nslookup.exe take 2GB RAM and make my laptop very slow.

Status
Not open for further replies.
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
Hello experts. I need help. nslookup.exe took many resources on may laptop when connected to Internet. If I go offline nslookup.exe is standby with little resources and make mess if I go online.

Already use scan with my AV but that problem still exists. Please help me.
 

Attachments

  • 16874490030507514191127268879239.jpg
    16874490030507514191127268879239.jpg
    6 MB · Views: 19
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
This for FRST. I dont know why I can't put them together.
 

Attachments

  • FRST.txt
    50.9 KB · Views: 9
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Before you post the logs clean this.
Clean the Windows Defender Quarantine folder.

Comment: Delete/Restore quarantined files.

How to: Delete/Restore quarantined files.
docs.microsoft.com

Restore quarantined files in Microsoft Defender Antivirus

You can restore quarantined files and folders in Microsoft Defender Antivirus.
docs.microsoft.com

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>

If the problem persists please run the Farbar Scan and post fresh logs for my review.

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    10.9 KB · Views: 8
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
Already do it but problem still exists. Someting files I already delete/permanent delete and when restart they come out again, like something is restore it.

This for result.
 

Attachments

  • FRST.txt
    44.3 KB · Views: 11
  • Addition.txt
    70 KB · Views: 0
  • Fixlog.txt
    26.2 KB · Views: 5
  • Capture.PNG
    Capture.PNG
    133.3 KB · Views: 11
  • Capture.PNG
    Capture.PNG
    61.5 KB · Views: 11
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

From what you are saying looks like we are dealing with a Rootkit infection.

You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC...
Let me know if you have access to these devices.

I need to know before suggested the fix if you can enable the Recovery Environment.
It will be needed to remove this infection.

Open FRST on the compromised computer:

copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
Copy and paste its content in your next reply.

Wait for further instructions.
<<<>>>
 
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
nasdaq said:
Hi,

From what you are saying looks like we are dealing with a Rootkit infection.

You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC...
Let me know if you have access to these devices.

I need to know before suggested the fix if you can enable the Recovery Environment.
It will be needed to remove this infection.

Open FRST on the compromised computer:

copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
Copy and paste its content in your next reply.

Wait for further instructions.
<<<>>>
Click to expand...
Sorry, i don't understand what you say. Please make it simple. I know this is rootkit infection but try describe more simple because my computer skill is so little.

I don't have spare PC or USB flashdrive. Only I have is sickness laptop with trojan. You need to know, I make a post and reply on this website using smartphone because my laptop to slow to open web browser. If I go to online, this rootkit will active and that make me mad. Sorry for my foolish behavior.
 
Last edited:
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
pandoraharvent said:
Sorry, i don't understand what you say. Please make it simple. I know this is rootkit infection but try describe more simple because my computer skill is so little.

I don't have spare PC or USB flashdrive. Only I have is sickn
Click to expand...

pandoraharvent said:
Sorry, i don't understand what you say. Please make it simple. I know this is rootkit infection but try describe more simple because my computer skill is so little.

I don't have spare PC or USB flashdrive. Only I have is sickness laptop with trojan.
Click to expand...
 

Attachments

  • Fixlog.txt
    751 bytes · Views: 2
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

All good. Lets proceed:

Read all the instructions before proceeding.
Take your time and all should be well.

Preparing the USB Flash Drive

Boot up your spare PC:
Plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate.

Next,

On that same PC download the right version of Farbar program for your system to Desktop or the Flash drive.
Download the Farbar Recovery Scan Tool (FRST). If you still have the FRST64.exe there is no need to download it again.
Choose the 32 or 64 bit version for your system.

The file was saved on the Desktop, Move the executable FRST64.exe to your USB Flash Drive.

Do not plug the Flash Drive into the sick PC until booted to Recovery Environment.

Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums Boot to Advanced Startup Options in Windows 10

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

Select in this order
"Troubleshoot" > "Advance Options" > "Command Prompt"

Once in the command prompt

Plug your USB Flash Drive in the infected computer

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply.

p.s.
If at any time you need additional information please ask before proceeding.

Wait for further instructions.
 
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
nasdaq said:
Hi,

All good. Lets proceed:

Read all the instructions before proceeding.
Take your time and all should be well.

Preparing the USB Flash Drive

Boot up your spare PC:
Plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate.

Next,

On that same PC download the right version of Farbar program for your system to Desktop or the Flash drive.
Download the Farbar Recovery Scan Tool (FRST). If you still have the FRST64.exe there is no need to download it again.
Choose the 32 or 64 bit version for your system.

The file was saved on the Desktop, Move the executable FRST64.exe to your USB Flash Drive.

Do not plug the Flash Drive into the sick PC until booted to Recovery Environment.

Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums Boot to Advanced Startup Options in Windows 10

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

Select in this order
"Troubleshoot" > "Advance Options" > "Command Prompt"

Once in the command prompt

Plug your USB Flash Drive in the infected computer

In the command prompt, type notepad and press on Enter
Notepad will open. Click on the File menu and select Open
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
Note: Replace the letter e with the drive letter of your USB Flash Drive
FRST will open
Click on Yes to accept the disclaimer
Click on the Scan button and wait for the scan to complete
A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply.

p.s.
If at any time you need additional information please ask before proceeding.

Wait for further instructions.
Click to expand...
Sorry to say this but I don't have USB flashdrive. I must order/buy first, this step will take sometime. Can I use 8GB flashdrive? After I get my USB flashdrive, I will give reply ASAP to you.
 
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

When doing the fix make sure that only the USB to be used with the fix is the only one mounted.

All should be well.
 
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
nasdaq said:
Hi,

When doing the fix make sure that only the USB to be used with the fix is the only one mounted.

All should be well.
Click to expand...
Sorry for waiting. This result scan from Recovery Environment.
 

Attachments

  • FRST.txt
    75.6 KB · Views: 7
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

You did well but I think that the scan was not completed as I expected.

Download the Fixlist.txt

Place the file in this folder
C:\Users\octopus\Downloads\ where the Farbar exe file is located.

Open the Recovery Console as you previously did and open the Farbar program click the fix button and poste the log.

Let me know if the problem persists.
 

Attachments

  • Fixlist.txt
    1.8 KB · Views: 3
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
This Fixlog and scan after fixlist command.
 

Attachments

  • Fixlog.txt
    13.3 KB · Views: 1
  • FRST.txt
    75.6 KB · Views: 1
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
I think this problem still occur. Can we replace nslookup.exe or something? Or wipe out someting restore it. Laptop doesn't have problem if not connect to internet, this virus will active if I go online. Very appreciate to help me so far, but this is so annoying and hard to fixed. Maybe need something more powerfull.
 

Attachments

  • 20230628_221807.jpg
    20230628_221807.jpg
    8.2 MB · Views: 8
  • 20230628_221817.jpg
    20230628_221817.jpg
    6.7 MB · Views: 9
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

I have been informed by an helper that we are dealing with a new version of a miner infecton.

This fix should take care of it.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    713 bytes · Views: 18
pandoraharvent

pandoraharvent

New Member
Thread author
Jun 22, 2023
14
I don't know what I must say cause this is so great. Already try many times to delete this file they will always come out or restore it self after I restart. And now after fixlist command, I check and scan this file is gone.

I restart and connect to internet and nslookup.exe doesn't appear. My resource become light and normal. I don't know this problem are fix or not, I still aware for further infection.

This for fixlog and FRST scan after fix command. Thank to all and thank to you for accompany me for fix this problem.
 

Attachments

  • 20230630_184153.jpg
    20230630_184153.jpg
    7.4 MB · Views: 4
  • 20230630_184143.jpg
    20230630_184143.jpg
    5.7 MB · Views: 9
  • Fixlog.txt
    1.9 KB · Views: 4
  • Addition.txt
    68.4 KB · Views: 0
  • FRST.txt
    44.8 KB · Views: 4
Last edited:
nasdaq

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,431
Hi,

Let's clean the remnant task as per this fix.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    704 bytes · Views: 5
Status
Not open for further replies.

Similar threads

JuanF
  • Locked
nslookup.exe consumes a lot of memory
Replies
2
Views
1,054
Windows Malware Removal Help & Support
nasdaq
nasdaq
natem5212
    • Like
  • Locked
14 day battle with little sleep for control of my laptop.
Replies
4
Views
916
Windows Malware Removal Help & Support
nasdaq
nasdaq
G
  • Locked
I need help, I think my laptop is infected with Trojan:JS/Kavala.D
Replies
13
Views
1,218
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top