ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Im under very heavy DeepWeb attack probably 0day apache
Kalasznikov


Joined: 25 Jul 2015
Posts: 0
Reply with quote
Hello, i visited wrong site on the deep web, and i need help.Specification: Windows 8.1, Tor Browser + Noscript.

My malwarebytes anti-malvare instantly crashed and in the same time windows defender turned off, then i was some 2 process small black process windows with white text, after this i turned off my pc.I already knowed im in heavy troubles, i started wiping my hard drives from bios with 1 pass method.When the wiping proces was runing out, i wanted to find some solution so i turned on my phone with the acces to my wifi network and i spooted something weird, like 1 year ago i installed snapchat on my phone but didnt use it much, and just like 5 minutes after my pc was attacked some one with weird name added me on snapchat.I turned off my phone instantly and rolled it with aluminum foil.

After disk wipeout i installed windows, landriver from the system cd, chrome, and ClamW.I scanned my pc, this is


Code:
WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\MpDiag.bin: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Windows Defender\Scans\PersistedStore\MpPersistedStore.bin: Permission denied
WARNING: Can't open file C:\swapfile.sys: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Windows Defender\Scans\PersistedStore\MpPersistedStore.bin: Permission denied
WARNING: Can't open file C:\Users\Mesjasz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file C:\Users\Mesjasz\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Permission denied
WARNING: Can't open file C:\Users\Mesjasz\ntuser.dat.LOG1: Permission denied
WARNING: Can't open file C:\Users\Mesjasz\ntuser.dat.LOG2: Permission denied
WARNING: Can't open file C:\Windows\AppCompat\Programs\Amcache.hve: Permission denied
WARNING: Can't open file C:\Windows\AppCompat\Programs\Amcache.hve.LOG1: Permission denied
WARNING: Can't open file C:\Windows\AppCompat\Programs\Amcache.hve.LOG2: Permission denied
WARNING: Can't open file C:\Windows\Resources\Themes\aero\VSCache\Aero.msstyles_1033_96.mss: Permission denied
WARNING: Can't open file C:\Windows\security\database\secedit.sdb: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\config\BBI: Permission denied
WARNING: Can't open file C:\Windows\System32\config\BBI.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\BBI.LOG2: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG2: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM.LOG2: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG2: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG2: Permission denied


Is it ok? So much permission denied on fresh install? And the second funny thing i installed some additonal scanner called Yet Another Scanner and.... its has found ADWARE/Mutabaha.863506/ASP inside own instalation filles lol....

I really need your help
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 8
Location: USA
Reply with quote
We can not provide much help here. The ClamWin forums are devoted to questions and discussions about the ClamWin free open source virus scanner. We are not specialists in virus/malware removal. I can only suggest the following:

Restore Windows to a restore point before you got infected with the Windows System Restore utility--this will not work with a fresh install.
Do a scan with Malwarebytes in Windows Safe Mode.
Do a scan with Kaspersky TDSS Killer.
Download/run Dr. Web's free Cureit program.
Use one of the Rescue CD/USBs that boot up from a built-in operating system. You can get one free from Kaspersky, F-Secure, Dr. Web, or get the Microsoft Windows Defender offline one.
See the ClamWin Antimalware links on the main page for more help.

Hope this helps. Good luck!

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 0
Location: **UNKNOWN**
Reply with quote
Those permission denies are system files that ClamWin couldn't access. Try the following steps:

- Run ClamWin with Administrative rights.

- If you still get permission deny files, you can reduce it by lower your limits. A maximum scan of 10MB filesize is probably good enough.

- If you are concern about malware on the system, run your system in safe mode with network support and download Malwarebytes. Make sure you update it first before running a scan.

- If malware is found, make sure you check that is no false positives or any legit files being removed.

- If no malware is found, there is nothing to worry about then.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 0
Location: **UNKNOWN**
Reply with quote
Also, about Yet another cleaner, you might want to consider removing that. Read here: https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/
View user's profileSend private message
Im under very heavy DeepWeb attack probably 0day apache
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic