 |
Windows 7: McAfee GetSusp Scan Results
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
McAfee GetSusp Scan Results
Hello,
I have recently suspected that I have a malicious program on my computer. Before running, some .EXE files will give an error message about "cbFsMntNtf3.dll", which is a file of 0 bytes. I have since deleted it, and there have been NO further problems related to that error message.
Also, after exiting some programs, attempts to delete the .EXE file will fail. If I highlight it and right-click and press delete, it will give me a "no required permissions" error. However, I am the administrator on the system. Attempts to use the program "Unlocker" have failed. If I use "Shift+Delete", the file disappears, but once I press F5, it reappears again. If I delete the folder that contains the .EXE file, it will say that a file is running.
I have ran multiple anti-rootkit programs, with no results at all. However, I just ran McAfee GetSusp, and in the log [getsusp logs], one of the lines is... Code: C:\Windows\System32\drivers\RKLF2F6.tmp.sys ... is Suspicious !!! However, when I browse to that location, there is NO driver...
I have folder options selected so I see hidden files and OS files, but nothing :P
I am currently running "Sophos Virus Removal Tool", and will run SFC and Malwarebytes.
Thanks! | My System Specs |
| Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
Dug up an old screenshot of the cbFsMntNtf3.dll error. http://www.sevenforums.com/attachmen...-bad-image.png | | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
| | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Win7 x 6 PC's 36,547 posts California, Florida, Boston |
In the time it would take to clean up the infection and damaged files, which will never be completely set right again after such an infection, you could already have a perfect Clean Reinstall - Factory OEM Windows 7, which if you stick with the tools and methods will be better than that of 99% of all PC users on earth anyway. | | My System Specs | | |
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
Sorry, I am afraid that that is NOT an option for me. I have had that recommended to me many times, in the tens, but I am getting a new computer soon and it is nowhere near efficient for me to do that. Is there any way that you can help me REMOVE the infection? | | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
Malwarebytes Anti-Rootkit has detected TWO items, one is still the Porn-Dialer infection, which is probably already removed. Another malware listed is this... Code: C:\Windows\system32\drivers\atikmdag.sys (Unknown Rootkit Driver Infection It is listed as "ATI Raedon Kernal Mode Driver", with version 8.1.1.1199. The product name is "ATI Radeon Family" and product version 8.01.01.1199. It is 9.73MB in size. | | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
MBAM flash scan logs:
First one catching the Porn-Dialer in registry, second scan is CLEAN. | | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
|
12 Jan 2013
|
| |
Microsoft Windows 7 Home Premium 64-bit SP1 420 posts Toronto, ON, Canada |
Malwarebytes flash scan: Clean
Malwarebytes quick scan: Clean
Malwarebytes full scan: Clean
Malwarebytes Anti-Rootkit scan: Clean
10 other rootkit scans: Clean
Seems like I have nothing?
Oh, after I removed that Porn.Dialer virus, my computer starts faster  | | My System Specs | | Computer type Laptop
System Manufacturer/Model Number Hewlett-Packard Pavilion g6-1A44CA Notebook PC
OS Microsoft Windows 7 Home Premium 64-bit SP1
CPU AMD Phenom(tm) II P960 Quad-Core Processor
Motherboard Hewlett-Packard 1697
Memory 4GB DIMM 1066Mhz Micron Technology, 2GB DIMM 1066Mhz Ramaxel
Graphics Card AMD M880G with ATI Mobility Radeon HD 4250
Sound Card AMD HDMI Output
Monitor(s) Displays Philips 40PFL4707/F7 40" LED TV
Screen Resolution 1680x1050
Keyboard Dell SK-8115
Mouse Logitech M325, Synaptics TouchPad
Hard Drives Hitachi HTS547575A9E384 SATA Disk Device (698.64GB)
Internet Speed Rogers Express (25Mbps Down, 2Mbps Up)
Other Info Optical Drive: HP CDDVDW TS-L633R
Network Interfaces: Realtek PCIe FE Family Controller, Ralink RT5390 802.11b/g/n WiFi Adapter
BIOS: Default System BIOS
McAfee GetSusp Scan Results problems? All times are GMT -5. The time now is 07:37 AM. |  |
PSI Scan Results 
