Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MBR: ALUREON-G [Closed]


  • This topic is locked This topic is locked

#1
ivorykeys87

ivorykeys87

    New Member

  • Member
  • Pip
  • 7 posts

So, i followed one of the guides on here and just want to make sure the rootkit is gone. I restarted the computer after using TDSSKiller, re scanned using TDSSKiller and it didn't find any threats. So i'm assuming it is fixed, but i have no idea how to read the logs. Attached are both logs. 

Attached Files


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi ivorykeys87,

Your log does indeed look clean, but I will recommend a more thorough check-up (which we can provide) just to be on the safe side. Let me know if this interests you and I'll post the instructions. :)
  • 0

#3
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Of course. Is there a charge?


  • 0

#4
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I decided to scan the computer because it appears as though my CPU is over worked when all i'm doing is streaming and playing online poker. With my build, that shouldn't be a problem, but my monitors constantly blink off and on. Since removing this rootkit though, the problem persists...


  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Of course. Is there a charge?


Yes, $0. ;) Well then, if I may formally begin:

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

    '32-bit'
    '64-bit'
    • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#6
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I am running windows 64 bit for future reference. Are we working on the rootkit issue or the monitors going in and out issue right now?

Attached Files


  • 0

#7
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

I am running windows 64 bit for future reference. Are we working on the rootkit issue or the monitors going in and out issue right now?


That is sounding more like a hardware issue. I will direct you to our hardware specialists if the issue persists after the cleanup process. :)
  • Step 1

    After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

    More can be read from the following sources:You are advised to remove the following programs by uninstalling them:
    • µTorrent
    Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2

    Download 'aswMBR by avast!' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Once prompted to download the database, click No.
    • Choose None for the AV Scan option.
    • Press Scan. Once done, click Save Log and choose your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.
    • Double-click mbam-setup-*.exe and proceed to installing the program.
      • Accept the License Agreement.
      • At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
      • Click Finish after.
    • Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
      • Tick the Scan For Rootkits box.
    • Go back to the Dashboard and select Update Now. Click Scan Now after.
      • Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
      • Once the scan is complete, click Apply Actions.
      • If you are prompted to reboot, allow it by pressing Yes.
    • Navigate to the program's History tab to retrieve the log.
      • Click Application Logs and double-click on the most recent Scan Log.
      • Export the log to your desktop as a .TXT file.
      • You can also choose to directly copy the log by selecting Copy to Clipboard.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • aswMBR.txt (aswMBR)
    • mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)

  • 0

#8
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

It appears that I solved my issue with the monitors. But, if it presents itself again, I will create a thread in the specified department. The first pasted log is the "Daily Protection Log". 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Error, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Update, Bad md5 or size: akadomains, 11, 
Error, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Update, Bad md5 or size: akaips, 11, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.22.1, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.20.1, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.25.3, 
Update, 7/25/2015 2:33 AM, SYSTEM, CHASE-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.25.1, 
Scan, 7/25/2015 2:43 AM, SYSTEM, CHASE-PC, Manual, Start:7/25/2015 2:34 AM, Duration:8 min 49 sec, Threat Scan, Completed, 1 Malware Detection, 5 Non-Malware Detections, 
Error, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, IsLicensed, 13, 
Protection, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, Malware Protection, Stopping, 
Protection, 7/25/2015 2:44 AM, SYSTEM, CHASE-PC, Protection, Malware Protection, Stopped, 
 
(end)
 
The second is the scan log. 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/25/2015
Scan Time: 2:34 AM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.25.01
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chase
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335446
Time Elapsed: 8 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
Adware.TryMedia, HKU\S-1-5-21-2213509919-2853325218-3059417636-1000\SOFTWARE\Trymedia Systems, Quarantined, [985d09dc771316208cabf4d848bb27d9], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [4fa6964f682293a3b9956f9821e24db3], 
 
Files: 4
PUP.Optional.APNToolBar.A, C:\Users\Chase\AppData\Local\Temp\uttF33D.tmp.exe, Quarantined, [f50005e03357e5515cdf6f395ea3ee12], 
PUP.Optional.APNToolBar.A, C:\Users\Chase\AppData\Local\Temp\Offercast2802_MTV_.exe, Quarantined, [12e3be270d7ddf5736065b4d24ddae52], 
PUP.Optional.DownloadAssistant, C:\Users\Chase\AppData\Local\Temp\a2vI83jU2L\hQwK1Kxj\Setup.exe, Quarantined, [22d3865f4d3d91a5352e9eafd52c1ce4], 
PUP.Optional.OutBrowse, C:\Users\Chase\Downloads\Installation.exe, Quarantined, [05f028bdc0ca5adc7912d980e021e917], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Attached Files


  • 0

#9
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
TDSSKiller seem to have removed the rootkit completely as there are no traces of it left. Your logs look good--just some adware, which we will purge in this post.
  • Step 1

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • AdwCleaner[S*].txt (AdwCleaner)
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)

  • 0

#10
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# AdwCleaner v4.208 - Logfile created 25/07/2015 at 03:08:41
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Chase - CHASE-PC
# Running from : E:\Programs\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\simplitec
Folder Deleted : C:\ProgramData\Trymedia
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bobrowser.com_0.localstorage
File Deleted : C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_bobrowser.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\simplitec
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v43.0.2357.134
 
 
*************************
 
AdwCleaner[R0].txt - [1225 bytes] - [25/07/2015 03:06:48]
AdwCleaner[S0].txt - [1166 bytes] - [25/07/2015 03:08:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1225  bytes] ##########
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Chase on Sat 07/25/2015 at  3:11:09.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Chase\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Chase\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/25/2015 at  3:15:46.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

  • 0

#11
ivorykeys87

ivorykeys87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

My hard drive is SSD.


  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Could you kindly visit chrome://version using Goolge Chrome? Copy and paste the results back here.
  • Step 1

    You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.
    • Java Runtime Environment -- Update
    Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
  • Step 2

    Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.
    • Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
    • Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):

      nvMhqop.png

    • The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
    • Upon completion, select List of found threats > Export to text file....
    • Press Back and put a check on the following:
      • Uninstall application on close
      • Delete quarantined files
    • Click Finish.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • log.txt (ESET Online Scan)

  • 0

#13
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP