Malware found on my computer... Not sure what to do.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Hi everybody,

I just ran a full scan with MalwareBytes, and it found a file called Keylogger inside my appdata. I opened it and it had a nice record of about 3 months of what I have typed, deleted it right away. Right now I'm kind of scared I might have malicious stuff on my computer, can anyone help me make sure it's clean ?

- My computer has all updates
- I use Avast as an Antivrus
- I ran MalwareBytes scan, Avast and Spybot

Only MalwareBytes managed to find malicious content, so I'm not really sure that Avast is a good choice anymore.. Can anyone help me make sure my computer is clean and get a better Antivirus if there is any better choice ?

Thanks !

Edit : I am running on Windows 7 Home Prenium 64 bits.
I have also noticed a decrease in my computer's performance, I ran the usual stuff, CCleaner, disk cleanup, defrag, checked if there were any programs I am not using, all that stuff.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------

In your next reply please post the logs created by DDS and aswMBR. :)
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Thank you very much for your help, Jeff. I appreciate it a lot, considering you are using your free time to help me and other people on this forum. This is very nice of you ! :D

I performed the scans and attached the files you asked for :

  1. DDS.txt ;
  2. Attach.txt ;
  3. aswMBR.txt.
The aswMBR scan also generated a MBR.dat file, just let me know if you need it as well.

I also forgot to say that I am currently in training at a school, and I have noticed a drop in my computer's performance since then. I do not know if their network is infected by any malicious program, but if you find anything please let me know, as I will be able to tell an IT engineer whom will take care of that.

I would also like to know more about what you are doing at the moment, did you receive formation on it at a school or something ? I would be pretty interested in being able to do this myself, as I am currently studying to become an IT engineer, I want to increase my range of abilities as much as possible.

Thanks again, Jeff !
 

Attachments

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi Jiaife,

considering you are using your free time to help me and other people on this forum. This is very nice of you !
:) I enjoy it very much.
-------------

aswMBR scan also generated a MBR.dat file
Just go ahead and leave that on your Desktop for now.
-------------

I would be pretty interested in being able to do this myself, as I am currently studying to become an IT engineer, I want to increase my range of abilities as much as possible.
There are schools online that I can direct you to when we have finished what we are doing here. Just remind me so I don't forget. :)
-------------

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Thank you once again, Jeff.

Here is the content of CKFiles.txt :

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\jean-françois\documents\utilitaires\ophcrack\ophcrack-vista-livecd-2.3.1.iso
c:\users\jean-françois\documents\utilitaires\ophcrack\ophcrack-xp-livecd-2.3.1.iso
scanner sequence 3.AA.11.QQAPAP
----- EOF -----

Seems like it doesn't like OphCrack, if this stuff is bad I'll poop a little, because I have been using it for years. Err.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi Jiaife,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Please stay online if you can, I will post the report in a few minutes. I am on all day if you have more time.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi,

I am going to be going to another system shortly but will still be able to look over your malware logs there as well. I should be back on in about thirty mins or so. :)
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Alright, the ComboFix scan is taking a while anyway, so I guess it doesn't really matters. I am on Stage 7 at the moment.

Edit : Stage 48 now... This is taking so long, what is the program doing ? It said it would take about 10 minutes, it's been 2 hours. Err.
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Sometimes it can take a while. Nothing to be concerned about. If there are problems we can always run it again. :)
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
Finally !

What does ComboFix exactly do ? I was unable to open anything after the scan, it was saying something that the registry key had been marked for deletion.

I posted the report you asked for.
 

Attachments

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi,

Go ahead and reboot your system. That should fix that problem. It may take a couple of reboots but it is nothing to worry about. :) I will look over your ComboFix log and be back as quick as I can. Turns out I am rather busy at work today.
 

Jiaife

Thread Starter
Joined
Sep 20, 2009
Messages
62
I did reboot as soon as I saw it, figured it'd do it. If not.. I have backups, so.

Take your time, your work is more important than anything else, haha !
 

jeffce

Malware Specialist
Joined
May 10, 2011
Messages
1,727
Hi Jiaife,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    File::
    c:\windows\KMSEmulator.exe
    
    Driver::
    aswFsBlk
    aswSP
    aswSnx
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top