Jump to content

SCOP-Victim

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Posts posted by SCOP-Victim

  1. I do not believe so. But I do have a few questions. If I were going to back up my computer, what is the best option you recommend? I was thinking of just using four DVDs or so, but they only hold a couple gigs each, and i dont know if that would be efficient. I don't really know much about backing up, or system images, etc. Basically, what is the best way for me to fully back up my computer, yet have the physical backup file (compressed or not compressed) take up as little space as possible?

    Lastly, I have been studying technology and viruses for over three months now, and I was wondering, how safe is it to virtually text viruses in a VM? Would it be generally ok If I have a backup ready, in case it escapes the vm?

    Also, if it's okay, is there any way I can contact you about general PC issues? (Seeing as this forum is for specific criteria)

    I really meant what I said. Microsoft's support group is just awful, they use auto responses 24/7, and they never fit the issues at hand

  2. Here they are!

    ____________________________________

    Rogue log

    RogueKiller V12.12.12.0 (x64) [Apr  9 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Dylan [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 04/15/2018 14:44:04 (Duration : 02:02:45)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2855338564-2088156886-2635140612-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com  -> Found
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2855338564-2088156886-2635140612-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com  -> Found

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] \amputation_lambeth -- C:\Users\Dylan\AppData\Local\nouveaux.exe (rg) -> Found
    [Suspicious.Path] \baamputation_lambethamputation_lambeth -- C:\Users\Dylan\AppData\Local\nouveaux.exe (rg) -> Found
    [Suspicious.Path] \bamedlar samaritan ddmedlar samaritan dd -- C:\Users\Dylan\AppData\Local\Scop.exe (rg) -> Found
    [Suspicious.Path] \medlar samaritan dd -- C:\Users\Dylan\AppData\Local\Scop.exe (rg) -> Found

    ¤¤¤ Files : 4 ¤¤¤
    [PShell.Gen][File] C:\WINDOWS\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\SwReporter\20.117.1\software_reporter_tool.exe -> Found
    [PShell.Gen][File] C:\WINDOWS\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\SwReporter\21.119.1\software_reporter_tool.exe -> Found
    [PUP.uTorrentAds][File] C:\Users\Dylan\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Found
    [Adw.WifiHotSpot][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUM.HomePage][Firefox:Config] dvtdzn7k.default-1423874950531 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/yhp-ff|http://scratch.mit.edu/"); -> Found
    [PUM.SearchEngine][Firefox:Config] dvtdzn7k.default-1423874950531 : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Found
    [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.tumblr.com/] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST31000524AS +++++
    --- User ---
    [MBR] c70c954b0540f5567080c8cf851136b8
    [BSP] 40f91546457164a68c2896337f9c5904 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 12544 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25772032 | Size: 941284 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SanDisk Ultra USB Device +++++
    --- User ---
    [MBR] 55d7d0ca529be5e38fddd4f418650f36
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 58655 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    ____________________________________

    Adwcleaner log

    # -------------------------------
    # Malwarebytes AdwCleaner 7.1.0.0
    # -------------------------------
    # Build:    04-12-2018
    # Database: 2018-04-15.1
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start:    04-15-2018
    # Duration: 00:07:55
    # OS:       Windows 7 Home Premium
    # Scanned:  40650
    # Detected: 3


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.InfoG              HKLM\Software\Classes\INETCTLS.INET

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy             Ask
    PUP.Optional.Legacy             AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     

  3. Okay, that seems fair, haha. I just wonder how businesses scan as a whole during a security breech. That must take forever. 

    Do you know what the requirements are?

    anyways heres the log below the line.

    --------------------------------------

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Scan, 4/13/2018 3:37 AM, SYSTEM, [myuser]-PC, Manual, Start:4/12/2018 3:22 PM, Duration:9 hr 18 min 23 sec, Custom Scan, Completed, 4 Malware Detections, 0 Non-Malware Detections, 

    (end)

  4. Hello, again!! My computer looks like it's all polished up! All of those random garble processes are gone! <3

    I have the log attached to this message.

    Can you tell me if it is safe to use chrome or firefox? I'm a bit hesitant because of their previous reinstallation of the virus.

    Who knew that internet explorer would actually help me for once? For being such an outdated browser that SmartService didn't think to alter it.

    Can you tell me how I can recover deleted data? I seem to be missing some files.

    FRST.txt

  5. I am away from home, and I have one last question. 

    Will you help me fix the startup at some point? I don't understand what happened, but I think Hitman pro quarantined some windows files, or the virus deleted them. Also, how can I delete the source file that SmartService is in? It seems to have privileges that mark it as the owner, even though it didn't show. I checked my command prompt and removed a credential it had in my control panel. Additionally, I disabled a startup that the virus seemed  to turn on. This is all I have done additionally, I thought I'd let you know.

    Either way, why isnt it recognizing windows 7 every time it starts up? It only recognizes it after startup repair does something different every time. I can get into safemode if I hit f8 while the PC restarts from startup repair, if that is needed. However it still runs, of course.

    Also, what is Chrome334.exe, and Firefox334.exe? Chrome334 launches Scop.exe

    What is scop.exe, is it just a random file name that was generated?

    Is iexplorer the default for internet explorer? I know its a crap browser but I figured it was so unpopular the virus wouldnt think to alter that, and i think im right

  6. Here is the problem. Every time I restart it says Operating System Missing. I have to launch the repair disk every time and enter startup repair, then it gets me to my operating system. every time it needs to be repaired again.

    From my understanding you are telling me to install farbar to a clean computer, move the exe to the flashdrive, and use it on this computer, but have it plugged in from startup and not plug it in when it is on? The virus runs during safemode

    Can you tell me what to do to match this accordingly? I have Win7, and I cant do f8 if it cant find the operating system

  7. Hello, Again. Here is the log file. It is rather short and I put the specified text in the search area, presuming that is what you meant.

    What is SmartService, though? Can you give me some background info? Why did I find 90 viruses one time, and 40 another? Does it install viruses? Is there somewhere where I can read about its origins and what it does? Also, what is hijack.host because that's all that's being detected right now

    also why cant your program detect it?

    Fixlog.txt

  8. Hi, Aura! :)
    I have both of the text files attached! I removed some files to follow your terms correctly. If there is anything left it was not intentional.

    This appears to be an automated response, but what I want to know is, you're aware that it already made changes, right? Once it gets my system clear could you help my computer rediscover the operating system? I know you guys aren't windows, but you have a lot of knowledge it appears, and Microsoft's own employees know absolutely nothing, hahaha.

    I also discovered there is a file the virus resides in that I am not set as owner on, and it refuses to allow me to claim ownership, this may be where it is hiding.

    Addition.txt

    FRST.txt

  9. Hi, I am rather terrified.

    I was an idiot and installed malware on my computer. It is called scop.exe, and it will not let me close it down or delete it. Since it has shown up, I've been noticing clicking sounds every second. As if it is doing background stuff.

    in just fifteen minutes while I was scanning, it has imported 92 viruses. Various riskware, Trojans, and adware. Upon restarting to quorentine my computer no longer starts up properly. I have repaired startup through the repair disk and that worked, but only temporarily. If I restart, the same thing occurs again. No hardware is damaged. It doesn't show up as a virus by makwarebytes. And malwarebytes is the best, so I resorted to this. 

    Attached are the processes. One is under wininit.exe

    the other is scop.exe, which relaunches every time I open a browser.

    firefox and chrome have been renamed to chrome334.exe and firefox334.exe

    these are running in safe mode and are just as bad

    i know I am not including a lot of data so please give me a list of what you need to know.

     

    IMG_5039.JPG

    IMG_5040.JPG

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.