Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by pallino

  1. Auturuns window disappeared! Thank you. System is running better but still not "smooth", sometimes it is slow to respond (e.g to close a window).... What did you see so far, what did I have? thank you Addition.txt FRST.txt Fixlog.txt
  2. Hello Kevin, I run AVZ. First time it "stopped running" during scan. HMPAlert still sees Firefox as not safe... thank you virusinfo_syscheck.zip
  3. Windows starts now with an explorer page open at C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (snap shot attached)...don't know why... Tried to update windows: since 31-12 available only defender definition. During download Windows update page froze. Did I get a rootkit or what did you find? Thank you Addition.txt FRST.txt virusinfo_syscheck.zip
  4. Hello Kevin, I can upload files now to virustotal (couldn t some days ago) but Hitmanpro.alert still finds Firefox files corrupted (in sandboxie).... Since this laptop is on the same network as the old desktop that had the strange (probable) motherboard failure and the other laptop that had something too, do you want me to scan with AVZ or what do you want me to do? thank you!
  5. Hello Kevin, I attached the new AVZ report. What did you/AVZ find before? What were the acquni and the vhjrap? I think it starts a little bit faster, but still not as "before". Today when I restarted the laptop, before running the script, I got a message that asked me if I wanted to change a startup entry (apparently ccleaner). Since I didn't install anything in the last days (I was travelling) I denied. At next reboot, the laptop started with an explorer page open at c:/program files/............./"AutorunsDisabled"..... Thank you again for your help! virusinfo_syscheck.zip Addition.txt FRST.txt
  6. Hello Kevin, attached the new reports. Thank you! Addition.txt FRST.txt a2scan_150107-112350.txt
  7. Hello Kevin, please find attached the new reports. I also tried to run AVZ but "the program stopped working" and was closed. Thank you!Addition.txtFRST.txta2scan_150107-004613.txt
  8. Hello Kevin, thank you!!! Pls find attached the Fbar log. I couldn't run the script in AVZ, can you please check it? What do you think it's going on on this laptop? Thank you Have a great week-end! Fixlog.txt
  9. Hello Kevin, thank you! :) Pls find atached the new log. What's your diagnose, what does my laptop have/had? thank you Fixlog.txt
  10. Since I'll be travelling till next Tuesday I upload also the logs of my first laptop (I hope it helps if not, pls forgive me if I already started AVZ) , the one that alarmed me at the beginning....hitmanpro.alert told me firefox is compromised, DISF command gave error 87, sfc scannow gave errors, e.g. beep.sys, TDSSkiller found first unsigned files, then no more...proxy appaired in configs......slow at boot, most after password is inputted.... I'm really concerned and I'm sorry if it's just "paranoia".....I really appreciate your help, patience and time!!! thank you!!! a2scan_150102-112944.txt Addition.txt FRST.txt virusinfo_syscheck.zip
  11. Hello Kevin, happy new year!!! Thank you for the update! You are the expert and it seems the problems on the old desktop are hw related (even thoug it's strange that all started after Avast found a gen virus and froze..than EMet disappeared but te pc was still working as the HD/moterboard). I trust you and will refomat the HD and add it to a new MB/desktop. I'm stil concerned since other strange things are happening.... Before yesterday I turned on a new laptop (3 months old), just used few times and only for safe staff. I updated the AV and did some online banking. After restarting widows I saw that it took forever to start (4/5 minutes, before it was around 45 sec). This happened for 2/3 restarts. Hitmanpro.alert now tells me that firefox's files are corrupted, but no AV can find anythig.... I tried to upload some files to virustotal but couldn't.... I attach Emsi and Fbar's log for this laptop. Can you pls have a look at these too? thank you!!!!!!! a2scan_150102-114855.txt FRST.txt Addition.txt
  12. Corrupted by hardware failures/many sudden shut down or by malware, by malware that caused the failures/shutdowns? AVZ4 marked many files are suspicious and one is marked as corkow.f...what is the cause of all problems ? Many strange things happened in the last 6 month, too many to be a (bad) coincidence...or? If it's malware related, why did no program detect anything till AVZ4? What can I do now? Are other devices also infected now? How can I test these (other pcs, smartphones, tvs , blu-ray players,etc)? If ithis is caused by hw (motherboard ) failure, f.e, how could I get the cidox.c in the VM with a newly installed system just used till then to update windows, the VM, Defender, and the AV in the VM? Then, how could Emet disappear after Avadt found a gen virus in a file I was downloading and then Avast stop working snd get disactivated? Than you again for your help Happy new Year!
  13. I remembered another issue I had before..the first time I set up the test pc as described in my first post, while updating windows and programs in the VM, Avast found Cidox.c in 3 snapshots. Since I had a backup and the malware found was in the VM s snapshot, I tried to recover the image by macrium Reflex but couldn t since the hd was locked.(?)... I formatted and reinstalled windows and programs from scratch. Then I had the problems described here. Can't it be a new variant of malware not detected yet by Tddskiller? Anything else I can do, scan with? Too many strange things happened.....I hope there is more than can be done to be more on the safe side.... thank you
  14. Avast's free subscripton is still expired (why?) and I cannot renew it...apparently I cannot connect to internet....I tried to run the install program and saw a message telling me Avast was corrupted, I think avadtSP.exe and to run avastclear or something similar...1 second later the desktop turned off, like if I unplugged the power cord.....strange coincidence again....
  15. luckily I managed to start the old desktop and to run this scan. i couldn t download the TDSSkiller from the link above, got " http error 503. The service is unavailable" message. I run a copy I had on the hd downloaded before from bleepingcomputer.com or from Kaspersky.com The scan took 20 minutes... thank you! TDSSKiller.
  16. I m not obsessed with bios, router viruses ....but I suddenly lost a laptop few months ago, now a desktop MB is dying ...smartphones are rebooting too ofter for my experience, internet is slow sometimes...weird things happened on the desktop before it decided not to boot anymore....and I cannot find what it is....all programs I used crashed, stopped working or do not find anything It can be that I m am over "sensible " as that something is hiding and is still unknown, undetected. I don t like this idea and cannot accept the doubt..nor to close my eyes and keep going as nothing happened....I think you understand. Little is known/public about bios, usb, router infections and about what to do to prevent, detect, cure these infections....who gets one will have a hard time to find it out, to detect and cure it...I wonder if I m in this situation... I ll connect the hd to another desktop and scan it with Tddskiller and post the report. Merry Christmas!
  17. What about medroni, cidox, Tdss, and their new variants/new versions etc...isn't it possible to get infected by them before a signature/detection is available? In case of a Bios rootkit, a scan started from a rescue cd should/could detect some malicious software on the HD or do bios rootkits only (re)infect HDs after boot from the infected Motherboard/Bios (and so be detected only on a running OP system)? I'll try to start windows and to run TDDSkiller on the old PC....in case it's not possible, does it make sense to scan the HD with TDDSkiller in another PC? Merry Christmas!!
  18. Hello Kevin, thank you! I made some test during the week-end. The HD passed an extensive Smart test. Memory is fine too. Apparently the Motherboard is the one that has a problem....the second within 6 months in two pcs.... In case of a Bios rootkit, a scan started from a rescue cd should/could detect some malicious software on the HD or do bios rootkits only (re)infect HDs after boot from the infected Motherboard/Bios (and so be detected only on a running OP system)? I'll try to start windows and to run TDDSkiller on the old PC....in case it's not possible, does it make sense to scan the HD with TDDSkiller in another PC? In case of a Bios rootkit, since both PCs have a Phoenix Bios, starting the "new" desktop with the "infected" Hd could infect the "new" Bios? Is this possible even if highly unprobable or impossible since different pcs/motherboards with different Bios versions? Thank you!
  19. I forgot that I run a smart hd test from a rescue cd, the computerbild rescue cd6, and tge smart quick test said no error were found.... What happened whith Emet, how coild it disappear? Why could I download and install Emsisoft but not tun it (all under windows)? Last time I could start the pc, suddenly Avast free is not activated anymore even though it was before......very strange.... As said, I m really concerned some new malware is hiding in bios, router,firmware, ....or is still undetected.... I hope you can help!!! Thank you
  20. I m really concerned also because this would be the second system that failed in the last 6 months...last September a laptop started having problems....Windows was rebooting/ shutting down in a loop. I managed to stop it and to reset windows using an older restore point. The next day the laptop was dead, no signs of life at all, no lights, no bios, nothing. This is the second case....could be a bad chance as very very suspicious. What do you suggest me to do to be 100% (or as much as possible) sure? What infos/files do you need from the old HD? Pls let me know how I should proceed, what to do. thank you and nice week-end!! P.S. The Hd that is failing now is not the one from the old laptop...the one in the old laptop was a brand new one....
  21. Hi Kevin, I read the thread and I attached all files I could since suddenly after I started looking for help online and to write the summary of my last weeks the HD started to fail and it's very difficult and rare to be able to access it....very suspicious at least...sorry for the confusion and the many messages but I didn't want to loose the (maybe last) chance to upload documents that might be helpful (that were created right after the alert was displayed). I'll try to upload emsis 's logs created on 14 December right after all started (only 2 registry keys were found, the "DISABLETASKMGR and the DISABLEREGISTRYTOOLS") unless I manage to boot the pc and to scan with the new database. Unfortunately last time I was able to start the hd and windows Emsi didn't load. I could download and install the new version but still not start Emsi.....nothing happened.... Should I try to clone the HD by using a rescue disk or it is better to wait since I might infect the new HD too? Did you find anythig suspect in the files I uploaded? thank you!
  22. with attach gmer old report gmer141214.log
  23. mbrmster MBRMastr_2014.10.27_21.42.46.txt
  • Create New...