Jump to content

DR_M

Experts
  • Posts

    61
  • Joined

  • Last visited

Everything posted by DR_M

  1. It must be a F/P detection, since every time I run the Netflix app, there is a detection about a trojan. See the attachment please. MBAM.txt
  2. KpRm by kernel-panik was/is used by Malware Analysts to remove the tools used during cleaning procedure, and reset the restore points. The detection is a false/positive and that is why I started this topic. More info here: Downloads - KpRm - ToolsLib Any useful input would be appreciated.
  3. It seems that Malwarebytes detects KpRm as malware. However it is a false positive detection. Can you please check that?
  4. I'm leaving this thread due to lack of feedback.
  5. Welcome to Malwarebytes Forums. I will be assisting you regarding your computer's issues. Here, we will check your computer for malware. Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after: 1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens! 2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so. 3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure. 4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC. 5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently. 6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. ================================================== I'll be waiting for you to post the requested zip file.
  6. Hi, dyrok. Welcome to Malwarebytes Forums. I will be assisting you regarding your computer's issues. Here, we will check your computer for malware. Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after: 1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens! 2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so. 3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure. 4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC. 5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently. 6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. ============================= Your computer has several issues. Some questions for you before we begin: 1. Did you intentionally set these? HKU\S-1-5-21-2350236827-2806046543-4060741438-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-2350236827-2806046543-4060741438-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-2350236827-2806046543-4060741438-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-2350236827-2806046543-4060741438-1001\Software\Classes\.cmd: => <==== ATTENTION 2. Your hosts file has signs of pirated programs. As I mentioned above, having such programs consists a real threat for your security. If you have such programs, please uninstall them and report back what you uninstalled.
  7. Thank again, blender. The computer belongs to his teenage, he said. So, I'll just briefly mention that, asking him to tell his son to be careful if he wants to use it again.
  8. I thank you, blender. I really appreciate you took time to check this. Talking about false-positives, the same MBAM scan detected these: Malware.AI.2563702741, C:\USERS\MAXXY\APPDATA\ROAMING\KRNL\KRNLUI.EXE, No Action By User, 1000000, -1731264555, 1.0.65833, A8A98DB71490F14698CEFFD5, dds, 02173581, 39ED86952A1E7926924A18802C0B75E4, B84CEB86E9A8EBA4D168F2CC6C9010C93779641E595F900AAFE8CFEF6165C126 Malware.AI.4290638100, C:\USERS\MAXXY\APPDATA\ROAMING\KRNL\KRNL.DLL, No Action By User, 1000000, -4329196, 1.0.65833, 53C1C875A695C8F7FFBDF114, dds, 02173581, DD2CEAD4E9DDED0E029457061C4DCFD5, BB8125901CA3CAF7DD5F726085F21D08B2E3736F4109E0530DA118E3DC54CB1B Although I deleted those files, it seems that they are part of Roblox. It seems that most of game related software include ... weird things, let say...
  9. Yes, in this case believe it is part of malware. From here: This Coinminer adds the following folders: %Application Data%\Microsoft\Libs It drops the following files: %Application Data%\Microsoft\Libs\sihost64.exe %Application Data%\Microsoft\Libs\WR64.sys %User Temp%\Services.exe It's not exactly the same folder names but, as you said, the location places it in the same category. C:\USERS\MAXXY\APPDATA\ROAMING\WINDOWS\TELEMETRY\SIHOST64.EXE C:\USERS\MAXXY\APPDATA\ROAMING\WINDOWS\Libs\WR64.sys I asked fresh FRST logs to remove any item left behind. The topic is here.
  10. Complete different location for that file here: Trojan.Inject4.8539 — Dr.Web Malware description libruary (drweb.com)
  11. I'm attaching the file. It contains only a file now, which is detected only by one antivirus in VT, however it seems malicious to me. What do you think? 18.02.2023_20.27.42.zip
  12. That is what I thought and asked them not to quarantine the file. Thanks, blender. I will attach the other folder as soon as the user posts.
  13. Letting you know that the user will return tomorrow. By then, perhaps you have a result about the first file. Have in mind that the user has the following programs installed: JJSploit 6.4.0 JJS-UI 6.4.12
  14. The second one indeed is a malware. Actually the whole folder (Windows) in there is suspicious. But why not detected by MBAM?
  15. Is this a false-positive detection? Malware.AI.4165278293, C:\USERS\MAXXY\APPDATA\LOCAL\PROGRAMS\JJSPLOIT\INDICIUM SUPRA.DLL, No Action By User, 1000000, -129689003, 1.0.65833, AD234CD8EBC05C4EF8451A55, dds, 02173581, 42CD8AC756011A21FBAE0FE95DE11D0E, DFF16A67DE18B2D9F8437796FAE6BC6CEFF9E7C953249089ACED406924A55190 Also, I don't remember seeing this before: Trojan.Agent, C:\USERS\MAXXY\APPDATA\ROAMING\WINDOWS\TELEMETRY\SIHOST64.EXE, No Action By User, 472, 988375, 1.0.65833, A61F6631BDA1F0A476F0E28D, dds, 02173581, 85BB1E5D26DB9E800D6F66803876F4B6, 9E154B4D2A6BBCBF0F97A5141A769B9B306D6FC46A3DC52074A41E97F5897A51 Thank you. :)
  16. That is normal. As you can see, the tool performs several processes: ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines Now we finished, here are some useful tips for your future security: Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following: 1. Keep your Windows updated! It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. 2. Update 3rd Party Software Programs Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated. 3. Update the browsers you use Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated. 4. Be careful about what you download and what you open! Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.Do not open any files without being certain of what they are! 5. Avoid questionable web sites! Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is. 6. Registry cleaners/driver boosters/system optimizers I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities. 7. PC means personal computer! Don't give access to your computer to friends or family who appear to be clueless about what they are doing. 8. Back-up your work! Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups. 9. Must-Have Software An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Avast. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe. Happy safe computing. I'm glad I was able to help you.
  17. Hello. Those detections are false-positive detections. We provide assistance as Malware Experts in this Forum, and it would be at least ironical to ask you to downlead a trojan! KpRm is completely safe to use.
  18. Hi, and Happy New Year. Actually it was the McAfee instants that made your computer slow, using almost all the available memory. Since you never installed it intentionally, it seems that it has been installed with other programs you installed. That's why you must be extremely careful about what you install and what is also bundled with it. Your logs are clean and there is no need to reset your computer, unless you would like to. The following tool will remove the tools we used as well as reset system restore points: Download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator.Read and accept the disclaimer.When the tool opens, ensure all boxes under Actions are checked.Under Delete Quarantines select Delete Now, then click Run.Once complete, click OK.A log will open in Notepad titled kprm-(date).txt.Please copy and paste its contents in your next reply.
  19. Very good. Is there any remaining issue/question/concern regarding this computer?
  20. We missed a service. Start with Safe mode, as you did here. While in Safe mode... FRST fix Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Download the attached fixlist and save it on to your Desktop. Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. In your next reply please post: The fixlog.txt fixlist.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.