Wait, JRT is NOT Mbam? Of course not, or its name would say it was....once again, ugh! To think I thought intelligence was one of my strong points! Oh, Crap! ESET is now in the red! It is not halfway done...Do I still run the Mbam, after? Of course, I have to run it. Then what?
Rambling on, (not a Zeppelin ref :) ...: I had to Stop the ESET scan during its last 5-8%, because lines blacked out. Example:
I am certain the scan was still in progress (?), but without seeing its results or my options what is the purpose to continue? Right before the screen put "blindfolds" on 8 threats were detected, but I did not take notice of where taking for granted a log would give me that info. I will run it again, but after Malwarebytes, again. I, still do not know if this is the right scan, because it looks no different.
I made sure "rootkits" was checked and covered all drives. What am I missing?
Thanks
Hi.
ESET have just updated their online scan recently and I can tell you, I have had the same exact problem on three different systems over the past 2 days. After a while, it just locks up too. I don't know what they've done, but it's not pretty.
I've had to select a custom scan and tell it to scan parts of drive C, then after that finishes I tell it to scan the next parts of drive C, and then the next, until I get through a full scan of the C drive. What a pain! Well, ESET should be done last, as it is usually the "all-clear" tell-tale scan for us. But, it seems we can't depend on them right now.
The log file for ESET can be found in %userprofile%\AppData\Local\Temp\log.txt
You can post what it's done so far.
Malwarebytes Antimalware (MBAM for short) log files are in the program in the HISTORY section; select Application logs on the left, then double-click the SCAN LOG from today and select EXPORT.
Bad news, but Malwarebytes will fix it, right? I have not done anything, but take a snapshot:
I assume "Remove Selected" is the correct choice, here.
Here is today's Mbam log (heavy sigh):
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Scan Date: 8/14/2016
Scan Time: 6:56 PM
Logfile: Mbam log 8-15-16.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.15.01
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x86
File System: NTFS
User: MyrnaZ
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 650015
Time Elapsed: 5 hr, 2 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Trojan.Poweliks.B, HKU\S-1-5-21-2048041476-2006749296-819459500-1035_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [baa397b466340a2c842de121ed13966a],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
No need to keep these quarantined, right? I should delete?
Last edited by myrnsterMash; 15 Aug 2016 at 10:11. Reason: Additional info
Yes, remove both entires from quarantine. They don't pose any threat there, but why have them on your system, eh?Here is today's Mbam log (heavy sigh):
Registry Keys: 1
Trojan.Poweliks.B, HKU\S-1-5-21-2048041476-2006749296-819459500-1035_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}, Quarantined, [baa397b466340a2c842de121ed13966a],
No need to keep these quarantined, right? I should delete?
Run one more scan please
Kaspersky TDSSKiller: Detect / Repair TDSS Rookits - Windows 7 Help Forums
Note: Tick Loaded modules last.
When this option is selected, a dialog window requests a restart to load a specialized monitor.
Press OK to restart your machine and load the driver - answer yes to the allow prompt after the machine restarts.
Hi.
Sorry for the delay, as I have been busy cleaning out an infected laptop this morning...
Poweliks is a very tricky infection, as it leaves no trace of it's infection anywhere except in some registry keys. It also brings in other infections. You can read more on it here:
logo-symantec-dark-source
Trojan.Poweliks | Symantec
Although MBAM is very good, and indeed identified what we're dealing with, I would like you to also follow the instructions here at Bleeping Computer, to make absolutely sure this infection is eradicated.
How to remove the Poweliks Trojan (Removal Guide)
Last edited by simrick; 15 Aug 2016 at 23:30.
The download is under "Reimage" compatible with my pc....when I clicked your link and then Kapersky download.
http://www.reimageplus.com/lp/sqh/in...keyword=direct
I am a pain, but trying to do things right. This is so ridiculous, but whatever "flips their switch," meaning those behind this dooky. I can imagine the theories of conspiracy are endless, or the discussions being endless, anyway...such as mine, here.
I am not going to second guess my better judgement, so I shall proceed. You do not want me bugging you endlessly like....ummm (I will not finish that sentence for fear of offending any, many, or all persons). Fill in the blank however fits best for you. Oh, by the way I could not find the log for ESET, so? Here goes....
Oh .... you just got bit by the ad bug on SevenForums.
If you're not logged on - you see adverts. Reimage must be one of those ads.
Do NOT download anything that isn't part of the tutorial
TDSSkiller
Virustotal uploader
are the only two things off the top of my head that you are directed to download.
Glad you asked - not a PIAn at all.
simrick pointed you to a specific removal tool for the detected malware. Run simrick's suggestion first
In the Bleeping Computer guide, it asks you to run some of the same scans you already ran.
Follow the guide step-by-step including the repeats - this makes sure no reinfection occurs
simrick might tell you otherwise - I'll defer to her on that.
, then run TDDSkiller, but ignore any downloads in the ads
Quote
