Threats Detected

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ManWarBear, Aug 24, 2015.

  1. ManWarBear

    ManWarBear Private First Class

    Hi, I am trying to help my friend clean her computer. She ran a scan with her antivirus program and it found 4 threats but would not clean them. I tried running Rogue Killer but it just stays in the initialization stage. I waited for an hour for it to load up but it never did. When I tried to update malwarebytes, it said that there were no updates available. I find this very hard to believe, since, I have never seen malwarebytes without updates available. Hitman pro would not run. It says "no internet connection", then it times out after 5 minutes. I then tried to use the settings for when you have no internet connection but it still said "no internet connection" and timed out again. Having these very important scans, not running at all is very disheartening. TDSSKiller will not allow me to upload the file. I got this message. TDSSKiller.3.0.0.44_13.05.2015_08.23.27_log.txt:
    Your file of 433.9 KB bytes exceeds the forum's limit of 375.0 KB for this filetype.
     

    Attached Files:

    ManWarBear, Aug 24, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Good afternoon/morning :)

    Can you try scanning with RogueKiller in safe mode please and see if it runs. If so attach a log please.
     
    Kestrel13!, Aug 24, 2015
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Also, can you attach a log from what the antivirus is finding, or give me the exact file path to the 'threats' being found.
     
    Kestrel13!, Aug 24, 2015
    #3
  4. ManWarBear

    ManWarBear Private First Class

    She uses eset nod32, I am unfamiliar with this program and how to obtain a log file. I zipped the tds log.
     

    Attached Files:

    ManWarBear, Aug 24, 2015
    #4
  5. ManWarBear

    ManWarBear Private First Class

    Rogue Killer also does the same thing in safemode.
     
    ManWarBear, Aug 24, 2015
    #5
  6. ManWarBear

    ManWarBear Private First Class

    Eset log. Sorry, I was having trouble navigating the application.
     

    Attached Files:

    ManWarBear, Aug 24, 2015
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What the antivirus was detecting relates to: LavasoftTcpService which is installed. A false positive.

    Could you please get this: 17417D62.sys into a zipped file and attach it for me in your next post? To do this, see the below:

    Please go to start > Run and paste in the following:



    log retrievable @ C:\collect.zip
     
    Kestrel13!, Aug 24, 2015
    #7
  8. ManWarBear

    ManWarBear Private First Class

    Collect zip.
     

    Attached Files:

    ManWarBear, Aug 24, 2015
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, the file I wanted to further look at just belongs to Malware Bytes, so it's safe. ;) Are you able to run Hitman in safe mode?
     
    Kestrel13!, Aug 24, 2015
    #9
  10. ManWarBear

    ManWarBear Private First Class

    No, Hitman will not run in safe mode. I've been keeping an eye on it throughout the day. This is one message that I got, AC Adapter Warning. The AC power adapter type cannot be determined. Your system will operate slower and battery will not charge. This problem might be solved by: Ensure the plug is inserted completely for best system operation. Connect a Dell 65W AC adapter or higher. Also, I got this message earlier in the day. pcdrui.exe The exception unkown software exception (0xe0434352)occurred in the application at location 0xfccbb3dd.

    The AC adapter message is preceded by the screen brightness lowering and I am unable to brighten it back up no matter what I do. The battery icon always shows that the laptop is plugged in and charging.

    I have never seen a computer that would not run Rogue Killer or update Malwarebytes, unless there was something seriously wrong with it.
     
    ManWarBear, Aug 24, 2015
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    It sounds to me like you have a host of problems with this machine not connected to malware. Sometimes RogueKiller and other programs won't run but it's not always down to malware.

    Before I send you off to software, give this a run.

    Kaspersky Scanner
     
    Kestrel13!, Aug 25, 2015
    #11
  12. ManWarBear

    ManWarBear Private First Class

    The Kaspersky Security Scan did not detect any malware but it did find 10 problems in the "other" category. There is no "save report" button available, so, I will just have to type them out.

    1. Autorun from hard drives is allowed.
    2. Autorun from network drives is enabled.
    3. CD/DVD autorun is enabled.
    4. Removable media autorun is enabled.
    5. Microsoft Internet Explorer: caching data received via protected channel is enabled.
    6. Microsoft Internet Explorer: sending error reports is enabled.
    7. Microsoft Internet Explorer: some websites are added to the list of trusted websites.
    8. Microsoft Internet Explorer: some websites are added to the list of pop-up blocker exceptions.
    9. Microsoft Internet Explorer: cache autocleanup is disabled on browser exit.
    10. Microsoft Internet Explorer: home page reset.
     
    ManWarBear, Aug 25, 2015
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Those are fine. ;) You should go ahead and post in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    8. After doing the above, you should work thru the below link:
     
    Kestrel13!, Aug 25, 2015
    #13
  14. ManWarBear

    ManWarBear Private First Class

    Thank you very much for your help. Looks like I need to head over to software.
     
    ManWarBear, Aug 25, 2015
    #14
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome. :)
     
    Kestrel13!, Aug 25, 2015
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds