Jump to content

siskaprif

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Oh btw, i found a topic here with same situation as mine. Then i followed the instruction using software Everything. Search the cloudnet and epicnet then delete them. And it works. After i reboot my computer and scan it again with malwarebytes, it not find anything. zero threat but not sure if it really delete the virus. However, my windows security, defender, and update is still missing. Need help to recover them. Thank you so much Here is the link of the topic
  2. Thank you for your help. Here is the FSS.txt Farbar Service Scanner Version: 23-12-2020 Ran by user (administrator) on 01-09-2021 at 09:20:46 Running from "C:\Users\user\Documents\EGDownloads" Microsoft Windows 10 Pro (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Windows Security: ============ SecurityHealthService Service is not running. Checking service configuration: Checking Start type of SecurityHealthService: ATTENTION!=====> Unable to open SecurityHealthService registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open SecurityHealthService registry key. The service key does not exist. wscsvc Service is not running. Checking service configuration: Checking Start type of wscsvc: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll of wscsvc: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type of wuauserv: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll of wuauserv: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Disabled. The default start type is Auto. The ImagePath of WinDefend: "%SystemRoot%\System32\svchost.exe -k secsvcs". Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\Drivers\afd.sys => File is digitally signed C:\Windows\System32\Drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\SecurityHealthService.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  3. FYI, my windows defender and windows update are missing in my service. Is it due to those virus? Can it back to normal whan the virus are gone? I'm a bit frustrated here. Thank you so much
  4. Hello, i have scan with TDSSKiller. and here is the log. 07:26:39.0750 0x2910 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46 07:26:43.0962 0x2910 ============================================================ 07:26:43.0962 0x2910 Current date / time: 2021/09/01 07:26:43.0962 07:26:43.0962 0x2910 SystemInfo: 07:26:43.0965 0x2910 07:26:43.0965 0x2910 OS Version: 10.0.19042 ServicePack: 0.0 07:26:43.0965 0x2910 Product type: Workstation 07:26:43.0965 0x2910 ComputerName: PC-HOME 07:26:43.0965 0x2910 UserName: user 07:26:43.0965 0x2910 Windows directory: C:\WINDOWS 07:26:43.0965 0x2910 System windows directory: C:\WINDOWS 07:26:43.0965 0x2910 Running under WOW64 07:26:43.0965 0x2910 Processor architecture: Intel x64 07:26:43.0965 0x2910 Number of processors: 8 07:26:43.0965 0x2910 Page size: 0x1000 07:26:43.0965 0x2910 Boot type: Normal boot 07:26:43.0965 0x2910 CodeIntegrityOptions = 0x00000001 07:26:43.0965 0x2910 ============================================================ 07:26:43.0966 0x2910 KLMD ARK init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D 07:26:43.0966 0x2910 KLMD BG init status: drvProperties = 0xEF0F02, osBuild = 19041.0, osProperties = 0x1D 07:26:43.0966 0x2910 BG loaded 07:26:44.0117 0x2910 System UUID: {66E929B6-F7DE-7713-B135-A3359BC56DCD} 07:26:44.0326 0x2910 !crdlk 07:26:44.0329 0x2910 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C0EE0E00 ( 1863.01 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 07:26:44.0334 0x2910 ============================================================ 07:26:44.0334 0x2910 \Device\Harddisk0\DR0: 07:26:44.0335 0x2910 MBR partitions: 07:26:44.0335 0x2910 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000 07:26:44.0335 0x2910 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x3CE8E33B 07:26:44.0335 0x2910 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0xABD76000 07:26:44.0336 0x2910 ============================================================ 07:26:44.0339 0x2910 C: <-> \Device\Harddisk0\DR0\Partition2 07:26:44.0340 0x2910 E: <-> \Device\Harddisk0\DR0\Partition3 07:26:44.0340 0x2910 ============================================================ 07:26:44.0340 0x2910 Initialize success 07:26:44.0340 0x2910 ============================================================ 07:26:50.0290 0x0ed0 ============================================================ 07:26:50.0290 0x0ed0 Scan started 07:26:50.0290 0x0ed0 Mode: Manual; SigCheck; TDLFS; 07:26:50.0290 0x0ed0 ============================================================ 07:26:50.0290 0x0ed0 KSN ping started 07:26:50.0579 0x0ed0 KSN ping finished: true 07:26:57.0155 0x0ed0 ================ Scan BIOS ================================= 07:26:57.0156 0x0ed0 BIOS info: vendor = Dell Inc., version = 1.0.4, releaseDate = 02/23/2017 07:26:57.0156 0x0ed0 Base board info: manufacturer = Dell Inc., product = 0VHXCD, version = A00 07:27:05.0152 0x0ed0 [ 8D873E54CD78B56655564E507920FB41, 506E01E3B795FBF33D148C0AEBA7B096D629C40AFDD007484E363436654F2D5C ] BIOS 07:27:05.0152 0x0ed0 BIOS - ok 07:27:05.0154 0x0ed0 ================ Scan system memory ======================== 07:27:05.0158 0x0ed0 System memory - ok 07:27:05.0160 0x0ed0 ================ Scan services ============================= 07:27:05.0160 0x0ed0 ================ Scan global =============================== 07:27:05.0235 0x0ed0 [ Global ] - ok 07:27:05.0236 0x0ed0 ================ Scan MBR ================================== 07:27:05.0239 0x0ed0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 07:27:05.0401 0x0ed0 \Device\Harddisk0\DR0 - ok 07:27:05.0402 0x0ed0 ================ Scan VBR ================================== 07:27:05.0403 0x0ed0 [ 13B060CD5B9EDD2B53E0BC7AF0BC9544 ] \Device\Harddisk0\DR0\Partition1 07:27:05.0405 0x0ed0 \Device\Harddisk0\DR0\Partition1 - ok 07:27:05.0410 0x0ed0 [ FD34584398594408CA850D46679E7A6C ] \Device\Harddisk0\DR0\Partition2 07:27:05.0412 0x0ed0 \Device\Harddisk0\DR0\Partition2 - ok 07:27:05.0415 0x0ed0 [ 40C0555165C00E1F306F3D60047A6BE4 ] \Device\Harddisk0\DR0\Partition3 07:27:05.0417 0x0ed0 \Device\Harddisk0\DR0\Partition3 - ok 07:27:05.0417 0x0ed0 ================ Scan generic autorun ====================== 07:27:05.0419 0x0ed0 SecurityHealth - ok 07:27:05.0593 0x0ed0 [ 2D11CF68F390BA0768EEFD6EA5D691EC, 46C2640A7B1D9BF07DACE82FA78802ECEC97F81FE2C0D2EDBBCCD5E9890C7013 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 07:27:05.0726 0x0ed0 RTHDVCPL - ok 07:27:05.0767 0x0ed0 [ 9E47F14EFABBE4145F95BC1114217FAB, 1655CAA99E56E410F6D17C3618A9A3650899059B2B20594B95B0ECDD4A090A73 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 07:27:05.0790 0x0ed0 RtHDVBg_PushButton - ok 07:27:05.0797 0x0ed0 [ 6055DE5C4980310E0988DB68B3BCC9E0, E0C73AA5D63971B0EF483A57CFDD3F27CEC15F87E0006110890E880B9790293E ] C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe 07:27:05.0802 0x0ed0 IntelConnectCenter - detected UnsignedFile.Multi.Generic ( 1 ) 07:27:06.0149 0x0ed0 Detect skipped due to KSN trusted 07:27:06.0149 0x0ed0 IntelConnectCenter - ok 07:27:06.0166 0x0ed0 [ 5447AF432CDA61159ADDE218C468FFD9, 63BD74521F679F195C24C1818267ECCBD8A7F5C2B4CEF3E60EC46B5AE0AC72A8 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 07:27:06.0176 0x0ed0 AdobeAAMUpdater-1.0 - ok 07:27:06.0188 0x0ed0 [ 5AAF8EADC1642B3C4D200F4FFF8FEEB7, D0475540DB7DABE8918E6A0D153BEA94AE4D4C984F8581DD28037D5E66CE492E ] C:\Program Files\ESET\ESET Security\ecmds.exe 07:27:06.0195 0x0ed0 egui - ok 07:27:06.0211 0x0ed0 [ D5B783DACE1BBDD382A63C894BAB8E1E, 20BA7479B3BE8AC7771AA91DB9C4F3B46DADDFF9C48627A5C7C460546DD20AF3 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe 07:27:06.0219 0x0ed0 AdobeCS5ServiceManager - ok 07:27:06.0241 0x0ed0 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 07:27:06.0256 0x0ed0 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 ) 07:27:06.0440 0x0ed0 Detect skipped due to KSN trusted 07:27:06.0440 0x0ed0 SwitchBoard - ok 07:27:06.0507 0x0ed0 [ F3848AC6A985488A981EFA12E6568E09, B7BDD99CD0BEF80600BF02A0FEC60B4BEAC317D69C4755319604413A255FFA71 ] C:\Program Files (x86)\Smadav\SMΔRTP.exe 07:27:06.0556 0x0ed0 SMΔRT-Protection - ok 07:27:06.0634 0x0ed0 [ 4DAB66CBEDBBC8D166A9E22C3E549402, E8EDE96D0AB4FC17C2B7A2C37D063007E68B59DC5F384198C1ACA5009669A010 ] C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\phantom_sl.exe 07:27:06.0686 0x0ed0 Phantom_Sl - ok 07:27:06.0718 0x0ed0 OneDriveSetup - ok 07:27:06.0721 0x0ed0 OneDriveSetup - ok 07:27:06.0724 0x0ed0 OneDrive - ok 07:27:06.0741 0x0ed0 [ 50EE900910FEF2DD0228FE9C397FCA18, EEB99343DB5166F0394709808894E1A54B492E0A64B634AE1BC41DB203A06CF4 ] C:\Users\user\AppData\Local\Google\Update\1.3.36.102\GoogleUpdateCore.exe 07:27:06.0754 0x0ed0 Google Update - ok 07:27:06.0820 0x0ed0 [ 25C58EE88883710AFF8D4B029AB053FF, F93BB50BC65153D529166DB445E2952B04DADAB6226ABF30296EB0B4FAE2109F ] C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe 07:27:06.0897 0x0ed0 com.squirrel.Teams.Teams - ok 07:27:06.0912 0x0ed0 Spotify - ok 07:27:06.0993 0x0ed0 [ CEDC492FA7879BD5073A255E3B36E373, 4AB07CEA0D5543F3A955EC1EDDE511BF1C0D770748FDB84A8C5750A122808EED ] C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe 07:27:07.0065 0x0ed0 GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 - ok 07:27:07.0073 0x0ed0 CCleaner Smart Cleaning - ok 07:27:07.0079 0x0ed0 CCleaner - ok 07:27:07.0082 0x0ed0 Waiting for KSN requests completion. In queue: 10 07:27:08.0098 0x0ed0 AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x61100 ( enabled : updated ) 07:27:08.0102 0x0ed0 Win FW state via NFP2: enabled ( trusted ) 07:27:08.0625 0x0ed0 ============================================================ 07:27:08.0625 0x0ed0 Scan finished 07:27:08.0625 0x0ed0 ============================================================ 07:27:08.0641 0x2160 Detected object count: 0 07:27:08.0641 0x2160 Actual detected object count: 0 07:27:19.0075 0x177c Deinitialize success
  5. Hello, thank you for your response. Here it is the file log after i follow your instruction. Thank you. mbar-log-2021-08-31 (14-08-29).txt system-log.txt
  6. Hello, i need help to removing a cloudnet virus from my computer which i have been trying to remove for weeks but it keeps coming back. i have been using malwarebytes to remove the virus, but after i reboot my computer and scanning it again, it still there. recently i saw athread where somebody used FRST fixlist and works. please help what i have to do to remove this viruses? thanks Scan result.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.