Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by pallino

  1. If it was your laptop, what would you do? would you use it i peace, reset it to day 0 and update all, or scan with other tools?
  2. But we have things that appear and we don t know how and why....corrupted system files, policy restrictions...maybe we should look deeper, if possible, or with other tools.... Thank you
  3. So No reason to worry how these restrictions got on my pc without doing anything,out of the blue ? You still think this device wasn t infected and can be used for transactions?
  4. just another thought...I googled IE policy restrictions and many results were referring to malware/MBR/VBR rootkits...to say the truth, knowing I didn't install nor update anything on the 26 (I think the logs shows this) and out of the blue I got these restrictions doesn't reassure me, it actually concerns me a lot. I read about a similar ase where the logs were fine but the system was still infected (some AV tol didn't run)....In my case I can run all I want but it could be tha really don't have anything or that te maware is smarter than the tools (this is more probale on my other laptop you aked me to restore to novemebr 2014). I just checked and saw that the policy restrictions appeared on the other laptop too but on the 15th of January.....is this oincidence or a sign of a spread infection? I hope you understand and there is else we can do to check this strange and very suspicious event. thank you
  5. I just checked the FBAR log and saw that now also in this laptop we have IE policy restrictions....there were not there on my last scan on the 11th.....is this related to the other laptop and a sign of a particlar kind of infection? I also saw that the system corrupted files as the policies restrictions appeared out of the blue on the 15th...can this be relate on his laptop to combofix so caused by it or by a still present malware after combofix was run)? If I restore windows to november we might get some deleted malware/files back but will still have the undetected one that we might have now (maybe not if they were dowloaded/"updated" later)....just to understand, if we didn't find the malware till now, how shoud it be easyer to find it with/after a restore? Does this make sense? thank you
  6. So No reason to worry how these restrictions got on my pc without doing anything,out of the blue ? You still think this device wasn t infected and can be used for transactions?
  7. But i didn t install nor do anything on the 26...that s what I i cannot understand... and what still warries me...a lot!
  8. What about the policy restrictions that appaered duddenly?? Isn t this not normal???? This laptop is new and already has all these strange things happening....i m not relaxed...anythi g else we can do to be rven more on the safe side?
  9. So before updating all? As suggested before i already resetted the router but thought that if it got hacked before with custom setti gs it shouldn t be a problem to hack ut again...that s why i adked if it is possible to test it in a way.
  10. ..and AVZ s and Roguekiller s report... I just saw that now Hitmanpro.alert doesn t warn about firefox being compromised when I start it normally but still does it when I run it in sandboxie... Are the suddenly appeared IE policies a (very) suspect event? thank you virusinfo_syscheck.zip RKreport_SCN_01282015_082650.log
  11. How probale is it that my router got hacked and so all other devices on the network? I m loosing trust in all devices right now.... Can we test deeply the router? After all the scans we did, how restoring the system to an earlier point would help to detect a today still undetected malware? What do I do after restoring, can I update all (windows, AV, programs... ) or what do you want me to do? To scan immediately with FBAR and AVZ ad EMSI of after all is updated? Can you please check all my questions? Since we have only one contact per day it's best to save time/days as much as possible. thank you again for your help and time!
  12. Hi Kevin, attached the new reports. I just checked and the policy restrictions appeared on the 27th scan report, were not there on the 26th....can the window.srepair tool have created them? If not, how did they appear????? What do we do now and what do you think about the security of this laptop? Was it infected? thank you Addition.txt FRST.txt Fixlog.txt
  13. Is this normal in a laptop only 3 months old, used few times for safe stuff only? Is this malware related or related to PGP (all my important files are cryptografied with pgp )? If malware, the probability the malware got on the laptop by surfing the WWW is very low since AV was installed immediately, at max protection settings and no usb device was ever attached (only a new printer)...windows as all programs were always updated. What do you think? What do we do now? Please let me know your thougts! thank you! I really need to use this laptop for some payments please let me know if you still think this laptop was and is safe or if it's safer to recover the system from backup disks created the day I used the laptop the first time, and to reistall and to update all programs (AVs, PGP, Firefox, HMPalert). Thank you!!! Addition.txt FRST.txt virusinfo_syscheck.zip _Windows_Repair_Log.txt Repair_Winsock_and_DNS_Cache.txt
  14. Update after the router question above. I cannot complete the scan with Kaspersky rescue disk...when I check after some time the window with the scan "disappeared"....I cannot start a new scan, nor kaspersky rescue, nor exit linux..I double click but nothing happens....but I can use the file manager..... What do you think? What do we do? Do we try another rescue disk or restore windows to November 2014? Pls let me also know what you think about the router, thank you!
  15. How probale is it that my router got hacked and do you know a tool thst is specialized in detecting this?
  16. I m scanning with KIs...the update of definition from 11.11.14 took 26 min...too long, or?... I have a macrium reflect back up, a paragon backup and a windows backup..any preference whih one to use? Why would this help to find a still unknown malware? Thank you
  17. Hi Kevin, in my last post I uploaded 2 old Fbar logs to show that I had WOT before and that then it "disappeared". I run the script and attached the new logs. I still don't know how WOT dissappeared before (now I reinstalled it)..... How oes it look like now and what can we do? thank you Addition.txt FRST.txt Fixlog.txt virusinfo_syscheck.zip
  18. Before I start, any other tool/program/beta/ "experimental" tool you want to (we can) test on this laptop? Is it worth trying a rescue disk? If yes, which one do you recommend? I have a macrium reflect back up, a paragon backup and a windows backup..any preference whih one to use? Why would this help to find a still unknown malware? Thank you!
  19. bad news...I started doubting about my memory since I thought I installed WOT as soon as I installed firefox and today I couldn't see it anymore...I was right..I had it (FBAR report of 7 januay 2015)..then it disappeared (and I never disinstalled it)........I'm getting crazy now....I like Coppefield/magic but not on my laptops! What do you say, can we have done it or was it some malware? thank you! FRST_07-01-2015_12-16-04.txt Addition_12-01-2015_12-08-54.txt
  20. so no reason to worry about the changes in rootkit "detection" by oguekiller in few minues?...just to be sure....really need to be since I need to do some online transactons.
  21. ok, I'll back up important files again ad restore windows to an earlier point ...apparently only have one (backp) of 19-11-14.... It might take some days so please keep this post open thank you!!!
  22. Great news, ...but why do I run roguekiller, delete the 4 registry keys, then rerun roguekiller and find way more entries under rootkits than few minutes before? I'm in paranoia mode, so have patience with me pls , but it looks strange to me.. Thank you P.S. today I saw that WOT (web of trst for firefox) is missing in firefox (I thought I had installed it before..was pretty sure I had it before) and reinstalled it ...now Htmanpro alert alerts me also in normal system (not in sandboxie) that firefox files were compromised.....also strange at least....
  23. This laptop didn't have system problems till few days ago (it is almost 3 yeas old now ) and I didn't do anything apart than scan and update....and after the file problems only chkdsk and sfc/ scannow... Can't it be that there is still some undetected malware/rootkit?? Can we (keep)check(ing) this if possible ? thank you! Please let me know what to do now. thank you
  24. Thank you! Were these registry entries malware related ? I rerun roguekiller and now I have many more lines under rootkit....is this normal? Please let me know what to do now! thank you RKreport_DEL_01212015_202727.log RKreport_SCN_01212015_203057.log RKreport_SCN_01212015_104156.log Addition.txt FRST.txt virusinfo_syscheck.zip
  25. This might be the best solution but I m still concerned since we don t know what I had since I cannot find the 2 files and the fact that suddenly corrupted files or 0 byte files appeared is very very very very strange. It would be helpful to find the 2 files and to give the malware a name and to know how to detect it in other devices if present there too , eg external usb backup drives. Can we do this before reinstalling windows? thank you
  • Create New...