Combofix log - had some mallware that boosts memory to 100%

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by matjazf, Oct 11, 2011.

  1. matjazf

    matjazf Private E-2

    Hello guys,
    i'm having troubles on my old PC with win XP SP3. After log on it becomes very slow and loud, i'va spotted that a process named services.exe takes all the memory slowly and than it releases it slowly after 10 mins or so. I tried some mallware removal programs, but when i'm logged on it allows me to start them just once, then they are blocked and i can't run them any more. I used mallwarebytes in safe mode and it always find two backdoor bugs in flash memory, which are removed, but they reappear after normal log on. In the end i tried with combofix, but i can't read its log. Im sure you are experts doing this, so please see it below. I need to live with this PC for a couple of months, so i would be glad if you help me solve my problem, if there is any left of course. There is also my hijackthis log below combofix's log, created before combofix was aplied.
    Thank you in advance!
    Regards, Matjaz
     

    Attached Files:

    Last edited by a moderator: Oct 11, 2011
    matjazf, Oct 11, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. You need to read this. HOW TO: Attach Items To Your Post

    I want you to run TDSSKiller so refer to the below for how to do so.

    TDSSkiller - How to run


    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

    Then you need to ensure that you have followed as much of the READ & RUN ME FIRST. Malware Removal Guide as you possibly can, attaching all the requested logs.
     
    Kestrel13!, Oct 11, 2011
    #2
  3. matjazf

    matjazf Private E-2

    Hello again, thank you for guidance, i did run TDSSkiller and MBRcheck, they both did find somethhing, as you can see in their logs. Hope it won't be too difficult to clean them.
    Thank you, Matjaz
     

    Attached Files:

    matjazf, Oct 11, 2011
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    A reminder from Kestrel13!'s message in post #2 -
     
    dr.moriarty, Oct 11, 2011
    #4
  5. matjazf

    matjazf Private E-2

    Oh, i+m sorry, didn't spot that at the end, it was evening already and i was preety desperate to post logs from the first two tasks. Will do that as well.
    Thanks, Matjaz
     
    matjazf, Oct 12, 2011
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Attach logs when you are ready then. :)
     
    Kestrel13!, Oct 12, 2011
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds