Jump to content

rollingtatoo22

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by rollingtatoo22

  1. I've had this false positive too on the same day. I'd like to precise that in my case, the suspicious 7z.exe wasn't my main one, but one bundled to Sourcetree in its Program Files (x86) directory. Is there any chance that it wasn't a false positive, but that the Trojan would have morphed and/or moved somewhere else in my system? I'm probably being paranoid, but reading a little on SmokeLoader, i thought it was the kind of tactic it would be able to do. Might have misunderstood what i've read.
  2. Hi there, Here's the SecurityCheck result. Should have done it right then, it was faster then expected. So, i should update every applications listed with a warning, i suppose? I've restored the file and sent it on virustotal, it says no engines detected this file. I guess it was a false alert. SecurityCheck.txt
  3. I will upload the file and run this tool tomorrow as soon as i get online, most likely in the afternoon. Have a good rest!
  4. Well, seems all fine just like you expected. I'm relieved. I'm sure you must be pretty busy, but if you ever find a couple minutes to give me a piece of your mind about my security setup, i'd be glad about it. Otherwise, i completely understand. About the "uwamp\bin\apache\bin\htpasswd.exe has been detected by MalwareByte as Malware.AI.4031076051" issue, now that it's been quarantined by MalwareByte and before i permanently delete it, would you like it if i zip it and send it to you or else for analysis? I thought it might be useful since MalwareByte described Malware.AI as unknown threats that have not been researched on or classified yet. Thanks a lot for your support! It's been greatly appreciated. esetLog20200801.txt
  5. I didn't mention it, but now that i think about it, yesterday when i first received the Protection warning, i was playing around with the router i just configured as an Access Point and have trouble with (hence why i was looking for an SSH Cheatsheet), which i was connected to, and had its SPI Firewall disactivated at this moment. My WAN router still had it's firewall on at this moment though (thanks to the ISP firmware that wouldn't let me turn it down to do my tests). Should i worry about this?
  6. Ok, i started the ESET Full Scan. Thanks a lot, i'm glad i've come across you. Coming back to you as soon it is over
  7. I had my guard down, but i guess i'll have to be more careful in the future when visiting sites i don't know. Maybe i should check them on Website Scanners or open them on a VM first to be sure. Seeming legit don't mean much
  8. No, i wasn't aware of this site at all. I was looking for a SSH Cheatsheet and it's the first result DuckDuckGo sent me back. Thought it seemed legit... :\
  9. Tell me if those weren't Protection logs. I dont think i still have the first one from Yesterday unfortunately. Here are the new FRST logs after rebooting Addition.txt FRST.txt
  10. I have not rebooted my pc before running FRST. Should i run the scan again after rebooting to make sure it's ok?
  11. This was MalwareByte's report (step 1). I didn't kept my Step 2 report, coming a.s.a.p.
  12. Hi again. I realized that i only did the complete MalwareByte scan with rootkit detection on my admin account, doing it once again on my main account i actually found a potential Malware (uwamp\bin\apache\bin\htpasswd.exe has been detected by MalwareByte as Malware.AI.4031076051) in a UWAMP directory at the root of my C: drive. This uwamp folder was provided to me by my school at least a year ago, in a programming context. If i remember well, at the time my antivirus did send a warning which i was told was normal and instructed to ignore. I think i might have had issue trying to get rid of this folder since. Before yesterday, i wasn't aware that MalwareByte had an advanced scanning solution with rootkit scan to be checked, so it is possible that it has been sitting there since i added the folder over a year ago... but I find it suspicious that my MalwareByte full scan including rootkits didn't find it when i did it on my Admin account, since the uWamp folder is located at the root of my c: drive and not inside a user-specific directory... I would have expected a scan from admin account to lookup the whole drive without consideration for user account, but this one scan from main account was definitely a lot longer and scanned more files than the one on admin account. Maybe the file has been maliciously added or editted since the previous scan? I can't tell. Hope to reach an expert soon.
  13. Here's a screenshot of those Brave site settings, in the case you'd consider it appropriate to look them up and confirm/infirm if they can make my web surfing safer in unknown waters
  14. Also, regarding Brave Browser, i added Photos to the blocked by default as well as Music and Sounds, and i changed the "ask when a site tries to download files automatically after the first site" to "do not allow any site to download multiple files automatically". Please, tell me if any of those configs are useless; i get that many are pretty excessive, but i like to comfort myself knowing that any (or almost any if any isn't possible) passive potential point of infection is locked by default navigating websites i don't know, which i'm regularly forced to. I don't remember encountering any such Trojan warning by navigating websites i don't know since using Brave this way, so i guessed it did the job... until yesterday (i obviously still try to limit my navigating to safe websites (as far as i could tell) when possible, so it very well might be the only reason).
  15. By complete MalwareByte scan, i mean i went into the advanced scan and checked the rootkit scan, to be clear.
  16. Hi there, Yesterday i went on this website: pentestmonkey .net/cheat-sheet/ssh-cheat-sheet (i broke the link to make sure no one click on it by accident), and without interacting in anyway with the site once there, MalwareByte notified me that it blocked the website because of a Trojan horse attack, by real-time protection. Curiously, or rather luckily, my MalwareByte Prenium trial ended like 30 minutes afterwise. I didn't expect this, but simply writting the link without breaking it on this post, obviously without going on the site or clicking on the link, led to 2 other consecutives warnings from MalwareByte about Site Blocked by real-time protection against a Trojan. I'm really surprised, i really didn't thought that simply pasting a link without clicking it could lead to an attack..? Also, i'm using Brave Browser to block every cookies, every javascript, trackers (standard before, just noticed there is now an aggressive mode which i just configured) and fingerprint (same as trackers, new aggressive mode i just configured) for every site until specified otherwise, so i wasn't expecting to be so easily vulnerable navigating websites without even clicking anything, and simply typing URLs... I just disactivated the "preload pages for faster browsing and searching option" though, do you think it might prevent such attacks from simply typing URLs without interacting with them? I will also block every sound and music by default in the future until specified otherwise, since it's the only content that i can think of that i've left unblocked by default by Brave, as recommended by them. Anyway, i'm worried because i actually copied the link to some Website Scanners yesterday after my prenium trial went down (all of which warned me it was potentially malicious / blacklisted), so if it is enough to infect my PC i might not have been properly protected by MalwareByte at this moment... I'd love it if i could provide my FRST logs to some expert which could ensure me my PCs isn't going to end up crypted in the coming days or else. To resume what i've did since then: i ran a complete MalwareByte scan, i downloaded and ran AdwCleaner, ran CCleaner classical scan as well as it's registry scan tool, manually cleared the cache and data's on the browser i used at this moment as well as my other browser, ran Window's file cleaning tools, ran a complete scan of my PC with Norton, and i ran Norton Power Eraser in rootkit mode. I also repeated the process with Admin permission and on an Admin account on my PC since the account i used at this moment was not. Everything seems fine regarding all those scans. I also downloaded and ran a FRST scan (i hate the fact that Farbar has no official website and that FRST must absolutely be downloaded by third-party websites, which i normally avoid at all time) and looked up the log quickly, but i'm not a malware removal expert and obviously i can't tell much from the logs that resulted (aside that Wondershare, which i've uninstalled, seems to still be in my PC). Does FRST details in any way if any result in the log is potentially malicious to their knowledge, or does it necessarily must be looked up by an expert to spot anything potentially malicious? If so, is there a specific way to provide such logs to experts on this forum in a secure, non-publicly accessible way? Those logs are super extensive, i don't know that much about cybersecurity but i wouldn't be surprised if it could be used maliciously if falling in the wrong hands. I hope that i'm worrying for nothing, and that an expert of yours will respond quickly to confirm or infirm it as soon as possible. I will provide the logs in the specified way as soon as i get an answer from such expert. Since then, i will repeat the process once more to be sure since i've received those two warnings writing this post.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.