Jump to content

featherless

Members
  • Posts

    5
  • Joined

  • Last visited

About featherless

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA
  1. Rather I meant I wasn't sure if it did anything. I wasn't doubting its capabilities. Maybe eset just needs a reinstall? perhaps I truly did get rid of it? I am using my computer right now to do things and all the oddities are gone.
  2. SERVICE_NAME: ekrn TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 1 STOPPED WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 Also, I tried EEK again, TDSS, and ERA and nothing. I ran ccleaner as well but I am not sure if that does anything. Eset still has problems talking to the kernel. Also, ever since I ran hitman pro the first time and when I boot up into regular windows there is a run error for a conduit thing. I will write it down when I boot up again.
  3. I have tried EEK and TDSS Killer. I will try ERA, ccleaner, and sysrescue now.
  4. Thanks for the reply Arakasi. I edited the post. I just ran eset and spybot in safemode. Eset was able to function in safemode. I returned back to normal windows and eset kind of worked for a little. The program was open but the control panel was blank white. After a about a minute the error window reappeared saying it had an error communicating with the kernal. So whatever it got rid of in safemode just re-executed itself. I will try what you said Arakasi. EDIT: Also, I have only tried eset and spybot. The version of eset I am using is a 30-day trial version. I just downloaded it a couple hours ago off the website. EDIT2: I just ran rkill and it found two processes: * C:\Windows\SysWOW64\ExMgr.exe (PID: 4300) [WD-HEUR] * C:\Windows\system\ATLOISAService.exe (PID: 4556) [WD-HEUR] EDIT3: Also, pretty sure it is not a conduit issue. I accidentally installed a conduit search bar extension while installing a legitimate program. I believe it was mumble or something similar, I am not remembering at the moment. I know exactly how I got this issue and I am pretty sure it is not conduit (then again you never know. I don't want to rule anything out). ***EDIT 4: Possible solution? Thank you Arakasi for all the suggestions. I grabbed everything just in case I need to use them. I decided to try out Hitman Pro first. I booted into safemode with networking mode. I ran rkill first and let that run. Then I ran hitman pro. It detected a number of conduit and rocketfuel entries both of which was on ignore at first but I deleted all of them. There were also a number of cookies. I am not sure if it is fixed yet or not, but I can now at least run eset on normal windows now which is a good sign. Not sure how to make sure everything is cleared. ***EDIT 5: NOT SOLVED Things seemed to have been functioning much better and how they should. While making up for lost time for a couple hours and while malwarebytes was running a full scan, everything was fine. After the full malwarebytes scan and some more conduit registries found, I restarted my computer. Once the computer was booted back up again, eset once again had the kernel issue described above. So far everything else seems to be running fine however I feel like the malware still exists. Going to sleep.
  5. I generally keep my computer on sleep and restart it once a week or so. I noticed odd behavior where explorer.exe would crash on me whenever I would try to open an exe or video unless I ran it as administrator. I decided to reboot and as soon as I did I saw at the bottom left corner a very minimized window and I found in my processes something named "uninst000.exe". I promptly ended the process tree. After that I figured it'd be a good idea to grab eset and spybot and give it a run. ______________________________________ Spybot yields: Win32.Downloader.gen: [sBI $E6AD2227] Program directory (Directory, nothing done) C:\Users\(user)\AppData\Local\Conduit\ --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 TeaTimer.exe (1.6.4.26) 2014-02-20 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2014-01-08 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-02-19 Includes\Adware-C.sbi (*) 2014-01-08 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-08 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2013-04-11 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-08 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-01-08 Includes\Keyloggers-C.sbi (*) 2014-01-08 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2014-01-09 Includes\Malware-000.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-01-09 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-01-09 Includes\Malware-005.sbi (*) 2014-01-09 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-02-19 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2014-01-13 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-02-19 Includes\PUPS-C.sbi (*) 2014-01-13 Includes\PUPS.sbi (*) 2014-01-13 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-08 Includes\Security.sbi (*) 2014-01-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-08 Includes\Spyware.sbi (*) 2014-01-08 Includes\SpywareC.sbi (*) 2012-11-19 Includes\Tracks.uti 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-01-15 Includes\Trojans-005.sbi (*) 2014-01-15 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-01-15 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-02-19 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-09 Includes\TrojansC-02.sbi (*) 2014-01-09 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-09 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll ______________________________________ Keep in mind that I live in a place with several others and that has frequent guests, so I have my own keylogger on my system for when I am away, so anything with a keylogger may be a false positive. I have had this logger for half a year now and have not had issues. These issues I have been having only manifested within the last several days. Spybot originally could not remove Win32.Downloader.gen so it tried to remove it during boot and it still could not. Eset also found it and could not clean nor delete it. However, when eset ran a reboot, it refused to run giving an error message saying "error communicating with kernel". I ran through the eset knowledgebase. ESET Service entry in the services.msc was on automatic but was not started. When I tried to start it is displays an error message: "Windows could not start the ESET Service service on Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion" I ran both the sirefef cleaner and the ircbot cleaner provided in the knowledgebase and both had no effect. What should be my next step? Run eset or spybot in safemode? dxdiag.txt
×
×
  • Create New...