WiredWX Hobby Weather ToolsLog in

 


descriptionWireless connections deactivated, malware detected EmptyWireless connections deactivated, malware detected

more_horiz
Hello,

I started looking for malware on my computer because wireless connections were suddenly deactivated. I didn't change any settings, and didn't install any new programs or updates so after trying to deactivate and reactivate the network adapters a few times, I looked for a virus. I followed your guide and found a few things. Still not sure if both problems are related, but I figured I would ask for help and start by removing the malware.

Since the infected computer has no internet connection, I was unable to update the MalwareBytes database, which might be a problem. I have another computer I can use to transfer files, so if you know how to update MalwareBytes manually, that would be helpful.

I will be very glad for any help. I realize most of you are probably on a break, if I should come back later, please tell me.

Thank you in advance for any assistance.

AdwCleaner Log:

# AdwCleaner v3.016 - Bericht erstellt am 28/12/2013 um 09:03:00
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 8.1 Enterprise  (64 bits)
# Benutzername : l.gal - SOL
# Gestartet von : E:\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\l.gal\AppData\Roaming\Mozilla\Firefox\Profiles\l51wpr9b.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [643 octets] - [28/12/2013 09:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [702 octets] ##########


MalwareBytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16384
l.gal :: SOL-[administrator]

28.12.2013 09:10:07
mbam-log-2013-12-28 (09-10-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462990
Time elapsed: 48 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\WinSxS\x86_microsoft-windows-atl_31bf3856ad364e35_6.3.9600.16384_none_3fc0044d754c0225\atl.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Windows\WinSxS\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.3.9600.16384_none_01428598f4095f36\iccvid.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


SecurityCheck Log:


Results of screen317's Security Check version 0.99.77  
  x64 (UAC is enabled)  
Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
System Center Endpoint Protection  
Windows Defender                    
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300  
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Common Files Microsoft Shared Microsoft Online Services smss.exe -?-
Common Files Microsoft Shared Microsoft Online Services csrss.exe -?-
Common Files Microsoft Shared Microsoft Online Services services.exe -?-
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
Common Files Microsoft Shared Microsoft Online Services audiodg.exe -?-
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


Last edited by Amelia84 on 28th December 2013, 7:25 pm; edited 1 time in total

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I have another computer I can use to transfer files, so if you know how to update MalwareBytes manually, that would be helpful.

Don't worry about the update. You can get the update after we establish a good connection to the internet. You can start by disconnecting the power supply to the modem for about 30 secs.

Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Thank you for responding so quickly.


Don't worry about the update. You can get the update after we establish a good connection to the internet. You can start by disconnecting the power supply to the modem for about 30 secs.

I tried to shut off the computer and remove the battery for a while (it's a laptop), is it what you meant? I have built-in wifi and UMTS cards, both of which are deactivated, and the switches to reactivate are greyed out, as if the computer was in flight mode (which it isn't). Activating and reactivating flight mode has been known to solve some connectivity issues in Windows 8, so I tried that, but no luck there.


The JRT Log:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 Enterprise x64
Ran by l.gal on 28.12.2013 at 20:06:06,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.12.2013 at 20:08:29,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


And the FSS Log:

Farbar Service Scanner Version: 05-12-2013
Ran by l.gal (administrator) on 28-12-2013 at 20:10:38
Running from "C:\Users\l.gal\Desktop"
Microsoft Windows 8.1 Enterprise  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 14:25] - [2013-08-22 14:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll
[2013-08-22 11:04] - [2013-08-22 11:04] - 0353792 ____A (Microsoft Corporation) A40B5232D325AC0200E73329F7F19F54

C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-22 14:25] - [2013-08-22 14:25] - 2549600 ____A (Microsoft Corporation) C9436791C9DD3B5206DDBB1F75EE3E54

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-08-22 10:56] - [2013-08-22 10:56] - 0827904 ____A (Microsoft Corporation) ACC04CBB75086D86031E0C63D0930B98

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-08-22 10:17] - [2013-08-22 10:17] - 3524096 ____A (Microsoft Corporation) B957B92C79A4CD138D5CFF1D20A9CF7B

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
********************************************************
The start type of wuauserv service is set to Demand. The default start type is Auto.


The start type of WinDefend service is set to Demand. The default start type is Auto.

I need you to check these two services for me. Right-click on My Computer, click Manage, click Services and click on Windows Defender and make sure it's set to Auto. Also, click on Windows Update and click Start Service in the upper left hand corner.

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
mrt.exe did not find anything.
The services are running.

Edit: The internet connectivity problem was not related to the malware one. I'm feeling like a bit of an idiot. There was an external switch on my Dell to deactivate wireless connections. It isn't labeled and I had no idea it was there, but my boyfriend did, as he also has a Dell. I must have clicked on it by accident.

Which only leaves the question whether I can now consider my laptop clean. I will leave that one to you.



Last edited by Amelia84 on 30th December 2013, 12:12 am; edited 1 time in total (Reason for editing : further information)

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Well, that is good news for both you and me. Let's run one more scan to see what turns up.
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Wireless connections deactivated, malware detected EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Wireless connections deactivated, malware detected EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Wireless connections deactivated, malware detected EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Wireless connections deactivated, malware detected EsetAcceptTerms
•Click the Wireless connections deactivated, malware detected EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Wireless connections deactivated, malware detected EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Wireless connections deactivated, malware detected EsetListThreats
•Push Wireless connections deactivated, malware detected EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Wireless connections deactivated, malware detected EsetBack button.
•Push Wireless connections deactivated, malware detected EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
ESET did not find anything, either.

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Good, how's your computer running now?

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
It's doing fine now.

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Ok, we'll do some cleanup and we're finished.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Wireless connections deactivated, malware detected Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

Wireless connections deactivated, malware detected Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
Thanks a lot for your help!

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.Happy New Year.

descriptionWireless connections deactivated, malware detected EmptyRe: Wireless connections deactivated, malware detected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum