Jump to content

Nicholas0009

Honorary Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

 Content Type 

Posts posted by Nicholas0009

    Temp Files that showed up as Malware

    in Resolved Malware Removal Logs

    Posted

    Should I be worried about temp files that show up on Malwarebytes as malware they were banned QQEQUPYWOLZPXXGAPUIXCFNOJNZZIWY and the other one JMBPLJOOSJLOEYEEVDINROELCQXXTHE
    This is what I saved from the malwarebytes scan Malware.AI.4264842330, C:\USERS\blank\APPDATA\LOCAL\TEMP\JMBPLJOOSJLOEYEEVDINROELCQXXTHE, No Action By User, 1000000, -30124966, 1.0.68174, F8B2F67D0647E8D9FE34545A, dds, 02258250, B7B18C453EAA545E5A22D59DB8BEA06A, E754B78A0AA78CCE08B1B88DDA6C73A7324DE47020170D72113FC99F4C3CCD27
    Generic.Malware/Suspicious, C:\USERS\blank\APPDATA\LOCAL\TEMP\QQEQUPYWOLZPXXGAPUIXCFNOJNZZIWY, No Action By User, 0, 392686, 1.0.68174, , shuriken, , 1A94CA857A4E6EE36137B6A1A26220FA, A4F05198D2EE505DE6BB24E008B28228320548AEB32BF8E534EC2409BD1422CF

    Ethereum Miner/Possible Rat (Remote Access Trogan)

    in Resolved Malware Removal Logs

    Posted

    Just now, AdvancedSetup said:

    Thank you for the logs and information @Nicholas0009

    Acronis thinks everything is okay. Looks like it is/was just a temporary issue.

    I'm not seeing any signs of any type of infection or unwanted software.

    Are you experiencing any specific issue at this point in time?

     

    No, I am not experiencing any type of issue I mainly made this 1 to make sure that my pc is safe as after I fac reset after I got the infection from running the program it came back. Then I was told by a friend to format my drives and reset which I did so I just wanted to make sure it was gone. Also possibly a malware researcher to take that malware and expose what it does and how to get rid of it, or add it to Malwarebytes as a detection since I have seen posts about that same folder C:\ProgramData\MM(the rest of the letters).

    Ethereum Miner/Possible Rat (Remote Access Trogan)

    in Resolved Malware Removal Logs

    Posted

    11 minutes ago, AdvancedSetup said:

    About the only other issues I'm seeing now is that you have a VSS error that has cropped up. It could just be a fluke and temporary but let's go ahead and run some tools to check it out.

     

     

    Please download and run the following  Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis

    Acronis VSS Doctor

    Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.
    Download - Acronis VSS Doctor

    In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply.


    You can also try the tool from Macrium Reflect if the Acronis tool did not work.

    Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool


    Once you've run the repair tool you need to restart your computer.
    Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries 

    If you don't have System Restore enabled then please take this time to enable it. If possible choose 10% of your C drive to store Restore Points.

    System Restore disabled or greyed out? Turn On System Restore in Windows 10
     

    Thank you

     

    I ran the Acronis tool and it opened for a couple seconds said "Press 'OK' to re-register Microsoft VSS components and update the Microsoft Shadow Software Provider registry entry" so I clicked "OK" it says "Registering VSS" then closes. Here are my FRST logs after running that tool. Yes I did restart my pc before running the FRST program.

    FRST.txt Addition.txt

    Ethereum Miner/Possible Rat (Remote Access Trogan)

    in Resolved Malware Removal Logs

    Posted

    1 hour ago, AdvancedSetup said:

    From the log. SFC found and fixed some issues

    Windows Resource Protection found corrupt files and successfully repaired them.

     

    Let me have you run two other antivirus scanners so that we can double-check that nothing bypassed security and got installed on the system.

     

    STEP 1

     

    The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

    The download links & the how-to-run-the tool are at this link at Microsoft

    https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

    Please let me know the results of this scan.

    The log is named MSERT.log 

    the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

    C:\Windows\debug\msert.log

    Please attach that log with your next reply.

     

     

    STEP 2

    Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

    I would suggest a free scan with the ESET Online Scanner

    Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

    • It will start a download of "esetonlinescanner.exe"
    • Save the file to your system, such as the Downloads folder, or else to the Desktop.
    • Go to the saved file, and double click it to get it started. 
    • When presented with the initial ESET options, click on "Computer Scan".
    • Next, when prompted by Windows, allow it to start by clicking Yes 
    • When prompted for scan type, Click on Full scan 
    • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
    • Have patience.  The entire process may take an hour or more. There is an initial update download.
    • There is a progress window display.
    • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
    • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
    • Click The blue “Save scan log” to save the log.
    • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
    • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

     

    Note: If you do need to do a File Restore from ESET please follow the directions below

    [KB2915] Restore files quarantined by the ESET Online Scanner version 3

    https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

     

    Then run the Patch My PC program and let it scan and update your applications.

     

    Reboot one more time and let me know if there are any other issues.

    It now about 1:30 AM and I was off work around 7 PM so I'm heading to get some sleep but will check back on you again sometime in the morning

    Cheers

     

     

    Sorry the msert took a while and for some reason said Infections detected:2 but then when it actually finished and I went to the msert.log says "No infection found." but he is the log regardless.

    msert.log

    Ethereum Miner/Possible Rat (Remote Access Trogan)

    in Resolved Malware Removal Logs

    Posted

    21 minutes ago, AdvancedSetup said:

    I'm not sure what the Task was for.

    I run Keepass manually. I keep the master file on an external USB drive to copy to a couple other computers I use but only the USB master copy gets updates. I don't copy or store the file to the Cloud.

     

    A few general rules of thumb or ideas. Updating a driver just to update can potentially cause new issues or regression issues. So updating just to update isn't always wise.

    1. Are you having an issue that you believe a driver would fix?
    2. Does the update address a specific issue you are personally experiencing?
    3. Is the driver update for a security issue that either does or might affect your computer?

    If you don't know for sure that a driver will address and fix your issue then you probably shouldn't install it.

    I've been doing computer support of one type or another now for about 30 years and have never used any generic automated tool to go out and get a driver update. I've used Nvidia to scan for an update and Intel for an update but that is for their own software not a 3rd party generic tool.

     

    Now, software on the other hand often needs updates to fix bugs, issues, security, etc and has a much higher need or concern about potentially keeping it up to date.

    The following program works on demand so no installation and no overhead from it running beyond the time it's doing the update. It works very fast and goes out to the OEM vendor site and grabs the update and silently updates your computer with it.

    I've not read any negative reports about any security issues with the program.

    Patch My PC Home Updater
    https://patchmypc.com/home-updater

    Their is a support forum if wanted and it does have many options. I don't use any of the options myself. I run the tool once a month maybe manually and see what it finds.

    https://patchmypc.com/forum/index.php

     

    I've written the  following page which has quite a few tips, ideas, methods, recommendations on how to keep your data safe and improve your privacy as well. I'd recommend you bookmark it and read as you have time.

     

    Alright thank you for this and here is the file from doing the fix with the FRST64

    Fixlog.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.