Need Malware Help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by texasharper, Jul 7, 2017.

  1. texasharper

    texasharper Corporal

    Original win 8.1 pro
    Win 10 upgrade
    Build (10240) 64 bit
    CPU Intel (R)
    Core (TM) i5 3210 M CPU @ 2.50GHz (4 cores)
    RAM 6.00 GB
    ASUSTeK COMPUTER INC.
    Q500A
    Version 1.0

    Greetings,
    my computer started running slow, hang ups, anti-virus was shut down, etc. I put off the read and run first because I didn't have time to complete it. Then yesterday I got a BSOD saying system thread exception not handled with the error code bckd.sys. So I uninstalled K9 Bluecoat. Then immediately did a system restore and the thread exception was handled for now, (I haven't got a BSOD since). Then I started working through the the steps, and here are my logs. Thank you for your time.
     

    Attached Files:

    Last edited: Jul 7, 2017
    texasharper, Jul 7, 2017
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please provide the log from RogueKiller and rerun MGTools and let it finish. Then provide the MGLogs.zip.

    In the meantime, remove everything Hitman and ADW found.

    Reboot and rescan with both and provide those logs as well.
     
    TimW, Jul 7, 2017
    #2
  3. texasharper

    texasharper Corporal

    20170707_223633.jpg
     
    texasharper, Jul 8, 2017
    #3
  4. texasharper

    texasharper Corporal

    20170707_231011.jpg
     
    texasharper, Jul 8, 2017
    #4
  5. texasharper

    texasharper Corporal

    I got errors on these.
     
    texasharper, Jul 8, 2017
    #5
  6. texasharper

    texasharper Corporal

    I removed 3 items from the hit man scan.
     
    texasharper, Jul 8, 2017
    #6
  7. texasharper

    texasharper Corporal

    I cant seem to get the file to upload.
     

    Attached Files:

    texasharper, Jul 8, 2017
    #7
  8. texasharper

    texasharper Corporal

    Ummmm, nevermind. However, my anti-virus is still disabled.
     
    texasharper, Jul 8, 2017
    #8
  9. texasharper

    texasharper Corporal

    I'm confused, I thought I knew how to upload a file.
     

    Attached Files:

    texasharper, Jul 8, 2017
    #9
  10. texasharper

    texasharper Corporal

    Running ADW now.
     
    texasharper, Jul 8, 2017
    #10
  11. texasharper

    texasharper Corporal

    The ADW log.
     

    Attached Files:

    texasharper, Jul 8, 2017
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Both RogueKiller and ADW are clean. What malware issues are you still having?
     
    TimW, Jul 8, 2017
    #12
  13. texasharper

    texasharper Corporal

    My anti-virus is still disabled.
     
    texasharper, Jul 8, 2017
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Uninstall it, reboot and reinstall.
     
    TimW, Jul 8, 2017
    #14
  15. texasharper

    texasharper Corporal

    No more issues. Thank you. Shall I perform the last steps?
     
    texasharper, Jul 18, 2017
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Jul 18, 2017
    #16
  17. texasharper

    texasharper Corporal

    I spoke too soon. My puter just rebooted itself.
     
    texasharper, Jul 18, 2017
    #17
  18. texasharper

    texasharper Corporal

    20170718_154856.jpg This has been coming up for days when I boot up. But I deleted the extension and assumed that was taken care of. I ran an Avast scan and rebooted. I did that just before I replied.
     
    texasharper, Jul 18, 2017
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jul 18, 2017
    #19
  20. texasharper

    texasharper Corporal

    Kernel Power - Event ID 41 - Task Category 63 (spontaneous improper shutdowns and reboots)
     
    texasharper, Jul 18, 2017
    #20
  21. texasharper

    texasharper Corporal

    I generated a Whocrashed report but it only reported on 4 crashes fron Saturday, July 8th. It made no mention of the crash a half hour ago. Should I post?
     
    texasharper, Jul 18, 2017
    #21
  22. texasharper

    texasharper Corporal

    Reset Chrome. I have 37,000 Security Events. Is that normal? I restored the UAC, just today, is that the reason? Do I have to go through the read and run me steps all over again?


    Log Name: Security
    Source: Microsoft-Windows-Security-Auditing
    Date: 7/18/2017 4:52:23 PM
    Event ID: 4797
    Task Category: User Account Management
    Level: Information
    Keywords: Audit Success
    User: N/A
    Computer: asus
    Description:
    An attempt was made to query the existence of a blank password for an account.

    Subject:
    Security ID: ASUS\new
    Account Name: new
    Account Domain: ASUS
    Logon ID: 0x54419

    Additional Information:
    Caller Workstation: ASUS
    Target Account Name: Guest
    Target Account Domain: asus
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4797</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>13824</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2017-07-18T21:52:23.409022600Z" />
    <EventRecordID>231343</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="756" />
    <Channel>Security</Channel>
    <Computer>asus</Computer>
    <Security />
    </System>
    <EventData>
    <Data Name="SubjectUserSid">S-1-5-21-32499628-2029155617-884460878-1001</Data>
    <Data Name="SubjectUserName">new</Data>
    <Data Name="SubjectDomainName">ASUS</Data>
    <Data Name="SubjectLogonId">0x54419</Data>
    <Data Name="Workstation">ASUS</Data>
    <Data Name="TargetUserName">Guest</Data>
    <Data Name="TargetDomainName">asus</Data>
    </EventData>
    </Event>
     
    texasharper, Jul 18, 2017
    #22
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Event logs a practically worthless. I suggest you post in the software forum.
     
    TimW, Jul 18, 2017
    #23

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds