Jump to content

WonkoTheSane

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by WonkoTheSane

    Understanding just how compromised my PC is

    in Resolved Malware Removal Logs

    Posted

    I have just discovered that my PC has been compromised when i found that my AV had been disabled completely (BullGuard), after which i found that Defender had been removed and updates are stuck in a loop checking for the latest versions. I used Malwarebytes to scan and remove everything that is infected and then repaired windows by refreshing from an ISO, i am not sure if that has fixed everything and i would like to know what the virus(es) were doing to see if any of my personal data i.e. passwords and bank info are at risk, any help you can give me in understanding the logs from the virus scan will be greatly appreciated.

    The Logs are as follows:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/12/20
    Scan Time: 9:24 AM
    Log File: ca79535c-3c5b-11eb-ab89-f875a4f50478.json

    -Software Information-
    Version: 4.3.0.98
    Components Version: 1.0.1130
    Update Package Version: 1.0.34245
    License: Trial

    -System Information-
    OS: Windows 10 (Build 18362.1139)
    CPU: x64
    File System: NTFS
    User: LAPTOP-84M4JG3I\liami

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 309097
    Threats Detected: 27
    Threats Quarantined: 27
    Time Elapsed: 1 min, 20 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 12
    Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 887, 653659, , , , , , 
    Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}, Quarantined, 887, 653659, , , , , , 
    Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}, Quarantined, 887, 653659, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 503, 780529, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10A082C1-2357-45E4-B34B-69F4F1241F61}, Quarantined, 503, 780529, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{10A082C1-2357-45E4-B34B-69F4F1241F61}, Quarantined, 503, 780529, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 503, 735770, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}, Quarantined, 503, 735770, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}, Quarantined, 503, 735770, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}, Quarantined, 503, 780231, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}, Quarantined, 503, 780231, , , , , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, Quarantined, 503, 780231, 1.0.34245, , ame, , , 

    Registry Value: 4
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{10A082C1-2357-45E4-B34B-69F4F1241F61}|PATH, Quarantined, 503, 780528, 1.0.34245, , ame, , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2C24D2BA-1EF6-403D-A9BD-7160D4AABBE9}|PATH, Quarantined, 503, 782993, 1.0.34245, , ame, , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96784EDC-EA9D-4E98-B710-BEED7B0D7389}|PATH, Quarantined, 503, 784920, 1.0.34245, , ame, , , 
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D6EB7721-CBAA-4AE1-A296-AEBA4F3EBDD7}|PATH, Quarantined, 503, 780232, 1.0.34245, , ame, , , 

    Registry Data: 3
    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, 14158, 293294, 1.0.34245, , ame, , , 
    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, 14158, 293295, 1.0.34245, , ame, , , 
    PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, 14158, 293296, 1.0.34245, , ame, , , 

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 8
    Backdoor.Agent, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\WDI\SrvHost, Quarantined, 887, 653659, , , , , 2D2065A8E06A248F3E18E945BFB33AFC, D52057FD28C0B95B67D8AC82FB89B1960E7692B01B9E308A2DDA8FE6C57D3A81
    Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, Quarantined, 887, 653659, 1.0.34245, , ame, , 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44
    Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 503, 780529, 1.0.34245, , ame, , 87544ECF215B9BAD38F6B6C126B36E70, DC87DDC347948A9E6356A8ADCEF47F2893C3DA4DDD333B318BA5F553B9736F2D
    Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 503, 735770, 1.0.34245, , ame, , 5314D1656CD5A9710413BB0F5877DAF6, 937184B7B0231D1A4415486D2764795FA36209D28D886F65D1DD9DCD93B1E158
    Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 503, 780231, , , , , 432E45B4F8A5189CFB304771A16F2C4C, DE8616EC888B88E29A8C0ABBA72F996B2224F0C70E89C5D6B5B7673E924D01D0
    Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, Quarantined, 0, 392686, 1.0.34245, , shuriken, , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
    Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\WSLOGON0OF.DAT, Quarantined, 0, 392686, 1.0.34245, , shuriken, , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
    Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Quarantined, 4107, 676770, 1.0.34245, , ame, , 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

     

    Thanks for any help you can give

    Liam

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.