Jump to content


  • Content Count

  • Joined

  • Last visited

About TheSquidhunter

  • Rank
    New Member
  1. Thank you very much Aura, I'll make sure to be careful and I hope I won't need to take your time again. I don't have any more questions and thank you for the advice. Here's the log, it seems like everything is in order. Again, thank you very much. Regards from Ecuador! # DelFix v1.013 - Logfile created 26/08/2018 at 15:34:19 # Updated 17/04/2016 by Xplode # Username : Jose - JOSE-PC # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\TDSSKiller_Quarantine Deleted : C:\RegBackup Deleted : C:\TDSSKiller. Deleted : C:\TDSSKiller. Deleted : C:\Users\Jose\Desktop\tdsskiller.exe Deleted : C:\Users\Public\Desktop\RogueKiller.lnk Deleted : C:\Users\Jose\Downloads\Addition.txt Deleted : C:\Users\Jose\Downloads\FRST.txt Deleted : C:\Users\Jose\Downloads\FRST64 (1).exe Deleted : C:\Users\Jose\Downloads\FRST64.exe Deleted : C:\Users\Jose\Downloads\rkill-unsigned.exe Deleted : C:\Users\Jose\Downloads\rkill.exe Deleted : C:\Users\Jose\Downloads\RogueKiller_setup_ref3.exe Deleted : C:\Users\Jose\Downloads\Search.txt Deleted : C:\Users\Jose\Downloads\tdsskiller.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. I am pretty sure that was it, if anything happens I will send you a PM or something!
  3. No problem! And no, ever since we deleted the Scheduled Task, there have not been any detections from Norton.
  4. Alright, here are the files, I personally didn't see them being signed or having any details under properties, I know you'll find more about them though. Possible Malware.zip
  5. This is what would get flagged by norton, and the .exe and .dll that was being regenerated. Before we did indeed cripple the malware, it kept regenerating on different (Hidden, permission locked away) folders upon deletion. I COULD delete this folder immediately and I doubt it would get regenerated, but I won't do anything you advise against. Norton does not think its bad, however I know for a fact that before we deleted the scheduled task, the mining attempts stopped for around 4-8 hours if I deleted those files / folder, until the malware regenerated these two files on a different folder, then it would start all over again. They would always show up in the SySWOW64 folder, under different subdirectories. One folder at a time, always named S-1-4-31, and the permissions always locked. (In fact, it messed with my registry so that my security tab would not show up under properties. What a field trip restoring THAT was). Either way, Here is a .zip of all my PowerEraser Scans, dating all the way from the 17th of this month (Which I believe is actually when this issue began). I trust you can find useful information there and determine if further action is required, or if the deletion of the folder is a go, etc. I'll also go ahead and take a moment to thank you, from the bottom of my heart. I cannot state in words how thankful I am that you took time from your day to fix my issue, for free, and that you have continued your support all the way here. Thank you. Norton Logs.zip
  6. Alright, no attempts so far, replies will be slow because for some reason my messages keep getting filtered. This is the new report JOSE-PC 2.zip JOSE-PC 2.zip
  7. Hello, I am very new to the malwarebytesforums and it is admittedly a little bit late to be searching for help, but this infection has avoided everything in my power. About four days ago, I acquired a new steam game, but it kept crashing to desktop upon launch. Although the fix was simple (Update graphics drivers), I saw a "Mod" by someone online that'd fix the issue. After downloading and running the file, it gave me an error, so I closed and deleted it, and didn't give it much thought. Little did I know I started going down a slippery slope. About an hour later exactly, norton starts giving me this: There are attempted attacks ranging in intervals of 10 minutes to 2 hours (Not shown here for the reason explained below) Firstly, I apologize, my Windows install is in Spanish, it can't be helped, but I don't think it will affect the removal process. Secondly, the attack always originates from a (What i assume must be) a regional location file within the SysWOW64 folder. I HAVE tried to delete the file folder highlighted below on red (Last attempt today no, which solves the issue for about 4-8 hours. It always comes back. Scans using Zemana, Malwarebytes, Roguekiller, Norton PowerEraser, and the like, return empty. I have also tried running TDSSKiller, but the files it found are either redundant (Civilization V uninstall files and the like) Or Kernel and system drivers which I am too afraid to delete. The only thing I have not attempted is the FRST tool as I dont know how to create a fixlist, and I am afraid of what it might do to the system. I am attaching the FRST.txt and Addition.txt files from today here for review, however. Thank you for reading this far, I'll patiently await your response! Addition.txt FRST.txt
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.