Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Anti Rootkit taking a long time to scan


  • This topic is locked This topic is locked
4 replies to this topic

#1 Weirdmon

Weirdmon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 24 June 2017 - 06:36 PM

Hey all, I was wondering if my problem is normal.
This all happened within the last few days when retrieved my hacked Minecraft account back. Long story short: got it back, changed email and pass for my account and by the next day my email was hacked into along with a reply from Minecraft being read, which resulted in the loss of my account again.

I am currently running Windows 10 with (I believe) the most recent updates.

I ran a scan on Windows defender, nothing was found, so I decided to kick it up a notch and tried scanning with SpyBot Search and Destroy, which worked, however it paused once it got to a file named: Fraud.UPSInvoice. I decided to Google the file and it's looking like it's linked with a Trojan horse. I am currently having trouble manually deleting this, but I will post another topic about that. So I did some more research and found out it could be rooted, which lead me to download Malwarebytes Anti Rootkit, I started the scan at approximately 9:00PM -CST last night, it is currently 6:30PM and the scan is still running. The scan is not frozen, it's still scanning, but I think it might be a bit slower than it was going last night. It's stuck in my temp folder, the folder it's been scanning is:

C:\users\ALEX\APPDATA\LOCAL\TEMP\imageio67824700

And the imageio numbers are changing, but I don't really know what they mean. I checked the status of it when I woke up this morning, it was scanning in the same directory, along with the same imageio but with different numbers...I tried looking this up on Google and the keywords "taking a long time to scan" only brought up people who were running scans for 8 hours at most. It's been almost 24 hours since I started the scan.

What should I do? Should I let the scan keep running? Or is there anything else I can do to figure it out. Thanks fir any help!

BC AdBot (Login to Remove)

 


#2 opera

opera

  • Members
  • 994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:17 AM

Posted 25 June 2017 - 12:25 AM

If I were you I would post in the Malware removal area of the forum

 

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



#3 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 June 2017 - 01:39 AM

First, run Disk Cleanup and get rid of all the temp files.

 

I would recommend using the Custom Scan option of Malwarebytes Antimalware, rather than Anti-Rootkit.

 

Click Scan on the left side of the screen, click on Custom Scan, click on Configure Scan, and check the Scan for rootkits option.

 

Click Scan Now and let it run...it can take a while.


Edited by jwoods301, 25 June 2017 - 01:42 AM.


#4 BIGBEARJEDI

BIGBEARJEDI

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tattooine
  • Local time:08:17 PM

Posted 25 June 2017 - 03:52 AM

This particular file is reminiscent of the NEMUCOD Ransomware, a very nasty Ransomware I removed from a Customer's computer after spending hundreds of hours to remove it.  If you indeed have a merchant UPS account, the author(s) of this Ransomware spoof a fake E-mail from UPS that appears to be legit, with UPS logo and all.  Clicking on the attachment to see what happened to your Package locks up all your files on your PC and all attached external hard drives and flash drives.  It took me 4 weeks of working night and day to remove this Ransomware; so you should be very careful here.  You're stuff isn't locked up-yet!  But, certainly could be if you don't get it removed properly from your computer.

 

I'd strongly recommend you follow Opera's suggestion in Post #2 and let the guys in the Malware removal forum get involved in your cleanup of this particular virus.  It's probably a variant, since it hasn't locked and encrypted all your files yet, but you really need to get it looked at.  

 

The other suggestion I would make to you, is that you can't be an expert at fixing every kind of problem with your computer.  These days, hackers use some very sophisticated tools and phishing scams, of which you can be sure you are a victim of; you may not have the necessary experience to fix this problem yourself.  Consider taking it to your local licensed Computer Tech and paying a professional to remove this virus.  Just because you use free tools available on the Internet and you think you've gotten rid of it, doesn't mean you did, and a nasty payload could be just sitting on your hard drive like a ticking time bomb waiting to go off when you least expect it.  Hey, it's your computer, but at the very least do you at least have all your Personal Data on that PC backed up to external media in case the "bomb" goes off on you?

 

Best of luck,

<<BIGBEARJEDI>>



#5 Platypus

Platypus

  • Moderator
  • 14,684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:17 PM

Posted 25 June 2017 - 04:55 AM

Re-posted in Am I Infected forum:

 

https://www.bleepingcomputer.com/forums/t/650064/malwarebytes-has-been-scanning-for-over-24-hours-cycling-through-imageios/

 

This topic closed to avoid any confusion.


Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users