Jump to content

Would like to have a complete check of my computer for anything suspicious


Dwer23
 Share

Recommended Posts

Are you completely sure? Those logs are pretty long, how did you analyze them so fast? Would you say that my pc is clean if multiple virus scanners come up with nothing? I have scanned with emsisoft antimalware, malwarebytes, rkill, roguekiller, sophos, hitman pro, f-secure online scanner.

Can you say anything about that issue in the other thread?

Link to comment
Share on other sites

I know you just checked my logs earlier, but i would greatly appreciate if you could check these new ones... I think theres something weird on my pc because i went to sleep while youtubevideos were playing on (on mode where next video up coming is automatically started always) and some video was stopped at the end without moving to next one when i returned to my computer, so maybe someone with remote access to my pc did that. Also earlier I got some errors windows regarding Sourcetree git files which i kinda gave a pass earlier.

I ran my Emsisoft antimalware custom scan and it found nothing.


Here are new logs:

FRST.txt

Addition.txt

Link to comment
Share on other sites

Thank you for your response. But damn.. i know youve worked with my logs before but i would need your expertise for third time again, sorry!

I installed a game from steam and during the installation of directx or something i got warnings of something which was approved by network later, but also got behavior warning about the game itself when i tried to run it, (it also had anti cheat system). Also earlier before this, i think my monitor flashed black when i was watching tv (now i know this might sound like eye glitch / paranoid..) So i wanna make sure those warnings were false alarms by confirming my pc is clean in these logs.

Here are farbar logs

FRST.txt

Addition.txt

Link to comment
Share on other sites

Here is the forensics log from my emsisoft

Forensics_170930-024402.txt

 

Also i know i still have zemana, but i wasnt sure if you meant that Zemana only gives issues when used as real time protection on top of current programs, so i kept it for now. I use it on demand scanner only.

 

Now that im looking at my emails, i may have gotten password reset email on my emsisoft support forum account that i didnt initialize. I did request password reset earlier though. Maybe someone else tried to change my password?

Please be extra cautious for anything you might feel is suspicious when reviewing those farbar logs.

Link to comment
Share on other sites

Virtually ever game made makes use of a rudimentary keylogger.  Games need to monitor key stokes, cursor position, and button clicks.  Most modern games have some kind of update feature, which is is technically a Trojan.backdoor and many games use inject code into Microsoft processes.  These are normal behavior for the most part.  There are thousands of Windows games available for download. It is not feasible to download and test all of them and create white-list rues for each and every game.  This is were it becomes incumbent on the end-user to know what they are downloading and installing and what modifications it is making and its behavior.

If you got the password reset request notification and not a notification that the password was reset, then you should be OK.  If you are not comfortable that your password was not compromised, then change your password.

Link to comment
Share on other sites

Thanks for your answer.

After that post, i actually just went and erased my ssd just to be sure. But now, in my clean system i have some issues. Hitman pro came up with log which is attached to this post, and F-secure online scanner doesnt start up, it tries to start to load up but comes up with error "Could not complete the operation", something fishy is going on which prevents this program running. Other virus scanners run normally. Also my internet has been behaving oddly recently, some downloads are really slow (like 50kbps.. when normally 2MBs, and others at max speed) Something is going on. I scanned pc earlier with Trend micro housecall, can you confirm if those hitman findings indeed are from Trend micro? Or did download some trendmicro software with malware? I did download it from https://www.trendmicro.com/en_us/forHome/products/housecall.html

Here are also newest far bar logs:

FRST.txt

Addition.txt

HitmanPro_20171005_0246.log

Link to comment
Share on other sites

Oh and heres also roguekiller log:

Especially part [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4B626774-E071-43F3-A16A-11FA4AAF0ECD} : v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Pws\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe|Name=rule4scaner|Desc=rule4scaner|EmbedCtxt=rule4scaner|Edge=TRUE|Defer=App| [7] -> Found

rogkiller.txt

 

Link to comment
Share on other sites

I also got another email about password CHANGE immediately after i changed my password, though the emails have same timestamp and I tried to see if my password had changed from what i set it to be, i could log into with what i was set it to be. So maybe technical error on emsisoft support site?

Link to comment
Share on other sites

Thank you for response, its glad to hear logs are normal. About the emails, it happened that i changed my password in my mobile phone in account settings, and if i press the "ok" button in password change screen twice during it loads up, it seems to send two emails about password change. The f secure online scanner started working again by itself.

Link to comment
Share on other sites

Yeah, the website password reset request likely registered multiple request.  Hence the multiple emails.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

  • Click the Run button.


When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

To Remove EEK simple delete the EEK folder in the root of your System Drive, normally C:\EEK

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!
Link to comment
Share on other sites

Question, if there was malware on system, how likely it is that it would not show up in farbar alongside roguekiller, hitman pro, emsisoft, f secure scanner and trend micro scanner? I know there are some pretty advanced CIA tools out there, but no one can really do anything about those since they are leaked only years after theyve been in use.

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...