flashpointsumone

I also found the tasks without paths, and all are knows tasks, I guess. Attached are the screen shots. Thank you once again for your valuable time.

Thank you for taking so much time to respond and sort this issue, for writing the custom fix and looking through all the logs. I don't have anything else to be worried about, I am assuming that this means, my PC is free of spyware or Malware, and that I don't need to flash the BIOS and Firmware. I will go through all the links and secure my privacy. Hats off to you guys for genuinely fighting against malwares and spywares. I really cannot thank you enough! After Radmin was installed I was wondering if this laptop was fit to be used for work, now I can really sleep in peace.

I started using the VPN only after the suspected malware, anyways, what do I have to check manually ? The tasks without paths or the ports opening up because of the VPN? I did what you asked for, and attached is the log. Fixlog.txt

I uninstalled most of the applications, ran a full scan on MB and I ran FRTS again. Still there are tasks without paths. Attached are all the logs. MB full scan report 200211.txt Addition.txt FRST.txt

Thank you, I updated MB and ran it again. It had already removed the above file from quarantine and restored it back. I forgot to mention that I am blocking inbound and outbound for ports 4889 used by Radmin, port 3389 used by Microsoft remote desktop and inbound for port 443. Ports 443 and 3389 were open when I checked it here https://www.yougetsignal.com/tools/open-ports/ Proton VPN was running at the time, i am not sure it it had anything to do with the open ports. Should I remove all rules set in defender and run FRTS? attached is the MB report after update. MB threat scan log 200211.txt

SO as soon as I installed MB, a website got blocked, the screen shot and report is attached here along with the threat scan report. I do not recognize the web address. MB threat scal.txt MB website blocked report.txt

Hi @AdvanceSetup, thank you for taking the time to look at those logs. dpcsnlbm.exe is GMER. I was reading about rootkit infections here and ran a few scans after new install. ESET online scan was run while windows defender real time scan was disabled. May be this has something to do with the driver failing to load ? I do have my own network router, it is a home/ office connection. I have reset it and changed the SSID, user name and password by logging into it. I have also turned it's firewall on. I have a backup of all the DATA on another Desktop PC which isn't connected to the network currently. I had the restore point enabled before I wiped my HDD, but did a clean install anyways. I opened GMER ( cause I forgot it's name) and the initial scan ran just now, and flagged steam as being modified and being potentially modified by a rootkit. ( I had uninstalled steam just before opening GMER). On another note last full scans on GMER were unsuccessful as GMER simply quit mid scan, and I had a BSOD while I was running it in safe mode, read about it a bit and came to understand that it might be its own drivers, and it is difficult to get it running. ( sorry if I tried to self diagnose the issue). I never owned or downloaded Ring of Elysium game from Steam, funny it even showed up! I might have visited its store page before the scan accidentally via steam, but never tried to install it ever. This is my laptop and I do (did) have some games along with my work. I work on the go as I shuffle between two cities, but always connect to a known router and never any public wi-fi. Now it seems to me that playing games on a work laptop isn't such a good idea! I have uninstalled spotify, steam and it's games, and nahimic too, which is an audio booster software, that worked in tandem with MSI audio driver. I had enabled folder access after the suspected infection. I will disable it now and run a threat scan now. Will post the logs next.

I also have the laptops firmware and BIOS from the vendor, but since it is a bit risky to update them , wanted to get an opinion here.

Hi Everyone, I have been reading a lot about this forum this past week. I own a business and with business comes professional rivalry. A friend of mine gained my trust, and visited my office. Unfortunately at the time my laptop was on and unlocked, and when I went to the rest room, he installed Radmin along with some possible spyware. Since its appearance in my start menu, I have formatted all my dives, and installed windows OS from a usb stick, but ISO was made from the infected laptop and a backup of my files was also created using the same USB drive. The reason I believe that he might have installed a rootkit based spyware is because he has a couple of cousins who are into system security at an IT firm, and post installation they were talking about IP attacks and custom codes to gain access ( I assumed it is directed towards kernels via firmware or BIOS, sorry if I sound naive, but I have limited knowledge of computers as it isn't my field). Since then I have performed multiple scans, but none of the AVs have caught anything, but the strange thing is, files from my steam library got vanished, post attack, about 18.7GB! and now yesterday again, post HDD wipe and reinstall, few files went missing about 300KB.. while this might not be related, I just want to be sure. The "friend" in question also shared a snap shot of his PC that was apparently hacked, along with a location pin. So I believe that this spyware might be transmitting my location every time it connects to the internet. So i need help. I went here first https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ and installed FRST, and I am attaching the logs here as instructed. Kindly advice. Addition.txt FRST.txt