Jump to content

nicovernio

Members
  • Content Count

    6
  • Joined

  • Last visited

About nicovernio

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello Nasdaq, So far so good, the trojan didn't come back. I have disconnected my account and Firefox isn't syncing since. I will re-connect and sync today and post again if having a new infection. Regarding the laptop, I have created a new topic here: https://forums.malwarebytes.com/topic/255709-preventing-return-of-winlogui/ Thanks again for your help. :-)
  2. Hello, Both Desktop and Laptop (Surface Pro - really bad, don't buy Microsoft devices!) have been infected with winlogui trojan/bitcoin miner. The trojan kept coming back, revealing some king of back door or flaw allowing re-infection after cleanup. The infection may be related to browser account information and sharing it across devices may be an issue... This device should be clean. The system was reinstalled after infection and nothing have been spotted by Malwarebytes since. Yet, my browser was connected to my account and sharing information, so would appreciate your help to check if some process/information is opening doors for re-infection. I attach FRST and Addition files. Thanks! PS: Malwarebytes actually spot one suspicious registry entry, but it is a known entry I have manually created. FRST.txt Addition.txt
  3. Hello again, System was restored and fixlist ran. Find fixlog attached. I may look into the firefox account sync anyway, just to make sure... One question, though, if it is related to sharing firefox across devices. It didn't come back yet, but I had the same trojan (winlogui) on a portable I share firefox info with... I am thinking that it is certainly needing fixing too. Should I use the same fixlist file, or -making more sense- scan and post the result for you to check it/generate a new fixlist for it? If the latest, should I post the scan report here or create a new thread? Fixlog.txt
  4. Hello Nasdaq, Thanks for such fast reply. I will do as suggested, running the fix first, then, if problem persists, looking after Firefox sync. I'll post the fixlog file accordingly. But so to say; I had the quarantined files and restored system yesterday, when posting. But the trojan came back again at restart today. Malwarebyte spot more files than it did yesterday. I attach the scan report here (MB_log_winlogui_200115.txt). I will quarantine, restore to yesterday's point then proceed to the fix (then post again). MB_log_winlogui_200115.txt
  5. Hello, I realised my computer was having a problem. It would not go to sleep anymore, would prompt an error when trying to update and windows defender be disabled (not opening from settings and icon missing in task bar). Upon further research, I used Malwarebyte to scan, identify and quarantined winlogui bitcoin miner trojan (see MB_log_winlogui.txt attached). I restored the computer back to a previous point and got defender, sleep and update back to normal. But the defender icon vanished again a couple of days later. Update and sleep would also fail again. A new scan revealed that the exact same files were back. I have tried to installed an antivirus, thinking that defender was not good enough. I installed free version of Avira. A day later, Avira's and Defender task bar icon would not show up again... sleep and update would fail, the trojan was back. A backdoor is obviously open... Could you please help? PS: I am not sure how to use it myself, but reading through on the forum, seen that you are using FRST most of the time. I attach the result of the scan (FRSR.txt). The scan generated another file I am not sure is important, but is attached here as well (Addition.txt). FRST.txt Addition.txt MB_log_winlogui.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.