Malware Logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Zarxous, Jun 20, 2014.

  1. Zarxous

    Zarxous Private E-2

    Following the Read & Run as well as the Malware Removal for W7 thread, I ran the programs provided, Gathering logs from each. Seems that only RK, MB, and Hitman show anything at this point.

    I've been experience massive amounts of lag with my computer when certain programs are run or when a lot of things are done at once. Other random times as well without either of the first two being the case. I end up having to completely restart my computer for things to run well again. I'm unsure if perhaps it's just my CPU/Processor is going bad, Or if Malware is the cause.

    All help is welcome and much appreciated. Thank you in advance.


    NOTE: TDS Killers log was apparently too large to be added as an attachment, The scan came up with zero problems though.

    Below is merely the beginning part of the TDS Log. However unsure if needed or helpful.

    09:58:09.0251 0x09d8 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
    09:58:14.0555 0x09d8 ============================================================
    09:58:14.0555 0x09d8 Current date / time: 2014/06/19 09:58:14.0555
    09:58:14.0556 0x09d8 SystemInfo:
    09:58:14.0556 0x09d8
    09:58:14.0556 0x09d8 OS Version: 6.1.7601 ServicePack: 1.0
    09:58:14.0556 0x09d8 Product type: Workstation
    09:58:14.0556 0x09d8 ComputerName: 500BMT0XX
    09:58:14.0556 0x09d8 UserName: user
    09:58:14.0556 0x09d8 Windows directory: C:\Windows
    09:58:14.0556 0x09d8 System windows directory: C:\Windows
    09:58:14.0556 0x09d8 Running under WOW64
    09:58:14.0556 0x09d8 Processor architecture: Intel x64
    09:58:14.0556 0x09d8 Number of processors: 2
    09:58:14.0556 0x09d8 Page size: 0x1000
    09:58:14.0556 0x09d8 Boot type: Normal boot
    09:58:14.0556 0x09d8
     

    Attached Files:

    Zarxous, Jun 20, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it fix these items:

    • ¤¤¤ Registry Entries : 38 ¤¤¤
      [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 -> FOUND
      [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 -> FOUND
      [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 -> FOUND

    Then remove these:
    • ¤¤¤ Scheduled tasks : 5 ¤¤¤
      [Suspicious.Path] \\IHSelfDeleteTASK -- CMD (/C DEL C:\Users\user\AppData\Local\Temp\IHU4945.tmp.exe) -> FOUND
      [Suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\user\AppData\Local\Temp\IHU46A5.tmp.exe) -> FOUND
      [Suspicious.Path] \\{2AAA9051-1F27-4E4E-A7D7-2F11688BF757} -- C:\Windows\system32\pcalua.exe (-a C:\Users\user\Desktop\Photo****et0240_Installer\Photo****et0240_Installer.exe -d C:\Users\user\Desktop\Photo****et0240_Installer) -> FOUND
      [Suspicious.Path] \\{2B2D4FE3-A4C5-40C6-9587-B2490DC9F074} -- C:\Windows\system32\pcalua.exe (-a C:\Users\user\AppData\Local\Apps\2.0\1D3Y87MO.ZBQ\QT20C5LO.OKO\rebt..tion_59eb1b2cffdb6323_0002.0005_4441f936d900cc2b\RebtelPhone.exe -c /startuninstall) -> FOUND
      [Suspicious.Path] \\{E8018A12-25D9-459A-8D01-069A5014DE5B} -- C:\Windows\system32\pcalua.exe (-a C:\Users\user\Desktop\Photoshop\Photoshop\PhotoshopPortable.exe -d C:\Users\user\Desktop\Photoshop\Photoshop) -> FOUND

    Then rerun Hitman and have it remove everything under:
    Malware remnants
    Potential Unwanted Programs

    Reboot and rescan with both RogueKiller and Hitman and attach those new logs. Be sure to tell me how things are running.
     
    TimW, Jun 20, 2014
    #2
  3. Zarxous

    Zarxous Private E-2

    I've done as you've instructed. Thank you for the reply as well. At this moment I don't see any real differences in how my computer is running. But if I find any difference I'll be sure to inform you.

    Here are the new logs, As requested.
     

    Attached Files:

    Zarxous, Jun 20, 2014
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Those are clean, so I suggest you post in the software forum for further assistance.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
     
    TimW, Jun 21, 2014
    #4
  5. Zarxous

    Zarxous Private E-2

    Thank you once again, Your help was very much appreciated. It seems as though my Firefox seems to be working as it used to without freezing constantly. However my processes still spike after a while. Though I assume that simply has to do with my computer now that the Malware has been removed. It's unfortunate but it is, What it is.
     
    Zarxous, Jun 21, 2014
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can post in the software forum for someone (s) to guide you on reducing your processes..


    And, you are welcome. ;)
     
    TimW, Jun 22, 2014
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds