"Severe virus infection" and strange Network computers

AlmostBlink

AlmostBlink

New Member
Thread author
Mar 17, 2014
3
Hello,

I recently noticed that my computer is slowing and crashing a lot more. I also noticed a strange appearance of computers on my network. I live in a student apartment complex and the internet has never felt too secure or of a high performance. However, I'm pretty certain my networks never used to show all of these:

zjSBV.jpg


I run a Connectify Hotspot from my computer if that helps, however, it's not an open connection.

Today I decided that my computer was getting a little too slow and the network visibility was making me a little uncomfortable, so I ditched AVG and downloaded Avast free anti-virus and COMODO firewall.

I noticed that there were a TON of svchost.exe connections that pointed to various other local IP addresses in this building (I assume) which kinda freaked me out, but I understand they may not all be harmful.

I then contacted a technician at GeekBuddy and although I don't have a subscription with them, he took a remote-admin look at my system and said I have a "severe virus infection" that Avast wouldn't be able to remove. I'm a poor student and can't afford the GeekBuddy subscription, but if that wasn't a marketing ploy, it sounds pretty serious.

Below I've linked adwCleaner, aswMBR and FRST log files. I would really appreciate some direction.

adwCleaner log: http://pastebin.com/WaBBgyNy
aswMBR log: http://pastebin.com/udv8J4XT
FRST log: http://pastebin.com/aeDXL8en
FRST Addition log: http://pastebin.com/b2CH2pZz
 

Attachments

  • Addition.txt
    90.2 KB · Views: 325
  • AdwCleaner[R0].txt
    10.8 KB · Views: 118
  • aswMBR.txt
    1.9 KB · Views: 59
  • FRST.txt
    87.1 KB · Views: 125
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Re-run Adwcleaner and make sure to press Clean after the scan is done.



Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file
mbar.png
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.

• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.


> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.
 
AlmostBlink

AlmostBlink

New Member
Thread author
Mar 17, 2014
3

Attachments

  • mbar-log-2014-03-17 (20-38-09).txt
    2.2 KB · Views: 64
  • system-log.txt
    31.6 KB · Views: 90

Similar threads

Xeno1234
    • Like
  • Locked
Solved Possible Network Intrusion.
Replies
66
Views
2,696
General Security Discussions
Xeno1234
Xeno1234
J
  • Locked
Google Chrome redirecting to Bing and Yahoo
Replies
2
Views
480
Windows Malware Removal Help & Support
nasdaq
nasdaq
Xeno1234
    • Like
  • Locked
Could someone take a look at my network and PC to ensure I am not infected.
Replies
14
Views
730
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top