1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware found on my computer... Not sure what to do.

Discussion in 'Virus & Other Malware Removal' started by Jiaife, Nov 25, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Hi everybody,

    I just ran a full scan with MalwareBytes, and it found a file called Keylogger inside my appdata. I opened it and it had a nice record of about 3 months of what I have typed, deleted it right away. Right now I'm kind of scared I might have malicious stuff on my computer, can anyone help me make sure it's clean ?

    - My computer has all updates
    - I use Avast as an Antivrus
    - I ran MalwareBytes scan, Avast and Spybot

    Only MalwareBytes managed to find malicious content, so I'm not really sure that Avast is a good choice anymore.. Can anyone help me make sure my computer is clean and get a better Antivirus if there is any better choice ?

    Thanks !

    Edit : I am running on Windows 7 Home Prenium 64 bits.
    I have also noticed a decrease in my computer's performance, I ran the usual stuff, CCleaner, disk cleanup, defrag, checked if there were any programs I am not using, all that stuff.
     
  2. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Bump.
     
  3. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.
    ----------

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Right-click and Run as Administrator dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt

    Attach.txt
    ----------

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------

    In your next reply please post the logs created by DDS and aswMBR. :)
     
  4. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Thank you very much for your help, Jeff. I appreciate it a lot, considering you are using your free time to help me and other people on this forum. This is very nice of you ! :D

    I performed the scans and attached the files you asked for :

    1. DDS.txt ;
    2. Attach.txt ;
    3. aswMBR.txt.
    The aswMBR scan also generated a MBR.dat file, just let me know if you need it as well.

    I also forgot to say that I am currently in training at a school, and I have noticed a drop in my computer's performance since then. I do not know if their network is infected by any malicious program, but if you find anything please let me know, as I will be able to tell an IT engineer whom will take care of that.

    I would also like to know more about what you are doing at the moment, did you receive formation on it at a school or something ? I would be pretty interested in being able to do this myself, as I am currently studying to become an IT engineer, I want to increase my range of abilities as much as possible.

    Thanks again, Jeff !
     

    Attached Files:

  5. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Jiaife,

    :) I enjoy it very much.
    -------------

    Just go ahead and leave that on your Desktop for now.
    -------------

    There are schools online that I can direct you to when we have finished what we are doing here. Just remind me so I don't forget. :)
    -------------

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Right-click and Run as Administrator CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
     
  6. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Thank you once again, Jeff.

    Here is the content of CKFiles.txt :

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\jean-fran├žois\documents\utilitaires\ophcrack\ophcrack-vista-livecd-2.3.1.iso
    c:\users\jean-fran├žois\documents\utilitaires\ophcrack\ophcrack-xp-livecd-2.3.1.iso
    scanner sequence 3.AA.11.QQAPAP
    ----- EOF -----

    Seems like it doesn't like OphCrack, if this stuff is bad I'll poop a little, because I have been using it for years. Err.
     
  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Jiaife,

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  8. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Please stay online if you can, I will post the report in a few minutes. I am on all day if you have more time.
     
  9. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    I am going to be going to another system shortly but will still be able to look over your malware logs there as well. I should be back on in about thirty mins or so. :)
     
  10. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Alright, the ComboFix scan is taking a while anyway, so I guess it doesn't really matters. I am on Stage 7 at the moment.

    Edit : Stage 48 now... This is taking so long, what is the program doing ? It said it would take about 10 minutes, it's been 2 hours. Err.
     
  11. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Sometimes it can take a while. Nothing to be concerned about. If there are problems we can always run it again. :)
     
  12. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    Finally !

    What does ComboFix exactly do ? I was unable to open anything after the scan, it was saying something that the registry key had been marked for deletion.

    I posted the report you asked for.
     

    Attached Files:

  13. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Go ahead and reboot your system. That should fix that problem. It may take a couple of reboots but it is nothing to worry about. :) I will look over your ComboFix log and be back as quick as I can. Turns out I am rather busy at work today.
     
  14. Jiaife

    Jiaife Thread Starter

    Joined:
    Sep 20, 2009
    Messages:
    62
    I did reboot as soon as I saw it, figured it'd do it. If not.. I have backups, so.

    Take your time, your work is more important than anything else, haha !
     
  15. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Jiaife,

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      File::
      c:\windows\KMSEmulator.exe
      
      Driver::
      aswFsBlk
      aswSP
      aswSnx
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028392

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice