Are these really rootkits? If so, how can I remove them because when I try to perform an action, it says they cant accessed.
Can you post a new Screenshot with the Detections please?
And also give some information about your system(OS,32 or 64 bit, other installed security tools…)
I have a 64 vit, win 7, Hp. I have mbam, sas, and malwarebytes rootkit remover.
Thats wierd.
Can you do what is shown in this topic please and attach your logs, DONT COPY AND PASTE.
http://forum.avast.com/index.php?topic=53253.0
After that malware removers are notified, maybe i need some too, i dont know if the detection i have is a false positive
or valid. ;D
Monitoring…
Sorry for the late reply. Working on in today.
this seems to be the Windows update issue …sometimes happens if you scan after a win update
if you reboot and scan again, do you still get it ?
Here are the logs.
EDIT: aswMBR is taking forever to download. When I click the download link, my speed is in B/s rather than my normal speed which is A LOT higher.
I will try again and see.
I got aswMBR from cnet.
http://i.imgur.com/weVCzW0.jpg
Please download TDSSKiller
[*]Double click TDSSKiller.exe
[*]Press Start Scan but do nothing else as we are just looking for what is there.
[*]If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
[*]Attach the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
TDSSKiller log
ComboFix
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.
CF log
http://i.imgur.com/OJQgrbU.png
Tweaking.com Registry Backup
[]Download the tool found here to your Desktop so it is easy to find.
[]Double click on the file you just downloaded to install it to your system.
[*]Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
Note The tool should automatically open to the Backup Registry tab.
http://i.imgur.com/TRfuT3t.jpg
[*]Press Backup Now
[*]When the back up is complete, the tool will tell you that Successful / Files Backed Up
[*]You have now successfully backed up your Registry.
http://i.imgur.com/ttLR1ki.jpg
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{E9F3BDB7-6BC2-4009-9878-CA24A5315326}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O15 - HKU\S-1-5-21-1691826831-2016053247-2653556577-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1691826831-2016053247-2653556577-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
Attach the new OTL log and let me know how your system is running.
Still need help?
Second OTL log.
and let me know how your system is running.:)
Oh, I forgot about that. It’s doing fine. After running the registry backup there’s a bunch of files on the desktop. I’m guessing those are the backups.
Hi,
Yes there will be some files that populate occasionally as we work through this… Let’s check for anything remaining that needs to go.
http://i.imgur.com/GUZVCQN.jpg
Malwarebytes
Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
ESET Online Scanner