Jump to content

Joseph065

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

1 Neutral
  1. Hey, I have updated Windows to the latest version. Now everything is back to normal. Thanks for helping me along the way. If there are there further steps i need to take please let me know. Otherwise, Thank you again for this.
  2. mbar-log-2021-06-30 (08-16-24).txt system-log.txt
  3. Hey Maurice, Thank you for helping me out. I have done exactly as you mentioned. I hope it's done correctly this time. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/29/21 Scan Time: 10:55 PM Log File: 0fa35b72-d8ff-11eb-8799-000000000000.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1344 Update Package Version: 1.0.42431 License: Trial -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: LAPTOP-T6MFT8MD\josep -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 313293 Threats Detected: 28 Threats Quarantined: 28 Time Elapsed: 4 min, 8 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 12 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{602A64B4-2BCA-495C-9088-0017EB4A7A21}, Quarantined, 511, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{602A64B4-2BCA-495C-9088-0017EB4A7A21}, Quarantined, 511, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 511, 780231, 1.0.42431, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, Quarantined, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}, Quarantined, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}, Quarantined, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, Quarantined, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}, Quarantined, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}, Quarantined, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, Quarantined, 511, 735769, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5B358FC-110E-449E-ABFA-A490774568B6}, Quarantined, 511, 735769, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E5B358FC-110E-449E-ABFA-A490774568B6}, Quarantined, 511, 735769, , , , , , Registry Value: 5 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{602A64B4-2BCA-495C-9088-0017EB4A7A21}|PATH, Quarantined, 511, 780232, 1.0.42431, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}|PATH, Quarantined, 511, 782993, 1.0.42431, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5B358FC-110E-449E-ABFA-A490774568B6}|PATH, Quarantined, 511, 784920, 1.0.42431, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}|PATH, Quarantined, 511, 780528, 1.0.42431, , ame, , , Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{1C6D1FC8-AFF2-4989-A86C-4DEF8B475F63}, Quarantined, 594, 840273, 1.0.42431, , ame, , , Registry Data: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, 14866, 293294, 1.0.42431, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, 14866, 293295, 1.0.42431, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, 14866, 293296, 1.0.42431, , ame, , , Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 8 Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, Quarantined, 939, 653659, 1.0.42431, 4344A67B8675AC33F0793761, dds, 01311309, 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, Quarantined, 511, 780231, , , , , E908B92436B398ADBB09517D90DE0380, F31B4A01BC28AE1985EECB34AC847576AD2B195289C4C5C56400FE1A2AE9CB1E Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, Quarantined, 511, 735770, 1.0.42431, , ame, , B803B8A7F3F229E1A5BC1AE4C69845AC, 4770372216358218AA164F45DF9C9E2C466E3BEC48FBC9D318F08C509700BDB8 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, Quarantined, 511, 780529, 1.0.42431, , ame, , 923EA1C4F60AAE218470992F965CD031, 6060E3F89FC96DDFB2AD5A8821EE8C763EFB94D5199497765F18E7E112FCDBA4 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, Quarantined, 511, 735769, 1.0.42431, , ame, , 073B9CE63A913AC469671DB50D018351, B51A0843AA72F9D227620FF02F6F1EA528D37782205807D2C71575D33F91E4CD Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, Quarantined, 594, 767022, 1.0.42431, 5F9E6EA4D50E4E73FF7C1A1F, dds, 01311309, 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, Quarantined, 594, 767023, 1.0.42431, 611487D2ED0D820FFE25C2CB, dds, 01311309, FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1 Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, Quarantined, 4178, 676770, 1.0.42431, 156192EA04FF327487B2164E, dds, 01311309, 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Step 3 files attached. First and addition Addition.txt First.txt
  5. Log from Step 1: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/28/21 Scan Time: 10:52 AM Log File: d3ee6c7c-d7d0-11eb-9ec4-000000000000.json -Software Information- Version: 4.4.0.117 Components Version: 1.0.1344 Update Package Version: 1.0.42359 License: Trial -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: LAPTOP-T6MFT8MD\josep -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 313007 Threats Detected: 28 Threats Quarantined: 0 Time Elapsed: 2 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 12 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, No Action By User, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}, No Action By User, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}, No Action By User, 511, 735770, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5B358FC-110E-449E-ABFA-A490774568B6}, No Action By User, 511, 784919, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E5B358FC-110E-449E-ABFA-A490774568B6}, No Action By User, 511, 784919, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WDI\SrvHost, No Action By User, 511, 784919, 1.0.42359, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, No Action By User, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}, No Action By User, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}, No Action By User, 511, 780529, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{602A64B4-2BCA-495C-9088-0017EB4A7A21}, No Action By User, 511, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{602A64B4-2BCA-495C-9088-0017EB4A7A21}, No Action By User, 511, 780231, , , , , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, No Action By User, 511, 780231, 1.0.42359, , ame, , , Registry Value: 5 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{1C6D1FC8-AFF2-4989-A86C-4DEF8B475F63}, No Action By User, 594, 840273, 1.0.42359, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{602A64B4-2BCA-495C-9088-0017EB4A7A21}|PATH, No Action By User, 511, 780232, 1.0.42359, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{62DB5F1E-A817-4B5C-80C4-53FC6D58DB20}|PATH, No Action By User, 511, 782993, 1.0.42359, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E5B358FC-110E-449E-ABFA-A490774568B6}|PATH, No Action By User, 511, 784920, 1.0.42359, , ame, , , Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EF3FDCCB-7C00-46F9-981F-31B69CD0DEDE}|PATH, No Action By User, 511, 780528, 1.0.42359, , ame, , , Registry Data: 3 PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, 14861, 293294, 1.0.42359, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 14861, 293295, 1.0.42359, , ame, , , PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 14861, 293296, 1.0.42359, , ame, , , Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 8 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, No Action By User, 511, 735770, 1.0.42359, , ame, , B803B8A7F3F229E1A5BC1AE4C69845AC, 4770372216358218AA164F45DF9C9E2C466E3BEC48FBC9D318F08C509700BDB8 Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, No Action By User, 939, 653659, 1.0.42359, 4344A67B8675AC33F0793761, dds, 01309149, 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WDI\SRVHOST, No Action By User, 511, 784919, , , , , 073B9CE63A913AC469671DB50D018351, B51A0843AA72F9D227620FF02F6F1EA528D37782205807D2C71575D33F91E4CD Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, No Action By User, 511, 780529, 1.0.42359, , ame, , 923EA1C4F60AAE218470992F965CD031, 6060E3F89FC96DDFB2AD5A8821EE8C763EFB94D5199497765F18E7E112FCDBA4 Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, No Action By User, 511, 780231, , , , , E908B92436B398ADBB09517D90DE0380, F31B4A01BC28AE1985EECB34AC847576AD2B195289C4C5C56400FE1A2AE9CB1E Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, No Action By User, 4178, 676770, 1.0.42359, 156192EA04FF327487B2164E, dds, 01309149, 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 594, 767022, 1.0.42359, 5F9E6EA4D50E4E73FF7C1A1F, dds, 01309149, 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 594, 767023, 1.0.42359, 611487D2ED0D820FFE25C2CB, dds, 01309149, FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. I read an older post where they asked the user to install farbar and send the text. so, I have attached the Farbar thing below. It says update and defender not working or something. Just in-case you can't open it i have added the text below too Farbar Service Scanner Version: 23-12-2020 Ran by josep (administrator) on 28-06-2021 at 09:52:55 Running from "C:\Users\josep\Desktop" Microsoft Windows 10 Home Single Language (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Windows Security: ============ SecurityHealthService Service is not running. Checking service configuration: Checking Start type of SecurityHealthService: ATTENTION!=====> Unable to open SecurityHealthService registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open SecurityHealthService registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv: "C:\Windows\system32\svchost.exe -k netsvcs -p". Checking ServiceDll of wuauserv: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Windows Defender Disabled Policy: ========================== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** oh shit my computer has virus.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.