Boot Priority Changing Itself-query Malware-hijack?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by clixto, Jul 10, 2019.

  1. clixto

    clixto Specialist

    Thank you in advance. I am having issues with my boot priority changing by itself for the past 3 weeks. I'm wondering if this is a malware issue. For some reason windows program files are also on one of my back up drives. I unplugged this drive for the time being.

    Attached are my first 3 scans

    My sys:
    ASUS DRW-24F1ST 24X SATA DVD Writer Black

    G.SKILL RipjawsX F3-2133C11D-16GXL 16GB 2X8GB DDR3-2133 CL11 240PIN 1.5V Dual Channel Memory Kit

    Cooler Master HAF 912 Black Mid Tower ATX Case 4X5.25 1X3.5 6X3.5INT No PS Front USB Sound

    EVGA GeForce GTX 750 Ti 2GB GDDR5 128BIT DUAL-LINK DVI-I HDMI DP Graphics Card w/ G-SYNC Support

    ASUS M5A97 R2.0 ATX Motherboard & AMD FX-6300 Six Core Processor

    EVGA 600B 80 PLUS BRONZE CERTIFIED 600W POWER SUPPLY 120MM FAN 3 YEARS WARRANTY

    Acer G276HL Gbmid 27IN 6MS 1920X1080 FHD Widescreen LED Backlit Monitor DVI HDMI VGA VESA Speakers

    SSD: ADATA Premier Pro SP900 2.5" 256GB SATA III MLC Internal Solid State Drive (SSD) ASP900S3-256GM-C

    OS: 64 bit Win 7 ultimate
     

    Attached Files:

    clixto, Jul 10, 2019
    #1
  2. clixto

    clixto Specialist

    Also attached are the MGtools zip and Hitman
     

    Attached Files:

    clixto, Jul 10, 2019
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you tell me what this is:
    O4 - HKCU\..\Run: [ar$EX01.000\Revenger_X(TPCBAT10-X)_20190514\ECigarette(20181124 v2.1.3.122).exe] "C:\Users\Feb\AppData\Local\Temp\Rar$EX01.000\Revenger_X(TPCBAT10-X)_20190514\ECigarette(20181124 v2.1.3.122).exe" /prereqs "0" /i "C:\Users\Feb\AppData\Roaming\ECigarette\ECigarette 2.1.3.122\install\ECigaratte.msi" AI_SETUPEXEPATH=

    I am not seeing any malware other than what Hitman feels is a risk tool.....bitcoin miner.
     
    TimW, Jul 10, 2019
    #3
  4. clixto

    clixto Specialist

    The revenger and ecig is software that I downloaded before but didn’t use for e-cigarettes. No clue what the bitcoin miner is and why it’s on my sys.
     
    clixto, Jul 10, 2019
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please delete it on Hitman. I would like one more scan, please.

    Please go here > https://www.zemana.com/Download
    their program is no longer free, but you can use the demo version for this cleaning.

    It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please. Along with the new Hitman scan.
     
    TimW, Jul 10, 2019
    #5
  6. clixto

    clixto Specialist

    Earlier this morn. I unplugged all other drives except the primary os drive and now I get this. Bios message. Not recognizing the drive again
     

    Attached Files:

    clixto, Jul 10, 2019
    #6
  7. clixto

    clixto Specialist

    K got it to work..running scan now
     
    clixto, Jul 10, 2019
    #7
  8. clixto

    clixto Specialist

    Second scan for hitman showed 0 threats.
     
    Last edited: Jul 10, 2019
    clixto, Jul 10, 2019
    #8
  9. clixto

    clixto Specialist

    Zemana wouldn’t install
     

    Attached Files:

    clixto, Jul 10, 2019
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since there appears to be no malware on your system, I can only suggest you post in the software forum for further assistance.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    3. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. After doing the above, you should work thru the below link:
     
    TimW, Jul 10, 2019
    #10
    clixto likes this.
  11. clixto

    clixto Specialist

    Thanks Tim. I opened a thread under hardware
     
    clixto, Jul 10, 2019
    #11
    TimW likes this.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds