daelaerius Posted February 12, 2015 ID:938955 Share Posted February 12, 2015 Hello everyone, I want to start off with how frustrating it was to get to the forum. I didn't want to login with my account because I am being keylogged, and when I tried to make a new temporary account I could not use a 10 minute mail email for some reason your site blocked it and forced me to use my personal email...which is now compromised due to this... Also. The virus I am infected with turned my pc date to 2099 which disabled EVERY antivirus on my computer because of license expiration and the rest well you can guess it... I now have an unknown virus wreaking havoc in my pc. I also have mcafee antivirus installed along with malwarebytes premium and both failed me. I even scanned the file before I ran it and it didn't detect it. About 10 minutes after that everything started crashing and I had to do a hard reset, and I know it's not my pc I just bought this thing and it has some of the best hardware possible. I will post a virus scan of the file(s) and put the file itself in the attachments. Also there could be 2 different files causing this virus because I was trying to run a cmc bot for a game, and I ended up trying 2 versions of the same bot. Both of which I believe were infected but as to which one is logging me right now idk. Anyways, please get back to me when possible. https://www.virustotal.com/en/file/b6e0b8349fda31504edce6d081b94dc92a5f877c372f6047fc0d4119f956ff6d/analysis/ ---- cmc v1.4.rar https://www.virustotal.com/en/file/8aa3b37a9403e7c852f7a674ed3c905b977e623578dd60294875c8ccf56f8747/analysis/-- CMC(1).rar yes I downloaded this file twice is why the (1) is present. Also this did show up as infected at a 32/56 ratio as shown on the virus total here https://www.virustotal.com/en/file/8aa3b37a9403e7c852f7a674ed3c905b977e623578dd60294875c8ccf56f8747/analysis/ what I am really needing is someone to help me with the termination and removal of these since I think malwarebytes is partly responsible for having such an easy backdoor. I mean all a virus has to do is change the pc date to a ridiculous time and everyone's liscense is voided and they are left unprotectedCMC V-1.4.rarCMC (1).rar Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 12, 2015 ID:938969 Share Posted February 12, 2015 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following:Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
daelaerius Posted February 13, 2015 Author ID:939270 Share Posted February 13, 2015 Thanks for the help, this is my personal pc. Here are the files you requested. Also, I do not have a means of a back up restore disk prior to this, and have not tried a soft reset to windows default, because the virus has infected registry keys. I have deleted a few keys that I know were created by the virus before going to this thread, but I still feel like the virus is still on it somewhere because I am getting random tweaks here and there. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 13, 2015 ID:939304 Share Posted February 13, 2015 Let's make one more check: Download Malwarebytes Anti-Rootkit to your desktop.Double-click the icon to start the tool.It will ask you where to extract it, then it will start.Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.Click in the introduction screen "next" to continue.Click in the following screen "Update" to obtain the latest malware definitions.Once the update is complete select "Next" and click "Scan".When the scan is finished and no malware has been found select "Exit".If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.Open the MBAR folder and attach the content of the following files in your next reply:"mbar-log-{date} (xx-xx-xx).txt""system-log.txt" Link to post Share on other sites More sharing options...
daelaerius Posted February 14, 2015 Author ID:939519 Share Posted February 14, 2015 It didn't detect any malware, perhaps there is a way to see to check from my network usage because I am experiencing lag spikes. The virus originated from China btw. Idk if any of that helps.mbar-log-2015-02-13 (20-29-41).txtsystem-log.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted February 14, 2015 ID:939560 Share Posted February 14, 2015 PC seems pretty clean, what kind of lags you experience? Link to post Share on other sites More sharing options...
daelaerius Posted February 16, 2015 Author ID:939993 Share Posted February 16, 2015 PC seems pretty clean, what kind of lags you experience?my windows notification bar was all glitched at first, but now has leveled out. Also, I got this weird windows notification that the security service center was not running and it told me to start it so when I did it didn't work. I looked up solutions to it and had to do some weird stuff like remake a security profile and make a new admin password but it was straight off microsoft so I didn't really think twice. Everything seems good for now, except that I can't seem to get malwarebytes to go back to premium because when the virus changed my pc date to 2099 it caused it to expire my keys and logged me out and I forgot all my info for that, but oh well I guess. Thanks for the help m8 I'll post here again or make a new thread since this one will be closed. I'll contact you again if I find any true proof the malware is still here Link to post Share on other sites More sharing options...
Naathim Posted February 16, 2015 ID:940105 Share Posted February 16, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts