Results 1 to 4 of 4

Thread: Just Seeing if anyone could give this a gander.

  1. #1
    Junior Member
    Join Date
    Jun 2016
    Posts
    2

    Default Just Seeing if anyone could give this a gander.

    I have been having a pretty bad virus problem at work. 90 some crappy wordpress websites were infected. I carried something home with me and have been dwindling the infection down. But now i am in unknown territory so any help would be cool. Thanks in advance.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","C:\ProgramData\Razer\Synapse\Modules\SystemInfo:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\RocketDock:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Razer\Synapse:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\NETGEAR\A6100:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\MSI\Live Update:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\RedistList:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Core-Static:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\SUPERAntiSpyware:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\ATI Technologies\ATI.ACE\Fuel:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
    File:"Unknown ADS","C:\Program Files\AMD\ATI.ACE\Fuel:Win32App_1:$DATA"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\ADOVMPPackage","Final"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
    RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello Thedude87,

    The log alone isn't showing a rootkit.
    Quote Originally Posted by Thedude87 View Post
    I have been having a pretty bad virus problem at work. 90 some crappy wordpress websites were infected. I carried something home with me and have been dwindling the infection down. But now i am in unknown territory so any help would be cool. Thanks in advance.
    Is this a personal computer that you take to work, please provide more information.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jun 2016
    Posts
    2

    Default

    Personal PC. I believe the infection was carried home through my cell phone or USB storage. Any time I would run a .exe the PC CPU and disk would run like crazy. And whatever the mileage was it would change registry files and group permissions. I think I have all of that taken care of. But now when I scan for spyware after a night of browsing while gaming the scan the next morning may have anywhere from 80-1400 .sql cookies. Not normal correct?

    P.s. sorry for delayed response forgot to set email veri.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hi Thedude87,

    USBs that have been inserted into machines at school or work can be dangerous for a home computer and vice versa.

    It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •