Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MBAM cannot remove "culprit" access to 5.45.64.145/5.45.69.131

09 Feb 2014   #101
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by cottonball View Post
Let's remove the following tools used and their reports, since these tools are updated frequently, and it is best to have a new copy:

AdwCleaner > Run the tool, and press: Uninstall
TDSSKiller
RKill
RogueKiller
Junkware Removal Tool
Farbar Recovery Scan Tool, its C:\FRST folder, and associated reports
SFCFix.zip
SFCFix.exe
cbs logs
All done.


Quote:
The ESET Online Scan is a program you may want to use every so often.
Takes quite a while to run, as I learned, but certainly a worthwhile part of the "protection recipe".


Quote:
Also, make sure security software is ALL enabled and running!
Definitely.


Quote:
Thanks for following all the instructions and providing the reports!!

Have a great week, dsperber!!
And to you to. Couldn't have gotten this completely conquered without your help.


My System SpecsSystem Spec
.
09 Feb 2014   #102
dsperber

Windows 7 Pro x64 (1), Win7 Pro X64 (2)
 
 

Quote   Quote: Originally Posted by Slartybart View Post
I got power back yesterday and Internet back today, sorry for my absence. The storm itself wasn't that bad, but those early 20th century wires couldn't carry the weight of the ice.
Your part of the country had been making the nightly news for the past week, what with the ongoing efforts of your power companies to get things repaired.


Quote:
First, I want to say that this was a great example of team effort - thanks go out to everyone.
Indeed! In complete contrast to what went on over at the Malwarebytes HELP forum, which apparently has a whole different intent and approach.


Quote:
Second, make sure your friend keeps the machine protected with an up-to-date real time A/V program and that they practice safe surfing / messaging. Malware can get past even the best protection, so run a on-demand scanner once a month (ESET is good, but slow... Mbam and AdwCleaner are good quick checks) pick a few and run them periodically (those are the three that I use to see if anything got past Avast! be free)
It's hard to control AOL users (and the wife is an addicted online shopper), but with MBAM now installed and operational at least there's one more hopefully effective safeguard.


Quote:
I learned a few things (as usual here on SF) -
SFCfix will be new and improved!
FRST can kill off winsxs files.. although one of the pending deletes required a restart - has that already been done?
Yes, I rebooted whenever prompted either by the program's completion or because it was clearly appropriate.


Quote:
From the FRST fixlog:
Could not move "C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2163f246e720.0000" => Scheduled to move on reboot.
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2373a53dd39a.0000 => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-07 19:40:56)<=

C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.rpcss.dll.01cf2163f246e720.0000 => Is moved successfully.

These two $$DELETEME files did finally truly disappear following that final run of FRST and the reboot, as shown in my final screenshot above.


Quote:
So now you're helping your cousin in NY - did I read that correctly?
Yes! Very coincidental and surprising. I had no idea this had happened as I'd lost my RealVNC connectivity a few months back after trying to make some Verizon modem/router port-forwarding changes. Only after now installing TeamViewer was I once again able to get into his machine and see the awful state of things which had developed.


Quote:
Good luck with that project - open a new thread if you think you need help on that.
Looks like this one has been successfully "cured" using straightforward application of the Malwaretips "recipe", i.e. cocktail of assorted tools. I'm sure all the products contributed (as they each found something even after others had already previously been run), but again I noticed the most significant machine performance improvement after HitmanPro got run and deleted what it deleted, and the related re-boot.

It does not appear that any further outside assistance from the experts here at SF will be needed for this one. I guess he was lucky, being another AOL user, that the nature of his infection(s) were not as severe (as the infected RPCSS.DLL problem was on my friend's machine in this thread).

Many thanks again.
My System SpecsSystem Spec
09 Feb 2014   #103
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by dsperber View Post
~~~
Looks like this one has been successfully "cured" using straightforward application of the Malwaretips "recipe", i.e. cocktail of assorted tools.
~~~
I don't want to derail this thread, but your comment on the "cocktail of assorted tools" speaks to my rants in this thread: http://www.sevenforums.com/system-se...ml#post2685626

I understand that Kaspersky's root kit scanner might find a new rootkit that MSE does not know to look for, but there is no excuse* for MSE (and every other AV app) not finding old/known root kits that can be detected via online** scans.

*unless we are dealing with copyrighted detection methods. If that is the case, then playing the copyright card for root kit detection is just wrong too.

**while the OS is running. As opposed to offline scanners like WDO.
My System SpecsSystem Spec
.

Reply

 MBAM cannot remove "culprit" access to 5.45.64.145/5.45.69.131




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Remove "Restore previous versions" and "Share with" from context menu
Hello! ... How about removing these two: "Restore previous versions" and "Share with"
Customization
"access denied" when using "assoc" and "ftype" from cmdline?
I tried to associate the file extension .txt to a new editor program with the well known cmdline programs ASSOC and FTYPE. No, assigning them through WinExplorer menu does not work. But this is another problem which should not discussed here. When I type now one of the following...
General Discussion
remove the "open" and "merge" entries from context menu?
safe to assume its impossible to remove the "open" and the "merge" entries from the context menu? I figure if i want to open or merge them i would simply double click. Clutter and redundency in this vein dont suit me :P
Customization
MBAM Pro settings - how to automatically get "missed updates"?
I've been struggling with this problem (clearly must be a settings issue), but cannot seem to figure out what to do in order to avoid the problem symptom. Either that, or it's a program bug (which I will report on the MBAM forum, but I hate to post there because of "attitude"). I would like...
System Security
Firefox culprit for "reduced leading" in PREFS.JS: FLASH PLUGIN!!!
As I continued to try and chase down my "reduced leading" problem whenever I visited certain forum web sites and then closed/re-opened Firefox, I carefully compared my PREFS.JS from a "perfect, working" copy vs. what PREFS.JS looked like right after closing the very first Firefox session after...
Browsers & Mail
Remove "labels" from drive types in "Computer" window?
Hi there, I didn't really know how to google for this (although I did), so I didn't find anything proper and like to ask you: How do I remove the "labels" from drive types in "Computer" window? What I mean: http://dl.getdropbox.com/u/16751/computer_labels.jpg These labels above the different...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App