Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

URGENT: What has this virus done?


Recommended Posts

Hello, i just noticed that my cpu usage was 50% by a proces smsvchost.exe - i right clicked it and selected properties - the file path to the .exe was C:\Users\username\AppDate\Roaming\nssm.exe 


 


even after closing this process it restarted.


New_Bitmap_Image.png


 


 


I need to know what this virus has done- has it stolen some of my chrome passwords like one virus i had long time ago? Should i change all passwords and email bank to also?New_Bitmap_Image.png


Link to post
Share on other sites

Hello and welome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Is always best policy to change passwords after suffering a malicious infection, that should be done from a clean PC if possible of wait until infected system is clean....

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs to next reply, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

I was installing some files, because its a new pc you know and this hour i see that the virus has reappeared because i installed same things I think...

And didn't have malware bytes installed of course heh...

So i would please like to know why it possibly uses exactly 50%of my CPU? (quadcore).

And does it steal passwords and make backdoors as i have heard here http://www.highpcspeed.com/errors-exe/nssm.exe.html ?

Link to post
Share on other sites

Now it didn´t even restart- i had to push on the button...

 

Oh crap... I am running out of ideas for passwords!!!

This is ridiculouse - with the browsers storing password in practically plain text - only encrypted when you copy it with usb to another PC...

 

I wonder how "vulnerable" it left my pc...

Link to post
Share on other sites

Looks good though now, i just wish i hadnt formated my pc the 1st time, since the same situation happened today =D only without the reformat/reinstall, so either way i "managed" to get the Spyhunter to delete the bitcoin miner...

 

Looks good now, going to try the other programs you posted to completely clean system...

Link to post
Share on other sites

I`m really not sure what you are doing, I post instructions to your initial thread opener, you chose not to follow my instructions and instead went for a re-install of windows. Sometimes that is necessary dependant on the type of infection you have.

 

Tell me exactly what you want from me, do you want my help or not.

Link to post
Share on other sites

I`m really not sure what you are doing, I post instructions to your initial thread opener, you chose not to follow my instructions and instead went for a re-install of windows.

That is because SpyHunter 4 asked to purchase license in ORDER TO REMOVE THE VIRUS! What else should i have done? leave the virus there?

 

Tell me exactly what you want from me, do you want my help or not.

I would like to know what the virus has done, please.

Link to post
Share on other sites

Thanks for the update, if your system is behaving normally there is no need to go for a reinstall.  Run the following scans and we can have look for you..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

 

Thanks,

 

Kevin....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.