Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request for help with possible Virus/malware/rootkit


  • Please log in to reply
1 reply to this topic

#1 StarTiger

StarTiger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 20 April 2017 - 02:02 AM

Hello everyone;

 

I have a 2014 MSI ghost Pro 60 gaming laptop that was purchased at a hock shop used.

 

I've noticed several things on this system, such as hive file modifications, extra Drive partitions, strange events in the event logs, and general internet slowdown,  popups claiming im infected, etc.

 

looking through the event logs I noticed a file, I was investigating mentions rootkits in a google search;

 

also I'm seeing stuff like this: 

 

>User Logoff Notification for Customer Experience Improvement Program

 

>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

>The following boot-start or system-start driver(s) did not load: 

cdrom
dam
 
and my dual NIC card leaves events that it's dropping out and reseting, along with the system time, and events for processor power modifications. 

 

I DO download alot of stuff, so yeah, thats probably part of the issue as some sites I goto could be labled "nafarius", at best....

 

I was trying to set up a pen testing system with metasploit, so I thought I may have become infected that way.

 

The drives are pretty full of both my own and previous owner's crap/games files, etc. If I do need to do a wipe thats fine, although I hope that the factory partition would still be intact if that is the case. My important files are on backup drives.

 

I just started downloading a bunch of scanners/rootkit detectors, etc when I remembered your site, and thought perhaps you guys could look at it with me.

 

Thanks for any services you might render.

 

Where should I start?

 

StarTiger

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:01 PM

Posted 20 April 2017 - 04:46 AM

Welcome to BC....

 

I think I would of reformatted the hdd and reinstalled the Windows OS before using the computer. Now that you know it is infected I think reinstalling is the best thing to do for security

and improving the computer's performance.

But if you prefer not doing that then follow the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users