Jump to content

atakvn

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by atakvn

  1. Thanks, attached the file. Apart from the tools you linked, I don't have anything besides Malwarebytes to check my system. A few months ago I found userdata of someone that isn't me in my Steam folder, but I thought it was from installing some mods, and since Malwarebytes didn't find anything wrong I thought I should be okay. I'll stay away from worrying too much about things not based on known security tools, sorry if I seemed unreasonable. Please let me know if there's anything of note in the KVRT report and if there are more tools I can use. report_2021.06.05_00.59.31.klr.enc1.txt
  2. Sorry for the delay. I ran the scanner and it found one object, UDS.DangerousObject.Multi.Generic, and Kapersky deleted it. Is there a log file to upload?
  3. It completed very quickly, just took 5 minutes. Is that normal? I downloaded it to E: Desktop which also had FRST64.exe. When I ran FRST64.exe I don't remember getting any prompts asking me to allow it. I clicked Fix once, and after a few minutes it said completed. It said it needed to restart after I clicked OK, and that the tool would not notify me after the PC restarts. I've attached Fixlog.txt. I don't know if I forgot to run as administrator. Tell me if I should run it again. For some files, the log says, "cannot access the file because it is being used by another process." As for how is the system now, I'm still seeing that first trojan being detected in process explorer, but the number of .exe's are fewer than before, and it's still only one .exe at a time. It makes me feel like something is jumping between processes. After removing a lot of malware, less processes are being flagged (IProsetMonitor and jhi_service are gone, and sqlwriter.exe hasn't been flagged yet even though it's still running), but there are still some that get flagged like officeclicktorun, so does that mean the thing is still jumping around? Anyway, I've attached the log file. Fixlog.txt
  4. Maybe this isn't important, but when I try to open process explorer now, it asks me "Do you want to allow this app to make changes to your device?" but it never asked me that before. Does that mean those tools you linked me successfully removed some malware responsible for preventing the request for permission, or that the file is corrupted, or something else? It's a shared computer so I need to tell others if we need to remove documents from this computer and change accounts/emails/passwords or take any other action. Thanks again, sorry for triple replying!
  5. It found one threat and said cleanup successful, so I'll attach the log from that as well since it popped up. SophosVirusRemovalTool.log
  6. Attached the log file. Looks like there are a lot of files that were corrupted and not able to be scanned or opened. SophosVirusRemovalTool.log
  7. Thanks @Maurice Naggar, I've attached the scan log. Still when I open procexp64 and procexp, they show MBAMService.exe and sqlwriter.exe as a virus, and on virustotal they refer to the same Trojan/Generic.ASMalwS.1534BA6 in the first post. Maybe it's not important, but the UI for ESET was a little different than you described. I didn't get an option for "computer scan" and wasn't prompted by Windows, so I just selected Full scan and let it run. Hope I did the right one. eset_scan_log.txt
  8. Thanks @Maurice Naggar, I've attached the msert.log file here. The scan took a few hours to complete. msert.log
  9. I made a mistake, this one is from a couple of years ago. Ignore that one. I'm attaching the one from a minute ago in this post. mbst-grab-results.zip
  10. Process Explorer indicated a new entry under the Virus column yesterday. It was IPO Once I killed that process, deleted the file, and reopened process explorer, it showed a new process. Some that I remember are officeclicktorun.exe, nvcontainer.exe, and now it shows MBAMservice.exe. Earlier it showed some that I can't quite remember, like jhi_service and IProsetMonitor.exe in system32, and then a logitech ghub service, which I uninstalled. On VirusTotal, all those files showed the same thing when uploaded: https://www.virustotal.com/gui/file/e399c390687589194d8aad385055f0cfa7d52ad9e837d8ff95008b8eb2b34e50/community I think it's weird. I'm attaching the threat scan log and the two txt files from the Farbar scan tool. Addition.txt FRST.txt threatscan.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.