[avoirdupois2000]

Hi
I've downloaded combofix to clean a rootkit agent detected by MalwareByte Anti-Malware. I know combofix is dangerous to use without expert advice. Need help running through the process, etc.
Thx,
K.

[Advertisements]

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

• Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
• Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
• Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
• Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

I know you want to run Combofix, but before we can decide that this is the proper course of action, I'll need to see a couple of logs to determine what's going on.



Download and Run DDS by sUBs

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Save both reports to your desktop.

---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt and Attach.txt




Download and Run GMER


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one - make sure it is UNCHECKED)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and paste it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries





Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

The logs may be longer than you can paste in one reply. If that happens, please break it up into multiple replies. If you have any trouble with any of the logs please stop and let me know.

[patndoris]

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

• Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
• Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
• Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
• Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

I know you want to run Combofix, but before we can decide that this is the proper course of action, I'll need to see a couple of logs to determine what's going on.



Download and Run DDS by sUBs

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Save both reports to your desktop.

---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt and Attach.txt




Download and Run GMER


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one - make sure it is UNCHECKED)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and paste it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries





Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

The logs may be longer than you can paste in one reply. If that happens, please break it up into multiple replies. If you have any trouble with any of the logs please stop and let me know.

[patndoris]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.