(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe (Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (If an entry is included in the fixlist, the process will be closed. Internet Explorer Version 10 (Default browser: IE)
FREECORDER 5.0 WINDOWS 7
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Loaded Profiles: Thomas Townsend (Available profiles: Thomas Townsend & BackupAdmin & Guest) Ran by Thomas Townsend (administrator) on TOMSDESKTOP on 25-01-2015 13:04:55 Scan result of Farbar Recovery Scan Tool (FRST.txt) (圆4) Version: 24-01-2015 01 I'm posting the output of the two log files obtained from the Farber scan. One other oddity: In checking system resources through right-clicking on "Computer" off the Start menu, it is not displaying either my processor type or amount of RAM installed (weird). I'm figuring someone has seen this behavior with removal of this Trojan before and can advise me. I'm really at a loss, even with hints from the internet, about where to look to solve that. Error 127: The specified procedure could not be found". In fact, the WMI svc being kind of at the top of the chain, and trying to start it, gave the following: "Windows could not start the Windows Management Instrumentation service on Local Computer. Opening that I discovered that the Security Center wasn't on, and this in turn meant the Security Center service wasn't on, which in turn meant the Windows Management Instrumentation service wasn't on. I would have expected it to appear only in the account in use when the attack kicked in.īut also, I discovered with a quick glance at the system notification area, a red X over the flag. Nothing along the lines of the named item being called to start.Īdditional oddness is that this "Run dll" message occurs regardless of which account I use to log on, so there's that.
I even installed Autoruns to see if I could find it that way. However, try as I might, I could not find the entry through searching the Registry or the Start folder (for any of the three user profiles/accounts I have on the device). Searching the net I found that there should be a startup entry in either the Registry or Startup folder with something occurring at logon to reach and start the similarly-named item that MB had removed. The specified module could not be found". Upon immediate finish of MB's use I was able to log back into the original account, but as I did so and before the desktop image was even displayed I heard the deadly "bad" ding sound my system makes to alert to something not normal, and when the display came up I saw a notification box: "Run dll - (contents of the box): There was a problem starting d825a7a83.cpp. I looked in Windows 7 Event viewer and what it noted was what I take to be a generic reference to: Ransom:Win32/Reveton!lnk. , C:\ProgramData\D825A7A8E.cpp, Quarantined. Result of this latest scan: MB found two items:, C:\Users\my_name\AppData\Local\Temp\Low\Amfe.dll, Quarantined,, and
I ran into a ransomware issue yesterday, and after a previous bout with that last year I made a second admin-level account on my personal home computer that I could switch users to while the first was locked in order to run Malwarebytes. New member and poster but not new to Malwarebytes.
0 kommentar(er)
