForegroundColorInactive        -1
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6EAE973B-8280-4932-BB5A-F916A3BBB4D1}@LastAccessedTime                        0x60 0x34 0x7F 0xBC ...
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{6EAE973B-8280-4932-BB5A-F916A3BBB4D1}@LaunchCount                                1
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BE458C51-DA6E-4D2A-AEE1-8216BE0FD4BB}@LastAccessedTime                       0xB0 0xA1 0x7C 0xE9 ...
 
Reg - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{BE458C51-DA6E-4D2A-AEE1-8216BE0FD4BB}@LaunchCount                                 27
---- EOF - GMER 2.2 ----

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:00 PM

Posted 28 February 2017 - 02:21 PM

Hello please repost your topic here,...

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

We'll get a better look...Let me know if that went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users