Techbrowsing adware

Page 3 of 7 FirstFirst 12345 ... LastLast

  1. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #21

    I'm so sorry that I'm late to this topic!!
    I didn't get the email that I should have from Barman58

    Please Download DDS from one of these links:
    DDS.com

    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.
      My Computer


  2. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #22

    Jacee said:
    I'm so sorry that I'm late to this topic!!
    I didn't get the email that I should have from Barman58

    Please Download DDS from one of these links:
    DDS.com

    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.
    Will run later or tomorrow, its doing scans and will take the day. Im sorry to keep you waiting but its caught up right now
      My Computer


  3. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #23

    I am not running anything for the meantime as i was using youtube on the first pc and i opened and started rougekiller, chrome crashed and things went unresponsive for a few mins. Rougekiller found chrome had hooks but when i looked it up it was legit, i will post that log later, but more worryingly i have a log from a second run of rouge killer and explorer.exe has hooks:
    RogueKiller V11.0.9.0 (x64) [Jan 24 2016] (Free) by Adlice Software

    mail : Contact - Adlice Software

    Feedback : Adlice forum

    Website : RogueKiller Anti-Malware free download

    Blog : Adlice Software - malware analysis



    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : MY USERNAME [Administrator]

    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

    Mode : Scan -- Date : 01/27/2016 21:45:42



    ¤¤¤ Processes : 0 ¤¤¤



    ¤¤¤ Registry : 0 ¤¤¤



    ¤¤¤ Tasks : 0 ¤¤¤



    ¤¤¤ Files : 0 ¤¤¤



    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤



    ¤¤¤ Antirootkit : 30 (Driver: Not loaded [0x10000]) ¤¤¤

    [IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll!NtSetSystemInformation : Unknown @ 0x701e0 (jmp 0xffffffff884d1140|jmp 0xfffffffffffffe19|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtWriteVirtualMemory : Unknown @ 0x703a0 (jmp 0xffffffff884d2650|jmp 0xfffffffffffffc59|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtDuplicateObject : Unknown @ 0x70380 (jmp 0xffffffff884d2610|jmp 0xfffffffffffffc79|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateEvent : Unknown @ 0x702c0 (jmp 0xffffffff884d2490|jmp 0xfffffffffffffd39|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeKey : Unknown @ 0x70480 (jmp 0xffffffff884d1bf0|jmp 0xfffffffffffffb79|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtTerminateProcess : Unknown @ 0x703d0 (jmp 0xffffffff884d2760|jmp 0xfffffffffffffc29|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenEvent : Unknown @ 0x702d0 (jmp 0xffffffff884d2520|jmp 0xfffffffffffffd29|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAssignProcessToJobObject : Unknown @ 0x70390 (jmp 0xffffffff884d2160|jmp 0xfffffffffffffc69|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtSetContextThread : Unknown @ 0x703f0 (jmp 0xffffffff884d1510|jmp 0xfffffffffffffc09|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtCreateSection : Unknown @ 0x70300 (jmp 0xffffffff884d24b0|jmp 0xfffffffffffffcf9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtOpenProcess : Unknown @ 0x70360 (jmp 0xffffffff884d2750|jmp 0xfffffffffffffc99|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtNotifyChangeMultipleKeys : Unknown @ 0x70490 (jmp 0xffffffff884d1bf0|jmp 0xfffffffffffffb69|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtQueryObject : Unknown @ 0x70440 (jmp 0xffffffff884d2990|jmp 0xfffffffffffffbb9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateIoCompletion : Unknown @ 0x70340 (jmp 0xffffffff884d2020|jmp 0xfffffffffffffcb9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSection : Unknown @ 0x70310 (jmp 0xffffffff884d25f0|jmp 0xfffffffffffffce9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateSemaphore : Unknown @ 0x702a0 (jmp 0xffffffff884d1e90|jmp 0xfffffffffffffd59|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff884d1920|jmp 0xfffffffffffffd49|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateMutant : Unknown @ 0x70280 (jmp 0xffffffff884d1f00|jmp 0xfffffffffffffd79|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenMutant : Unknown @ 0x70290 (jmp 0xffffffff884d1950|jmp 0xfffffffffffffd69|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateTimer : Unknown @ 0x70320 (jmp 0xffffffff884d1ee0|jmp 0xfffffffffffffcd9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenTimer : Unknown @ 0x70330 (jmp 0xffffffff884d1960|jmp 0xfffffffffffffcc9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateThreadEx : Unknown @ 0x703c0 (jmp 0xffffffff884d1f90|jmp 0xfffffffffffffc39|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtTerminateThread : Unknown @ 0x703e0 (jmp 0xffffffff884d2500|jmp 0xfffffffffffffc19|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtOpenThread : Unknown @ 0x70370 (jmp 0xffffffff884d19b0|jmp 0xfffffffffffffc89|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtSuspendThread : Unknown @ 0x70420 (jmp 0xffffffff884d1290|jmp 0xfffffffffffffbd9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtAlpcSendWaitReceivePort : Unknown @ 0x70470 (jmp 0xffffffff884d2270|jmp 0xfffffffffffffb89|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ rpcrt4.dll) ntdll!NtQueueApcThreadEx : Unknown @ 0x70430 (jmp 0xffffffff884d1770|jmp 0xfffffffffffffbc9|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ gdi32.dll) ntdll!NtVdmControl : Unknown @ 0x70270 (jmp 0xffffffff884d0ff0|jmp 0xfffffffffffffd89|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ws2_32.dll) ntdll!NtLoadDriver : Unknown @ 0x701d0 (jmp 0xffffffff884d1a30|jmp 0xfffffffffffffe29|jmp 0x19b)

    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ntmarta.dll) ntdll!NtOpenEventPair : Unknown @ 0x702f0 (jmp 0xffffffff884d1a20|jmp 0xfffffffffffffd09|jmp 0x19b)



    ¤¤¤ Web browsers : 0 ¤¤¤



    ¤¤¤ MBR Check : ¤¤¤

    Not needed in post ^
      My Computer


  4. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #24

    Jacee said:
    I'm so sorry that I'm late to this topic!!
    I didn't get the email that I should have from Barman58

    Please Download DDS from one of these links:
    DDS.com

    DDS.pif
    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt <--- will be minimized in the task tray
    • Save both reports to your desktop.
    Include the contents of both logs in your next post.
    Before i follow your instructions can you look at the above log
      My Computer


  5. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #25

    My solution to this strange infection, since its not in files or programs, is a inplace upgrade repair install tp remove nastys from the registry and windows files.
      My Computer


  6. Posts : 51,354
    Windows 11 Workstation x64
       #26

    Don't follow the experts advice then, I'm sure you know better
      My Computers


  7. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #27

    yomama365 said:
    a inplace upgrade repair install .
    Hi,
    Never heard of one of those :/
      My Computer


  8. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #28

    I was just posting it out there. It is possible that i have ZeroAccess rootkit hiding this malware but i dont know for sure as i only researched. Tdsskiller comes back with nothing and id run follow the experts advice but its not advisable to boot a system and let a rootkit run round when i have no recent backup. Also tdsskiller driver fails to install or is blocked from doing so, rougekiller driver also failed to install a driver, yet normal drivers install for my mouse and gpu.
      My Computer


  9. Posts : 99
    Windows 7 pro x64 (or win 10 pro)
    Thread Starter
       #29

    ThrashZone said:
    yomama365 said:
    a inplace upgrade repair install .
    Hi,
    Never heard of one of those :/
    Basiclly like upgrading from 7 to 10 but im "upgrading" from 7 to 7. This replaces windows files and could remove the infection or at least stump it back a bit. Im not ignoring the expert but i do not feel at all safe booting into the os. If i had a backup it just screw it and format on the spot but for me to get my data off without the infection coming with it i need to minimize how much it does, and it already looks like its done more than i was wanting to let it. Running kespersky rescue disk 10
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #30

    So sorry we can't help you if you insist on running your own scans with no knowledge of the scan results.
      My Computer


 
Page 3 of 7 FirstFirst 12345 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:59.
Find Us