Jump to content

persistant trojan


Recommended Posts

hello,

 

 MBAM scans pick up this persistant trojan( see attached file) on a daily basis and despite quarantining and deleting it's back the next day !

I have tried to do an auto/ manual removal, the problem with this was when i attempted to run the laptop in safe mode with networking as instructed,my laptop crashed, as in completely switched off (same thing happened in safe mode only and safe mode with command prompt).

 

I also had a look in the registry to see if any files corresponded with the offending item but to no avail.

If you are able to help solve my problem, i would appreciate it if you could make your instructions "fool proof" as i am still a beginner with computers.

 

hopefuly, i have followed the instructions correctly and the frst. reports are attached accordingly.

 

thanks in advance  :excl:

 

 

post-171185-0-62371200-1407972024_thumb.

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- File Type Assistant
- Free File Viewer 2011
 
 
 
 
 

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Hello TwinHeadedEagle and many thanks for your swift reply !

 

I have read your reply (including the "clickable links") and hopefully complied with all your requests (i had never heard of P2P before last evening) If i have inadvertently left anything on that shouldn't be there,i apologise in advance and assure you that this is through ignorance rather than malice or forethought, as i mentioned in my o/p, I am a relative beginner at this (not so much a "technophobe," more a "tech no idea").

 

If i have failed to comply in any way,i would appreciate you letting me know so i can try and rectify the matter.

 

Once again many thanks

 

Sodthat

 

Fixlog.txt

Link to post
Share on other sites

Ok, we will now run MalwareBytes again.
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Please go to: VirusTotal

  •  Click the Choose File button.
  •  Please copy/paste the following text into the 'File name:' box:
     
    C:\Users\k\AppData\Roaming\hotfix.exe
  •  Click Open then click the Scan it! button just below.
  •  This will scan the file. Please be patient.
  •  If you get a message saying File already analyzed: click Reanalyse
  •  Once scanned, copy and paste the URL from your browser address bar in your next reply.
Link to post
Share on other sites

hello again,

 

                 I made several unsuccessful attempts at this following your instructions and the results are attached, I also went  

 

     through the code manually and attempted to open file K ,it tells me the file is empty, am i doing something wrong ?

post-171185-0-86209800-1408135760_thumb.

Link to post
Share on other sites

hello TwinHeadedEagle,

 

                                    I have attempted to access that file again with NO success,I have attached snapshots showing the 

 

                                    results. As you can see i have indeed checked "show hidden files,folders and drives" and applied

 

                                    these to no avail.

 

                                    I have another question to ask, the "K" file that we are attempting scan is locked(as can be seen on

 

                                    snapshot-"search-hotfix_exe") I am assuming that this is an administrator file,which was left over from

 

                                    when my son was an administrator on this laptop.Could the fact that only myself as an administrator

 

                                    is affecting my ability to access this file ? It's only a thought, as i said I don't have a clue about these

 

                                    things !! 

 

 

                                    

post-171185-0-35872600-1408203809_thumb.

post-171185-0-85260500-1408203868_thumb.

post-171185-0-04550600-1408203918_thumb.

Link to post
Share on other sites

It is not going this way.
 
 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Type hotfix.exe into the Search: field in FRST then click the Search Files button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Link to post
Share on other sites

  • Root Admin

Please click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator" then type the following exactly and press the Enter key.

 

reg query "HKEY_USERS" >c:\useraccounts.txt

 

Then copy paste the results of c:\useraccounts.txt or attach it either one and we'll go from there.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.