ssH2n
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ssH2n
-
-
-
Done. Cleaned via MBsupport tool , reinstall MB + scan (now first scan hit 2 threats)
and afterwards run gatherlogs on MBsuport tool latest version 1.9.9.x (last scan was made with 1.9.8.x)
added some files from the logs folder /Malewarebytes/logs/ (mbupdatr.log, MBAMSERVICE.LOG and mbae-default.log)
And thank you very much again for your time and patience !
Addition.txt FRST.txt mbae-default.log MBAMSERVICE.LOG MBscan-log.txt mbst-grab-results.zip mbupdatr.log Shortcut.txt
-
lol I did a complete update all avaiable drivers from dell for this device and afterwards via dell command update and also windows update afterwards
so what driver exactly is missing?
+ but yes I forgot the system restore point... will create one now
-
-
is it possible, that the windows11 system is compromised to compromise the bootstick creation ?
I noticed a difference on the creation logs from rufus from creating the archlinux stick and the windows sticks,
for the archlinux one it shows "Image is a ISO image" but on the Windows creations it alwasy shows "Image is a UDF image" although the windows image was .iso too
or could it be that the infection (malware/rootkit/idk) hides anyhow in firmware or bios/uefi on this device?
-
ok, I loaded the iso from your link, verified it like you mentioned,
created the usb-bootstick like in the link you provided described,
before intalling windows I wiped the disk of the device with a (also with verified image created) archlinux boot stick and created a new GPT tbl (gdisk /dev/sda -> o -> w)
then installed windows on the emty disk
only created a local account and did not connect the system to the internet,
CP AdwCleaner MBSetup and FRST (renamed FRSTEnglish.exe)
did the first FRST scan (_1st ending in logs) before AdwClean and MBscan
then rebooted like you described in your mentioned steps
and did another FRST scan after reboot
then a cureit scan and dont touch it in any other way
Few minutes later I detected the Task Mngr shows high usage of DiscIO activity and Memory consum.
supicious services (also systemservices but with ugly endings like _32z57887z) poped up
more and more security principal user/groups with ugly names show up
and the local Admin account I created lost permitssions for access and viewing details on some folders and services
...and there are a lot of files with a "Date modified" showing 2019-2023 , but even on the created bootstick all files showed todays date (I m just wondering how and why they got old-dated)
here are the related logs
🫣
1st_Addition.txt 1st_FRST.txt Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt AdwCleaner_Debug.log cureit.log FRST.txt MBAMSERVICE.LOG mbscanlog.txt
-
I did a clean install with a verified sha1 hash image.
I didn't connect to any network with the fresh installed device and run all scans you mentioned offline.
maybe I'm just getting paranoid but I think it's still not "clean"
here are the related logs
Addition.txt AdwCleaner[S00].txt AdwCleaner_Debug.log cureit.log FRST.txt mblog.txt
-
the windows 10 iso image downloaded with the media creating tool from windows was compromised that's why I switched to rufus
-
on the created bootstick I see some files that looks a bit suspicious to me like
F:\sources\en-gb\credits.rtf
or
F:\sources\SetupDU_166532.spdx.json
can you tell me if they are "normal" or is the stick compromised during installation not related to the iso image? -
-__- the iso is compromised since it was downloaded with the Win Media creation tool says sha1 testing
I tried to download it directly in rufus with https://github.com/pbatard/Fido
here the new usb stick creation log (https://sha1.rg-adguard.net/search.php?sha1=dc3982ad27e2d4e03b680630c28f824cb78bcd47&lang=en-us)
-
I downloaded all these tools you mentioned, but I wanted to try another clean OS install,
first for the windows 10 then the system with the 11 on it.
Last time I tried to fresh install win10 I created the boot stick with the windows media creation tool, this time I used rufus and win10.iso
could you please have a look on the rufus logs from creating the boot stick? (cause if the bootstick is already compromised it won't make any sense to install it )
-
Hi there, sorry I had an accident and was in hospital the last days
+ sadly even after restoring the system with the restorepoint the startup failed so I did reset it.
now it is booting normal and we can go on to clean/repair it
I attach the latest logs made after the reset
-
on advanced repair options > troubleshoot > reset this pc
or advanced repair options > troubleshoot > advanced options > startup repair
?
-
done with the fix.
I copied the fixlog before restarting the win 10 device and attach it here
after the restart I got a bluescreen and at the next boot try it shows up recovery with 2 options
1. repair system 2. reboot
I took the reboot and now it boots to the startlockscreen but when I hit space to get to the password promt it throws me to the bluescreen again (Your device ran into a problem....)
-
I cant find where to close/delete the topic on bleeping 🫣
may you can help me out on that too
-
+ I'll stay here, sorry
I just wanted to spread my problem for more thoughts, but you are helping out so fast with directly fitting solutions that I guess I dont need Help from elsewhere
-
should I name the restore point in any special way or doesn't that matter
-
The second scan showed up an additional threat on Win11, but still nothing on Win10
I added the logs of both
-
ok, thanks.
I did that on both systems, .. funny that it doesn't show anything on the Win10 device (because SpyDLLremover detected more rootkits on it)
on the Win11 Laptop it has shown 3 threats and it removed/repaired them after the scan
+ I just triggered another scan on both to see if there are different results
but I attached the logs of the first scan of both
-
hi, I've got 2 laptops and I think both are infected with something ...
1. Windows 11 , was preinstalled and I didnt make it to format and reinstall OS because I cant make it to get the product key out of it ;'( .. the tool "SpyDLLremover" shows up 3 unknown rootkits, but malewarebytes premium scan shows none..
2. Windows 10, older dell laptop, formated , fresh windows install + wasn't connected to the internet so far, but after the secound restart tons of svchost processes showed up and windows firewall was/is disabled (but looks active in the gui) malewarebytes premium scan shows nothing too
I attached the Farbar scans of both (FRST and FSS) and I also added the gathered logs from malewarebytes support tool
hopefully someone can help me out and get me few tipps how to clean these laptops anyhow :'(
HELP Please! my systems are infected badly and MB scan can't find anything
in Resolved Malware Removal Logs
Posted
ok, could you please have a look on the windows 11 system cureit.log too?
Win11-cureit.log kprm-20240224121043.txt