Jump to content


  • Content Count

  • Joined

  • Last visited


  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have attached the proof of concept. Note: Before it is mentioned, CheatEngine is often flagged by MalwareBytes as a PUP (Potentially Unwanted Program), but it is used completely unironically for me as I am a game developer (have to test my obfuscator/anti-cheat to see if it is working). Addition.txt FRST.txt
  2. Since this didn't get a reply, i'll post my fix here instead. Updated with MalwareBytes Chameleon Version# & MalwareBytes Anti-Malware Home (Free) Warning: CloudNet is a HIGH-level danger to your system. It has no visible symptoms, and WILL reinstall itself to your memory if removed manually. Take notice immediately if you become infected. CloudNet is often used for Crypto mining on the attacked CPU. However, it is still a rootkit and it compromises your system to more backdoor Malware/Trojans. FOR THOSE INFECTED WITH THESE SYMPTOMS: Infected registry with keyword(s); CloudNet, DivineRivers, and csrss.exe, Unable to open ANY Anti-Virus software (Sophos is known to open, but it will not be your solution!) "Unable to connect the Service' pop-up. Random BSOD's (Blue Screen Of Death) Windows Defender constantly reporting threats, yet unable to Quarantine/Remove correctly. 1) Download MalwareBytes Chameleon, and unzip the folders onto your Desktop. 2) Click on the 'chameleon' Compiled HTML Help file located in mbam-chameleon-<VersionNumber>\Chameleon\Windows\... Example: chameleon.chm 3) Click on any of the blue 'Chameleon #' buttons on the left-hand side. This should open a console and your background will go black. Follow the set instructions. NOTE: If you receive a pop-up that asks you to update the software, ALWAYS press 'Later'. The program will update itself in the program automatically. 4) Wait for the Mbam-killer to finish killing known virus processes. 5) Navigate to Settings > Detection and Protection > Detection Options> Enable 'Scan for rootkits'. This must be done before you scan, otherwise you will have to restart. 6) Navigate to Scan > Select Threat Scan > Start Scan. Wait until the scan is complete. 7) Skim through all Threats, and Select All. Optional: Disable ones you POSITIVELY know are not Trojans/Malware. ğŸ˜ŽQuarantine all Threats. Navigate to History > Select All > Delete Hint: This will not only quarantine them, but completely remove them from your system. (RECOMMENDED) 9) Wait for console/GUI to complete tasks/follow on-screen directions. 10) Restart NOTES It is recommended that you re-do steps 2-9 after reboot. If Mbam-killer doesn't detect any malicious processes, and MalwareBytes Anti-Malware software doesn't detect any threats, you're likely clean. Please install further Anti-Virus/Malware programs to wipe them from your system. HOWEVER: It is also recommended that you format your drive and start with a fresh copy of your OS after being the victim of a rootkit. Admins: Please feel free to edit my response/add to it if I have stated anything wrong. I hope I help the next victim of this nasty Trojan. A huge Thank-You to the MalwareBytes development team for combating these immoral Trojans.
  3. I believe I am a victim of a rootkit here. I have spent the past 5 hours trying to delete all related CloudNet keys from my registry, only for them to reinstall after restart. Thing(s) I have tried; 1) Booting in safe mode with and without networking (to open MalwareBytes)/do reg edits 2) Installing many different AV programs (none of them will open) 3) Re-assigning all administrative permissions to me (within System 32) 4) Uninstalling CloudNet 5) Checking for foreign IP addresses under host logs/with ISP configuration (I didn't find any, does that mean this is a phishing attack? 6) Renaming the MalwareBytes executable to 'explorer.exe' I have run FRST on my computer, and I have attached the Addition.txt and FRST.txt. I do not have a fixlist.txt however. Please help. P.S to everyone; don't click on risky links. I have already lost a lot of sleep on this one. Addition.txt FRST.txt
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.