Jump to content

AllanM

Members
  • Content Count

    8
  • Joined

  • Last visited

About AllanM

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Jevykur, It was HitmanPro (free trial download), followed by MalwareBytes AntiMalware Premium (trial download). Final cleanup, as described in the earlier posts, was to reinstall Chrome and to use certmgr to delete a couple of certificates. But before that, I had help from nasdaq, and there is a chance that nasdaq's Fixlist.txt file disabled the bug so that the HitmanPro/MBAM combo worked. I suggest you contact nasdaq. Good luck!
  2. Hi nasdaq, again, many thanks for all your help. One of the main problems seemed to be the way that the infection protected all its files, so that they could not be deleted or stopped, even when I had found them. I suspect there is a strong chance that your Fixlist.txt, although it did not eradicate everything first time, actually disabled a lot of the protection, such that when I later ran HitmanPro, it could then get to and kill the offending objects. So there is much credit to you, I think. And also, I forgot to mention, that the final clean I had to do was running certmgr in a Windows Power Shell to delete a couple of SAMPLE CA 2 certificates that were still lying around. Anyway, I have been using the machine for a day now, and it all seems clean, so hooray, I can get on with my work, with no outbound Trojan traffic! Thanks again.
  3. ... and now a complete uninstall/reinstall of Chrome, and deleting all passwords, browsing history, etc, everything, seems to have cleaned up the hotmail problem. So, fingers crossed, I am now all clean. I will be buying the Malwarebytes Premium though, because it has doubtless saved me a lot of grief. Many thanks indeed to nasdaq.
  4. Hi nasdaq, I am so grateful for your efforts and I apologise for this, but I have deadlines etc, and I couldn't just sit on my hands. I read a few other blogs and forums online, and tried my own solution. I downloaded and ran Hitmanpro, which found and eliminated (on reboot) the iNetfilterSvc and the trojan called evwschQTcA. I ran Hitmanpro again and ti said all was clean. I then ran MWB AdwCleaner which found nothing, and then a full Mallwarebytes Premium Trial, which found 17 drivers in places like /SSL, including the SAMPLE CA 2 certificate, and it quarantined them all successfully. I then ran Chrome and Edge, and hooray - it didn't head off to go.microsoft.com/?69157 on the first tab, and there were no outbound Trojans detected on all later searches! So hooray, it was all clean! OR SO I THOUGHT!!!! Now, it is only when I go to the Outlook or Hotmail page to check my mail and load my Inbox that up pops the same MWB warning "Website blocked due to Trojan", with outbound to cdn.immereeako.info, same as it as ever was. Darn it. I thought it was clean, but somehow, and I have no idea how, it now seems to be confined to calls to Hotmail and or Outlook. Maybe its some sort of remnant. I have no idea. There is no C:/ProgramData/itranslator directory any more, which is good. And no C:\Windows\iNetfilterSvc. But there must still be something somewhere. Anyway, I can understand if you are fed up with me for not waiting for you, but I really do appreciate all the efforts you made for me, and I am grateful to MWB, which even now is preventing unwanted malicious outbounds. I'll try rebooting and rerunning MWB and the various AV and see what happens.
  5. Hi nasdaq, many thanks for all your attention to this. I ran FRST and pressed Fix once. I attach here the Fixlog.txt file it generated. To reply here, I had to launch Chrome, and thereby discovered that the problem persists. Chrome went straight to go.microsoft.com/?69157 , and on later tabs, Malwarebytes is still giving me "Website blocked due to Trojan" with outbound to cdn.immereeako.info at every new tab or search. I also note that, since the reboot that FRST asked for, there exists a subdirectory called C:\ProgramData\itranslator, and within that there is a fresh (10 minutes ago) version of a Text Document called "update" which is 5.8Mb, and if I open that in Notepad I get pages and pages of Chinese(?) characters. best wishes, and thanks Fixlog.txt
  6. As kindly asked by nasdaq, (Thank You!!), I am opening my Own topic here. I am having pretty much the same problem as Oreo on the earlier thread "Malwarebytes detecting an outbound Trojan on Everything". As requested, here are my FRST.txt and Addition.txt files. Thanks. PS I am not an expert at any of this, so apologies if I have made mistakes. I tried to include the FRST and Addition files as inline text, but the MWB forum interface rejected the submission, saying it looked like spam, so I include them as attachments, FRST_04-12-2018 14.13.10.txt Addition_04-12-2018 14.13.10.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.