Jump to content

Stoopalini

Members
  • Content Count

    5
  • Joined

  • Last visited

About Stoopalini

  • Rank
    New Member
  1. @nasdaq I just contacted them to check the history, and there hasn't been another log entry of powershell.exe trying to send outbound comms in over 24 hours. So I believe the issue has been resolved.
  2. Will do. I've since driven home, but will check in with them to see if the infection is gone. If not, I'll be back around Christmas to finish it up. Thanks again for your help, it is greatly appreciated!
  3. Thanks for the quick reply. Here is the log result. I won't know if the issue is still present for a while though, as it seems to phone home at random intervals. Fixlog.txt
  4. Oh, and here is the most recent adwcleaner log ... the 1st time I ran it, it did clean up 17 items though. # ------------------------------- # Malwarebytes AdwCleaner 7.4.2.0 # ------------------------------- # Build: 10-21-2019 # Database: 2019-11-20.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-26-2019 # Duration: 00:00:18 # OS: Windows 10 Pro # Scanned: 35226 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner_Debug.log - [53572 octets] - [25/11/2019 20:14:45] AdwCleaner[S00].txt - [2699 octets] - [25/11/2019 20:16:04] AdwCleaner[C00].txt - [2583 octets] - [25/11/2019 20:18:26] AdwCleaner[S01].txt - [1510 octets] - [25/11/2019 20:24:09] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
  5. Hello, My in-laws have MalwareBytes Premuim, and have an infection from a Powershell Trojan virus. Maywarebytes seems to be blocking the outbound communications, but I'm having a hard time removing it. So far I've run RKILL, a full MWB scan (with root kit detection), I've run adwcleaner, FARBAR recovery scan, and Sophos scan ... but the infection is still active. Here is the log from the MWB block notifcation, and I've also attached log files from the other scans. Any help would be greatly appreciated! Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/26/19 Protection Event Time: 7:54 AM Log File: 388e96e8-1054-11ea-b907-484d7eb8a0a5.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.750 Update Package Version: 1.0.15436 License: Premium -System Information- OS: Windows 10 (Build 17763.615) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 185.243.114.53 Port: 54036 Type: Outbound File: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (end) Addition.txt FRST.txt Rkill.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.