Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: McAfee GetSusp Scan Results

12 Jan 2013   #1
Injust

Windows 7 Home Premium 64-bit SP1
 
 
McAfee GetSusp Scan Results

Hello,

I have recently suspected that I have a malicious program on my computer. Before running, some .EXE files will give an error message about "cbFsMntNtf3.dll", which is a file of 0 bytes. I have since deleted it, and there have been NO further problems related to that error message.

Also, after exiting some programs, attempts to delete the .EXE file will fail. If I highlight it and right-click and press delete, it will give me a "no required permissions" error. However, I am the administrator on the system. Attempts to use the program "Unlocker" have failed. If I use "Shift+Delete", the file disappears, but once I press F5, it reappears again. If I delete the folder that contains the .EXE file, it will say that a file is running.

I have ran multiple anti-rootkit programs, with no results at all. However, I just ran McAfee GetSusp, and in the log [getsusp logs], one of the lines is...
Code:
C:\Windows\System32\drivers\RKLF2F6.tmp.sys ... is Suspicious !!!
However, when I browse to that location, there is NO driver...
I have folder options selected so I see hidden files and OS files, but nothing :P

I am currently running "Sophos Virus Removal Tool", and will run SFC and Malwarebytes.

Thanks!




Attached Files
File Type: zip GetSusp Logs.zip (14.4 KB, 1 views)
My System SpecsSystem Spec
.

12 Jan 2013   #2
Injust

Windows 7 Home Premium 64-bit SP1
 
 

Dug up an old screenshot of the cbFsMntNtf3.dll error.
http://www.sevenforums.com/attachmen...-bad-image.png
My System SpecsSystem Spec
12 Jan 2013   #3
Injust

Windows 7 Home Premium 64-bit SP1
 
 

SFC log:


Attached Files
File Type: txt sfcdetails.txt (35.1 KB, 1 views)
My System SpecsSystem Spec
.


12 Jan 2013   #4
gregrocker
Microsoft MVP

 
 

In the time it would take to clean up the infection and damaged files, which will never be completely set right again after such an infection, you could already have a perfect Clean Reinstall - Factory OEM Windows 7, which if you stick with the tools and methods will be better than that of 99% of all PC users on earth anyway.
My System SpecsSystem Spec
12 Jan 2013   #5
Injust

Windows 7 Home Premium 64-bit SP1
 
 

Sorry, I am afraid that that is NOT an option for me. I have had that recommended to me many times, in the tens, but I am getting a new computer soon and it is nowhere near efficient for me to do that. Is there any way that you can help me REMOVE the infection?
My System SpecsSystem Spec
12 Jan 2013   #6
Injust

Windows 7 Home Premium 64-bit SP1
 
 

Malwarebytes Anti-Rootkit has detected TWO items, one is still the Porn-Dialer infection, which is probably already removed. Another malware listed is this...
Code:
C:\Windows\system32\drivers\atikmdag.sys (Unknown Rootkit Driver Infection
It is listed as "ATI Raedon Kernal Mode Driver", with version 8.1.1.1199. The product name is "ATI Radeon Family" and product version 8.01.01.1199. It is 9.73MB in size.
My System SpecsSystem Spec
12 Jan 2013   #7
Injust

Windows 7 Home Premium 64-bit SP1
 
 

MBAM flash scan logs:
First one catching the Porn-Dialer in registry, second scan is CLEAN.


Attached Files
File Type: txt mbam-log-2013-01-12 (13-39-36).txt (2.1 KB, 0 views)
File Type: txt mbam-log-2013-01-12 (13-47-57).txt (1.9 KB, 0 views)
My System SpecsSystem Spec
12 Jan 2013   #8
Injust

Windows 7 Home Premium 64-bit SP1
 
 

Malwarebytes flash scan: Clean
Malwarebytes quick scan: Clean
Malwarebytes full scan: Clean
Malwarebytes Anti-Rootkit scan: Clean
10 other rootkit scans: Clean

Seems like I have nothing?
Oh, after I removed that Porn.Dialer virus, my computer starts faster
My System SpecsSystem Spec
Reply

 McAfee GetSusp Scan Results




Thread Tools





Similar help and support threads
Thread Forum
Error during windows update, BSOD on 49% of McAfee virus scan
Hi, I have the error code 9C57 when doing windows updates. I was able to run the SURT. But when I tried to run the command prompt sfc /scannow, I got this message "You must be an administrator running a console session in order to use the sfc utility" There are no other users on this...
Windows Updates & Activation
Zoek scan results assistance
Zoek.exe v5.0.0.0 Updated 23-11-2014 Tool run by user01 on Sat 12/13/2014 at 9:41:16.94. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\user01\Downloads\zoek.exe ==== Older Logs ====================== ...
System Security
CHKDSK and SFC Scan Results: What do they mean?
Greetings, First off, I was noticing slowness in the boot time of my computer and wanted to get to the bottom of the issue so I found online that it was suggested to run a SFC scan. Initially this failed with the message "Windows resource protection cannot perform the requested operation"....
Performance & Maintenance
How do I fix corrupt file reported in SFC scan results?
I performed an SFC /Scannow and have what appears to be one corrupt file left that needs fixing. However, I'm not sure what the report is telling me. Could a member here who knows about this take a look if I upload the file? Thanks.
Performance & Maintenance
PSI Scan Results
I just installed PSI 2.0 and started updating according to it's scan results, but I ran into two snags. Firstly, there were several .NET updates called for, but when I updated Imgburn, all of those .NET listing disappeared, and now show as being patched. I'm guessing that Imgburn must have done...
Software
mcafee won't scan windows7 files in \windows\winsxs
mcafee appear to be happy to go round in circles without fixing my problem? my PC will only scan 99% and always gets stuck on files in \windows\winsxs mcafee tell me that the files must be corrupt but I've done a disk cleanup, sfc /scannow, chkdsk and everything is ok. anyone any...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:36.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App