wenapee

Member
  • Content Count

    21
  • Joined

  • Last visited

Community Reputation

0 Neutral

About wenapee

  • Rank
    Member
  1. That would explain why it only works in safe mode, I tried disabling AVG or Comodo firewall but it still did not work, there might be other processes in background from other installed security software such as emisoft and superantispyware eventho I disabled all active protection form these but it does not explain why these malicious entries from tencent reapear, so the pc might very well still be infected or left overs from the tencent infection still interfere with killswitch working properly. Just in case I will try to reformat and reinstall pc. Thank you very much for the help provided.
  2. https://www.virustotal.com/file/450c4c7050f0fe60066b190c0301981529848dd8f02ad61c1ef5ae53e7ecf23d/analysis/1345578941/ I dont think its the killswitch program itself. I redownloaded and/or renamed and nothing worked. Is it possible that with current used tools no malicious software can be identified (Earlier today I broke my recycle bin, because I was trying to fix it because I accidently deleted a map from another user profile using fileassasin tru the explorer window instead of the program itself. While trying to fix it I tried to log into administrator account in safe mode, but its not possible to log into it because pc gets stuck on loading user data. I assume the profile is broken as well. I assume recycl bin can be fixed by created new user profile and move all needed files an remove old user account. But lets assume worse case, if no serious infection can be found does not mean there is none especially since there appears something related to this tencent malware that something is blocking it from working. Then there was the combofix, you said it found something that appeared to be a rootkit and it fixed itself, in fact after that IE was running much faster, although it could also be the changed settings to IE that combofix made, If nothing can be found with these tools while there seems to be an infection would you recomend reformating PC also since recycle bin is broken and administrator account not working either and: quote from Elise: "BACKDOOR WARNING ------------------------------ One or more of the identified infections is known to use a backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:" )
  3. From their website http://www.comodo.com/business-security/network-protection/cleaning_essentials.php You can try it on your pc or secondary pc and see if those registeries get created at your pc. But I only downloaded and tried it out after the infection, which I described in my first post that along the qvod player tencent malware and trojans got installed as well.
  4. (note as you stated to not change any settings of the OTL, that means I ran it at default without LOP and purity check which was required to get a topic started) (Since I uninstalled some unnecesary programs and removed some unnecesarry files to try and free some HD space I rerun OTL in normal mode as well) Attached files in order: 1: OTL run in safe mode 2: new OTL run in normal mode (confirmed malicious registeries not present) 3: OTL run after trying to run killswitch (malicious registeries got created, confirmed)
  5. Ok first about the soso search: It was removed from IE only at my user profile. I run the fix at one other user profile to remove it there as well. To remove it at other user profiles should I run the fix on each individual user profile? Second: It appears that I found out why these tencent registeries appear. It was bothering me that the comodo program killswitch was not working. I tried to identify when these infections appeared by going thru some things that I did that might activate / create these registeries. So when I try to run killswitch these registeries get created. While starting killswitch it get closed by itself, so to me it appeares that malicious program / files is blocking killswitch from working. When I restart the pc these registeries are gone again. And when I try to start killswitch they appear again, and as mentioned I am unable to completly start killswitch (except in safe mode which I tried about a week ago).
  6. OTL log attached. So if these entries are being recreated and removed is it possible that it is caused by some kind of serious infections with possibly other affected unidentified files / registeries?
  7. I was re running superantispyware to remove the previously found entires (because I did not remove them the first time because I first wanted to perform your instructions to remove that soso search.) But it did not find the entries anymore, I guess it has some kind of same error as emisoft is having handling these entries. Or these infections get only activated after performing some IE actions on the pc? I will run the OTL scan now.
  8. OTL logs attached (I was running Superantispyware and it found some of the same entries from emisoft. I will try to remove them, log attached)
  9. Yes I tried to remove them now and these entries keep coming back. How about the soso search, is there anyway to remove it. I just reseted IE and it still is there wanting to make my IE the main search engine with no way to remove it. And from the combofix logs I saw it failed to remove some files, is it important to remove them still? thank you in advnace
  10. The Tencent traces that emisoft found 2 days ago and somehow could not find yesterday (as mentioned before). It found them today again. Did not remove any waiting for further instuctions.
  11. Scan will take a while, I wil attach the logs in some hours. I dont expect it to find anything at this point, I scanned with it previously. From the combofix logs I saw it failed to remove some files, is it important to remove them at a later point? Also do you think it is advised to still try to install the recovery console (maybe manually) since combofix was not able to install it. thank you in advance