WonkoTheSane

Members

View Profile See their activity

Posts
1
Joined
December 12, 2020
Last visited
February 8, 2021

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by WonkoTheSane

Understanding just how compromised my PC is

WonkoTheSane posted a topic in Resolved Malware Removal Logs

I have just discovered that my PC has been compromised when i found that my AV had been disabled completely (BullGuard), after which i found that Defender had been removed and updates are stuck in a loop checking for the latest versions. I used Malwarebytes to scan and remove everything that is infected and then repaired windows by refreshing from an ISO, i am not sure if that has fixed everything and i would like to know what the virus(es) were doing to see if any of my personal data i.e. passwords and bank info are at risk, any help you can give me in understanding the logs from the virus scan will be greatly appreciated. The Logs are as follows: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/12/20 Scan Time: 9:24 AM Log File: ca79535c-3c5b-11eb-ab89-f875a4f50478.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.34245 License: Trial -System Information- OS: Windows 10 (Build 18362.1139) CPU: x64 File System: NTFS User: LAPTOP-84M4JG3I\liami -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 309097 Threats Detected: 27 Threats Quarantined: 27 Time Elapsed: 1 min, 20 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 12 Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 887, 653659, , , , , , Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}, Quarantined, 887, 653659, , , , , , Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}, Quarantined, 887, 653659, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10A082C1-2357-45E4-B34B-69F4F1241F61}, Quarantined, 503, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{10A082C1-2357-45E4-B34B-69F4F1241F61}, Quarantined, 503, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}, Quarantined, 503, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}, Quarantined, 503, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}, Quarantined, 503, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}, Quarantined, 503, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.34245, , ame, , , Registry Value: 4 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10A082C1-2357-45E4-B34B-69F4F1241F61}|PATH, Quarantined, 503, 780528, 1.0.34245, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}|PATH, Quarantined, 503, 782993, 1.0.34245, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}|PATH, Quarantined, 503, 784920, 1.0.34245, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}|PATH, Quarantined, 503, 780232, 1.0.34245, , ame, , , Registry Data: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, 14158, 293294, 1.0.34245, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, 14158, 293295, 1.0.34245, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, 14158, 293296, 1.0.34245, , ame, , , Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 8 Backdoor.Agent, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\WDI\SrvHost, Quarantined, 887, 653659, , , , , 2D2065A8E06A248F3E18E945BFB33AFC, D52057FD28C0B95B67D8AC82FB89B1960E7692B01B9E308A2DDA8FE6C57D3A81 Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, Quarantined, 887, 653659, 1.0.34245, , ame, , 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.34245, , ame, , 87544ECF215B9BAD38F6B6C126B36E70, DC87DDC347948A9E6356A8ADCEF47F2893C3DA4DDD333B318BA5F553B9736F2D Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.34245, , ame, , 5314D1656CD5A9710413BB0F5877DAF6, 937184B7B0231D1A4415486D2764795FA36209D28D886F65D1DD9DCD93B1E158 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 432E45B4F8A5189CFB304771A16F2C4C, DE8616EC888B88E29A8C0ABBA72F996B2224F0C70E89C5D6B5B7673E924D01D0 Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, Quarantined, 0, 392686, 1.0.34245, , shuriken, , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\WSLOGON0OF.DAT, Quarantined, 0, 392686, 1.0.34245, , shuriken, , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1 Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Quarantined, 4107, 676770, 1.0.34245, , ame, , 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Thanks for any help you can give Liam
- December 12, 2020
- 4 replies

Sign In

WonkoTheSane

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by WonkoTheSane

Understanding just how compromised my PC is

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information