sparta

Member
  • Content Count

    4
  • Joined

  • Last visited

Everything posted by sparta

  1. hi, sorry for replying late actually system stopped working at all so used a old image backup to restore windows 10 clean image on computer also formatted other drives as well before doing so, but as it happens in past this time again the infection came back. So when just it was working fine ran autoruns and saved the entries and ran again when it got infected on its own and save entries again, how ever it is to mentioned here that other exe were not opening at all but autoruns.exe ran fine if run without admin previledges. if u want i can share the autoruns before and after infection files. or the whole vmware machine (several GB) I have made a vmware machine of the infected system which behaves in the same way. malwarebytes did not install in normal mode access denied to exe msi etc. so boot into safe mode and installed malwarebytes and ran scan but nothing was found. ran emsisoft emergency toolkit updated but nothing found. emsisoft log attached frst log attached. let me knw how to fix this. regards sparta Addition.txt FRST.txt scan_180811-230445.txt
  2. Hi kevin thanks for replying, I have removed other antiviruses but remianed malwarebytes but disabled it when running scan, also i have paid for outpost so have not uninstalled it as it still is the best firewall out of the ones tried by me that is compatible with most of the products plus for least sevral years it has worked without issue. I have also disabled it when running scan. i have attached the log as required by you after disabling other malwarebytes and outpost. pls let me know what to do now. Fixlog.txt
  3. Hi Stapp Namaste & thanks for replying. I have some more details for u that i forget last time. Also when the infection first started display driver told to be corrupt etc and now or then intel display componets asked for some permissions to ntoskernel etc and wifi stopped working and dns service took large CPU percentage, with only bitdefender installed at that time. so went to wifi adapter and put manual IP and dns. then it worked. however it used to work without that in past. As avast was taking high cpu and not detecting anything so renamed its folder (in safe mode) in programfiles but did not uninstall it. Also ran the aswmbr.exe avast rootkit tool earlier but it gave BSOD when trying to read xbox drivers(like xinputhid.sys shown as virus by virustotal.com (https://www.virustotal.com/#/file/682d1f32dd1bbeb031d5129ce40d9c77d3c6cf4fb5979f1918b2482af617b5be/detection) https://www.hybrid-analysis.com/sample/682d1f32dd1bbeb031d5129ce40d9c77d3c6cf4fb5979f1918b2482af617b5be) and showed for a split second that that file was locked so used ubuntu to delete all the xbox drivers thinking they might be infected, used autoruns to remove them from loading in drivers and services. (deleted xboxdrivers included as zip). it still did not run fine and gives BSOD in end. so installed malwarebytes but it got disabled by its own on reboots. So installed emsissoft but it did not detect anything. however automatic password changes stopped and malwarebytes also works everythime now guess it can not handle malware without emisoft support. Also I have many portable apps from portableapps.com but some of them work other do not at all however they can be seen in taskmanager. for those who work emsissoft saays it looks like malware but i says it to trust it only then it runs. is it normal. portable apps are on drive other than system drive. Also if i disable emsisoft malware and malwarebytes (as i did for emsisoft kit scan and frst scan), and then restart emsisoft then SERVICES.EXE wants access to exe's of emsissoft according to outpost firewall. and when access is granted emsisoft window open but hangs with coursor busy and no other program opens as well. so basically every window that is already open will be working but as you try to do something that program hangs as well. and i have to restart. and malwarebytes did not start even. have now inculded the emsisoft kit scan and frst reports as well. do u have a rootkit scanner that can be run from usb like offline scan. Also can emsisoft be asked to report on UAC automatically if the services have been disabled. pls let me know what can be done next. regards. Addition.txt FRST.txt xbox deleted files.zip scan_180804-123439.txt scan_180804-124604.txt scan_180804-125225.txt
  4. Hi i have a persistent malware infection in win10x64 (latest updates till aug 2018) i have did clean install several times (i have other drive as well that has data which was not formatted) but after working for some time infection returns usually after reboots or installing software or doing windows update etc. following happens 1)avast antivirus does not detect any thing but continously uses around 10% CPU. 2)installed malwarebytes, but some times it works other times malware protection and ransomware protection turnf off by own and do not turn back on. 3)bitdefender antivirus does not detect any thing. 4)comodo antivirus also does not detect any thing but uses 25% cpu. 5)Avira antivirus also does not detect anything. if computer goes to sleep or if it is restarted, then the password of computer gets changed by malware i have to reset using 3 secret questions (win10x64). 6)if malwarebytes is able to work then ok otherwise taskmanager or any other app says you dont have permissions etc. Also System tries to go udp pot 137 log copy of outpost firewall blocked logs SYSTEM OUT UDP 131.253.61.86 137 SYSTEM OUT UDP 131.253.61.82 137 SYSTEM OUT UDP 131.253.61.64 137 SYSTEM OUT UDP 13.107.4.52 137 SYSTEM OUT UDP 104.27.128.190 137 SYSTEM OUT UDP 104.20.94.33 137 SYSTEM OUT UDP 74.125.24.188 137 hence now formatted system and reinstalled win10x64 (i have other drive as well that has data which was not formatted)and installed emsisoft antimalware, it also does not detect any thing. then read ur manual malware removal guide. ran Autoruns and the found detected viruses by virustotal. entries of virustotal show some files are infected but that has been detected by one antivirus company only. I copes all these files to a folder and zip them and ran analysis on virustotal https://www.virustotal.com/#/file/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9/details and hybridanalysis as well https://www.hybrid-analysis.com/sample/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9 , they said infected. uploaded on of the files to hybridanalysis.com and ran on win7x64 it also said infected. when i turn off emsisoft to check the above mentioned issues return back. what can i do now? how can i replace these infected files or if u can add this to ur virus database and remove it somehow. or tell me steps to do to get this resolved. regards. sparta Infected files.zip