Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Hi Kev, so after removing those files, and general delete and clean up, as well as using Revo to get rid of the program which didn't want to be removed. I used CCleaner to clean up the registry, and uninstalled it afterwards. Ran Rogue/MERST/Malware/Windows scans again on full and all came back clean. So thank you once again for the help and I'll send you something on paypal. Thanks, Kris
  2. My system is running normally, then again if it slowed down bit I wouldn't notice, it's pretty fast. But have a good night! I'll download CC cleaner in the mean time.
  3. Please ignore the last two attached images, forgot to remove. Also, redid a MSERT quick scan, 3 files came up infected, I recorded it however and played it back in slow motion. C:\Program Files\qBittorent\qbittorrent.exe got it to two. Then three However, the MSERT log file says
  4. The XP https://www.virustotal.com/gui/file/b20687ff050c717e6dd79a2a5c04f360d470f21637d341d1df6eede3603d557e/detection I reanalyzed the file, however it went down to a 3, it no longer was detected by Sophos or Qihoo360 here: https://www.virustotal.com/gui/file/b20687ff050c717e6dd79a2a5c04f360d470f21637d341d1df6eede3603d557e/detection My pc couldn't find C:\Users\Kris\AppData\Roaming\uTorrent Web\utweb.exe or even C:\Users\Kris\AppData\Roaming\uTorrent Web so what I did, I searched "This PC" for them and: So after I manually searched for them however I couldn't find any of the above entries. So I manually looked for them using their file locations. The first one lead me to: I ran the first two entries due to their late date and it has Account Unknown as one of the usernames, not sure if that's normal, but apparently created Friday. But using Virustotal, No security vendors flagged this file as malicious. However, I found but this too was no security...malicious. The second entry: The last entry: I ran it in virus total and no security vendors flagged, all went undetected.
  5. RogueKiller Anti-Malware V15.0.8.0 (x64) [Jul 13 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19042) 64-bit Started in : Normal mode User : Kris [Administrator] Started from : C:\Users\Kris\Desktop\RogueKiller_portable64.exe Signatures : 20210729_115300, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/08/01 19:17:01 (Duration : 00:02:32) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> O4 - Run [Suspicious.Path (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1064140606-41284523-1537055238-1002\Software\Microsoft\Windows\CurrentVersion\Run|utweb -- "C:\Users\Kris\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (missing) -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Tr.Gen (Malicious)] (file) XD_sp.exe -- C:\Program Files\Common Files\Adobe\Adobe XD\XD_sp.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  6. Hi kev, re-ran a quick scan just to be safe and sure enough: (this is a screenshot) it became like this on my systyem32.
  7. Hi Kev, See attached. The Microsoft Safety Scanner found 2 infected files but at the end said there were no problems. Also is the PASSWD text document normal? Fixlog.txt msert.log
  8. Hi Kevin, I was just about to do those logs myself, here you go, I'm also attaching ADWCleaner's logs, as it found something. Addition.txt FRST.txt AdwCleaner[C00].txt AdwCleaner[S00].txt AdwCleaner[S01].txt
  9. There's an application in my control panel I can't seem to delete, however I tried to follow the file paths in its modify/repair/change, and when I try to remove/delete I get things like this: . and now my windows defender keeps giving me trojan errors.
  10. I was watching some trading tutorials and downloading some torrents, and some ads popped up, I didn't really paid them any attention, as I assumed it was the next stage of the process, unfortunately I realized too late it was just an unwanted tab telling me to click yes. What followed was Google Chrome repeatedly sending me unwanted desktop notifications from some "Rjxcy your computer may be affected". I went into settings on Google Chrome and there was a website listed here: which I blocked or deleted, can't remember. I then made Malware bytes run a scan which I included rootkits and maaaaaybe archives, can't remember. And it came up with several things. I even ran a full windows defender and Microsoft offline scan and several things were removed. I attached all of the logs from today, the file labelled 0 is the last scan I did (quick scan). A Full scan takes about 2 and a half hours. I quarantined and then removed said detections. However, during my scans and as well as playing a game this has been popping up randomly. Im tempted top remove the file but I don't want to make things worse, all of my scans and windows scans say there isn't a problem, however, that thing pops up every now and again. Any ideas? Thanks 0.txt 2.txt 3.txt 9.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.