Jump to content

SCOP-Victim

Members
  • Content Count

    24
  • Joined

  • Last visited

Everything posted by SCOP-Victim

  1. I will be sure to check all of those out! Thank you! What is delfix and why do I need to clear tools? Will it delete farbar or something? Are there some settings that are still configured or?
  2. I think I have a few more questions but I may have to send them a couple days later. Is that okay or should I just send a pm?
  3. I do not believe so. But I do have a few questions. If I were going to back up my computer, what is the best option you recommend? I was thinking of just using four DVDs or so, but they only hold a couple gigs each, and i dont know if that would be efficient. I don't really know much about backing up, or system images, etc. Basically, what is the best way for me to fully back up my computer, yet have the physical backup file (compressed or not compressed) take up as little space as possible? Lastly, I have been studying technology and viruses for over three months now, and I was wondering, how safe is it to virtually text viruses in a VM? Would it be generally ok If I have a backup ready, in case it escapes the vm? Also, if it's okay, is there any way I can contact you about general PC issues? (Seeing as this forum is for specific criteria) I really meant what I said. Microsoft's support group is just awful, they use auto responses 24/7, and they never fit the issues at hand
  4. The log from the completed fix is attached. Could you briefly educate me on what "GroupPolicy" is? It said "attention" in the log and I have gotten errors revolving around that title so I was curious Fixlog.txt
  5. Here they are! ____________________________________ Rogue log RogueKiller V12.12.12.0 (x64) [Apr 9 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dylan [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 04/15/2018 14:44:04 (Duration : 02:02:45) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2855338564-2088156886-2635140612-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2855338564-2088156886-2635140612-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Found ¤¤¤ Tasks : 4 ¤¤¤ [Suspicious.Path] \amputation_lambeth -- C:\Users\Dylan\AppData\Local\nouveaux.exe (rg) -> Found [Suspicious.Path] \baamputation_lambethamputation_lambeth -- C:\Users\Dylan\AppData\Local\nouveaux.exe (rg) -> Found [Suspicious.Path] \bamedlar samaritan ddmedlar samaritan dd -- C:\Users\Dylan\AppData\Local\Scop.exe (rg) -> Found [Suspicious.Path] \medlar samaritan dd -- C:\Users\Dylan\AppData\Local\Scop.exe (rg) -> Found ¤¤¤ Files : 4 ¤¤¤ [PShell.Gen][File] C:\WINDOWS\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\SwReporter\20.117.1\software_reporter_tool.exe -> Found [PShell.Gen][File] C:\WINDOWS\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\SwReporter\21.119.1\software_reporter_tool.exe -> Found [PUP.uTorrentAds][File] C:\Users\Dylan\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Found [Adw.WifiHotSpot][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 3 ¤¤¤ [PUM.HomePage][Firefox:Config] dvtdzn7k.default-1423874950531 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/yhp-ff|http://scratch.mit.edu/"); -> Found [PUM.SearchEngine][Firefox:Config] dvtdzn7k.default-1423874950531 : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.tumblr.com/] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST31000524AS +++++ --- User --- [MBR] c70c954b0540f5567080c8cf851136b8 [BSP] 40f91546457164a68c2896337f9c5904 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 12544 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25772032 | Size: 941284 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++ --- User --- [MBR] 55d7d0ca529be5e38fddd4f418650f36 [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 58655 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ____________________________________ Adwcleaner log # ------------------------------- # Malwarebytes AdwCleaner 7.1.0.0 # ------------------------------- # Build: 04-12-2018 # Database: 2018-04-15.1 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-15-2018 # Duration: 00:07:55 # OS: Windows 7 Home Premium # Scanned: 40650 # Detected: 3 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.InfoG HKLM\Software\Classes\INETCTLS.INET ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask PUP.Optional.Legacy AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
  6. Here it is! Sorry for the delayed response. This is all I can find about the viruses.
  7. Okay, that seems fair, haha. I just wonder how businesses scan as a whole during a security breech. That must take forever. Do you know what the requirements are? anyways heres the log below the line. -------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan, 4/13/2018 3:37 AM, SYSTEM, [myuser]-PC, Manual, Start:4/12/2018 3:22 PM, Duration:9 hr 18 min 23 sec, Custom Scan, Completed, 4 Malware Detections, 0 Non-Malware Detections, (end)
  8. Malwarebytes has scanned 700k files in 5 hours. That's incredibly abnormal. Should I reinstall because it's taking forever
  9. Also the forums wont let me alter my profile in any way shape or form. Why is this?
  10. File wise, nothing too important. Some python coding. Who knows, I could have deleted it myself. I was wondering if there is any file recovery software you recommend. I will be sure to send that exportation once the scan completes.
  11. Hello, again!! My computer looks like it's all polished up! All of those random garble processes are gone! <3 I have the log attached to this message. Can you tell me if it is safe to use chrome or firefox? I'm a bit hesitant because of their previous reinstallation of the virus. Who knew that internet explorer would actually help me for once? For being such an outdated browser that SmartService didn't think to alter it. Can you tell me how I can recover deleted data? I seem to be missing some files. FRST.txt
  12. It is complete and it gave me the log. Will I need to use farbar again? Will the virus alter it if the flash drive is present or just if it's running? I can go back into safemode to share it with you but I don't have access to the clean PC right now
  13. Hi! I did everything you asked with a flash drive but ran into this when opening farbar64.exe i used the command prompt with the windows re disk Should I click continue and continue the steps?
  14. Yes! I have two big school projects! Sorry!! I am available after tomorrow, but may be able to do some work after 12. Is this okay with you? I apologize for bumping the thread so much, I just cannot afford for this to be closed, you're a great help to me and basically my only hope.
  15. Yes! I am. I'd like to let you know I cannot access my computer until 8-9pm sunday. (your timezone.) Is this okay? I'd like to bump this so it does not get locked.
  16. I am away from home, and I have one last question. Will you help me fix the startup at some point? I don't understand what happened, but I think Hitman pro quarantined some windows files, or the virus deleted them. Also, how can I delete the source file that SmartService is in? It seems to have privileges that mark it as the owner, even though it didn't show. I checked my command prompt and removed a credential it had in my control panel. Additionally, I disabled a startup that the virus seemed to turn on. This is all I have done additionally, I thought I'd let you know. Either way, why isnt it recognizing windows 7 every time it starts up? It only recognizes it after startup repair does something different every time. I can get into safemode if I hit f8 while the PC restarts from startup repair, if that is needed. However it still runs, of course. Also, what is Chrome334.exe, and Firefox334.exe? Chrome334 launches Scop.exe What is scop.exe, is it just a random file name that was generated? Is iexplorer the default for internet explorer? I know its a crap browser but I figured it was so unpopular the virus wouldnt think to alter that, and i think im right
  17. Here is the problem. Every time I restart it says Operating System Missing. I have to launch the repair disk every time and enter startup repair, then it gets me to my operating system. every time it needs to be repaired again. From my understanding you are telling me to install farbar to a clean computer, move the exe to the flashdrive, and use it on this computer, but have it plugged in from startup and not plug it in when it is on? The virus runs during safemode Can you tell me what to do to match this accordingly? I have Win7, and I cant do f8 if it cant find the operating system
  18. Hello, Again. Here is the log file. It is rather short and I put the specified text in the search area, presuming that is what you meant. What is SmartService, though? Can you give me some background info? Why did I find 90 viruses one time, and 40 another? Does it install viruses? Is there somewhere where I can read about its origins and what it does? Also, what is hijack.host because that's all that's being detected right now also why cant your program detect it? Fixlog.txt
  19. Hi, Aura! I have both of the text files attached! I removed some files to follow your terms correctly. If there is anything left it was not intentional. This appears to be an automated response, but what I want to know is, you're aware that it already made changes, right? Once it gets my system clear could you help my computer rediscover the operating system? I know you guys aren't windows, but you have a lot of knowledge it appears, and Microsoft's own employees know absolutely nothing, hahaha. I also discovered there is a file the virus resides in that I am not set as owner on, and it refuses to allow me to claim ownership, this may be where it is hiding. Addition.txt FRST.txt
  20. Hi, I am rather terrified. I was an idiot and installed malware on my computer. It is called scop.exe, and it will not let me close it down or delete it. Since it has shown up, I've been noticing clicking sounds every second. As if it is doing background stuff. in just fifteen minutes while I was scanning, it has imported 92 viruses. Various riskware, Trojans, and adware. Upon restarting to quorentine my computer no longer starts up properly. I have repaired startup through the repair disk and that worked, but only temporarily. If I restart, the same thing occurs again. No hardware is damaged. It doesn't show up as a virus by makwarebytes. And malwarebytes is the best, so I resorted to this. Attached are the processes. One is under wininit.exe the other is scop.exe, which relaunches every time I open a browser. firefox and chrome have been renamed to chrome334.exe and firefox334.exe these are running in safe mode and are just as bad i know I am not including a lot of data so please give me a list of what you need to know.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.