Jump to content

Win64/Sathurbot.A trojan SecurityHelper.dll


Recommended Posts

Hi, i'm new to this site and i just got these trojan.

From what i saw i need to scan my pc with FRST and i scanned.Here are the attachementsAddition.txt FRST.txt Shortcut.txt

From what i read over the nternet it's violating the privacy and slowing the performance of computer and creating files wich consume alot.

If anyone can help me with these i would be happy.

Link to post
Share on other sites

Hello Leprix and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Please let me know when you are done.

Link to post
Share on other sites

Step 1

Launch Malwarebytes' Anti-Malware, update it and perform a threat scan. Post the results in your next reply.

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • FRST log

fixlist.txt

Link to post
Share on other sites

Today when i came from school my desktop is completely black and i can only use the TaskManager.From there i opened firefox and if i use the browse button from new task it will go in "not responding".I tried to run explorer.exe but it just disapears after i run it and no taskbar appears.I entered cmd in D:\ where my FRST installer is but i don't know how to run it .

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

I disabled the ESS8 from Computer section-Real-time file syst prot and Anti-stealth prot untill reboot and scanned with ComboFix as you said after i read all those pages.In the end there wasn't that message with illegal operation but i still restartedthe computer because i wanted ESS to be enable as ComboFix said if i want to quit ESS.

 

Here is the ComboFix logComboFix.txt

Link to post
Share on other sites

Well done!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

It's good, i found out that daemon tools it's somewhat a threat and i deleted that folder and i will try a ESS scan to see if it's detecting something like before and if not i will post here. Anyway, thank you,Borislav with this problem.

Link to post
Share on other sites

It runs faster, but what should I do with these 3 files of what ESS found? Should i keep them in quarantine or restore them ? 

C:\FRST\Quarantine\C\Users\Leprix\AppData\Local\Ajfdworks\35sff4a.dll - Suspicious Object - action selection postponed until scan completion
C:\FRST\Quarantine\C\Users\Leprix\AppData\Local\Oqdlics\35sff4a.dll - Suspicious Object - action selection postponed until scan completion
C:\FRST\Quarantine\C\Users\Leprix\AppData\Local\Oqdlics\35sff4a.dll.old - Suspicious Object - action selection postponed until scan completion
 

Link to post
Share on other sites

This is backup from malware we already removed.

Glad everything is fine now!

Last steps:

Step 1

Please download Delfix by Xplode and save it to your desktop. Run it and make sure that this is checked: Remove disinfection tools. Next, push Run button. The program will run for a few seconds and display a notepad report. You do not need to attach it.

This one will delete this folder too:

C:\FRST

Step 2

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.