Possible rootkit

Viruses and worms
1

i ran a rogue killer and mbr read failed (using windows 8 and cant seem to generate a log)
also some weird symbol in the tab was detected
i cant generate the log so heres a screen shot

http://i.imgur.com/Qbk8bLN.png?1

2

That appears to be a direct read of the MBR table

Are you experiencing any problems ?

3

No problem
so far

4

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.04.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Joseph :: JO [administrator]

Protection: Enabled

05/10/2013 20:01:06
MBAM-log-2013-10-05 (20-04-15).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 167247
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ConduitFloatingPlugin_cflheckfmhopnialghigdlggahiomebp (Trojan.Agent) → Data: “C:\Windows\SysWOW64\Rundll32.exe” “C:\Program Files (x86)\Conduit\CT3289075\plugins\TBVerifier.dll”,RunConduitFloatingPlugin cflheckfmhopnialghigdlggahiomebp → No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Joseph\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) → No action taken.
C:\Users\Joseph\AppData\Local\Temp\CT3289075\plugins (PUP.Optional.Conduit.A) → No action taken.

Files Detected: 4
C:\Users\Joseph\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) → No action taken.
C:\Users\Joseph\AppData\Local\Temp\CT3289075\initData.json (PUP.Optional.Conduit.A) → No action taken.
C:\Users\Joseph\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) → No action taken.
C:\Users\Joseph\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) → No action taken.

(end)

avast scan came back clean :frowning:

5

the log say no action taken…
update MBAM and run quick scan… click remove selected to remove what is found

then attach (not copy and paste) OTL diagnostic log

6

i removed them but created the logs for you guys to see

7

I will try RogueKiller on my 8 system to confirm there is not a hiccup there

8

any luck? :slight_smile:

9

Works fine for me … Did you press the report button ?

10

report button doesnt work, and the scan can take over 10 minutes

11

The MBR report looks fine from what I can see… Ignore the LL1 and LL2

12

Thanks