Jump to content

Please Help! Windows host trojan


Recommended Posts

Hello everyone,

Long time user of malwarebytes. I bought a new laptop few days back back. was using mac for a while, had switched due to malware issues in the past but always used windows desktop. Anyways I have this windows hosts trojan that keeps popping up after everyscan. I have tried removing it multiple times but it does not work. I have reset the hosts file too, run a scan with Eset online and rebooted. It went away for a while and now it is back. I dont know if this started after using Edgeadblock which modifies the hosts file and this issue is just a false alarm or is this real. I am going to use this laptop as my daily driver and I dont want any chances so please help.

 

THanks

Link to post
Share on other sites

  • Staff

In order for us to get started on your problem I will need to get a couple of reports from you, This will help me see what is going on with the computer and let me know the best way to start.

I would like to see a fresh scan from Malwarebytes Anti-Malware so I would like you to run a new scan for me and send me the report of its findings.
.

To save the Scan report:

  1. Open Malwarebytes Anti-Malware
  2. On the Dashboard, click the Update Now >> link
  3. After the update completes, click the “Scan Now” button.
  4. Or, on the Dashboard, click the “Scan Now” button.
  5. If an update is available, click the “Update Now” button.
  6. A Threat Scan will begin.
  7. When the scan is complete, if there have been detections, click ’save results"
  8. Click Text file (.txt)
  9. In the “Save File” dialog box, on the left click on “Desktop”.
  10. In the “File name” box type “Scan log” as the name.
  11. A message box named File Saved should appear stating Your file has been successfully exported.
  12. Click Ok
  13. Attach that saved log to your next reply.

.
.

Then I would like to get some more information from the computer so I would also like you to run this for me.

Please download " Farbar Recovery Scan Tool (FRST)" from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move them to the desktop.)
.

Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the version for your computer.

.
For 32-bit (x86) editions of Windows: >> FRST.exe <<

For 64-bit (x64) editions of Windows: >> FRST64.exe <<

.

  1. Run the “FRST” download that works on your computer
  2. When the tool opens click Yes for the disclaimer in order to continue using “FRST”.
  3. Under the section called “Whitelist” make sure all boxes are checked
  4. Under the section called “Optional Scan” I would like you to have a check mark next to “Addition.txt”
  5. Press the Scan button.
  6. When the scan is done, it will save the reports to the same location as FRST (if you had saved “FRST” on your desktop, then the reports will be saved on the desktop).
  7. Please attach the “FRST.txt” and the “Addition.txt” log file to your next reply to me (it is best if you do not copy and paste it into an e-mail).

.

.
It would be better for you and me if you can attach the reports to the email instead of copying and pasting them, the email system changes the format of them and makes them very hard to read.
.

If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button. You can also get the idea on how to attach files to an email from watching this video – >> How to attach files <<

.
When you reply back to me you should have Three reports for me
Scan log.txt
FRST.txt
Addition.txt

Link to post
Share on other sites

Thank you for getting back to me. here are the three files. Wanted to give a bit of back story. This is a brand new laptop, just bought 1 week ago. Have been using mac for a few years but decided to give windows a chance again. Also I am always very safe with websites and attachements. I used edgeadblock which modifies the host files to block ads from the edge browser but then I disabled it, restored by host files thinking that it was the reason why MB was detecting this trojan in my host files. Some points to note:

1. this is not being detected by any other software apart from MB. I have used emsisoft antimalware, superantisypware, avira antivirus, eset online scanner, bitdefender internet security( which what I am currently using as my main antivirus). Could this be an error with MB?

2. I have also cleaned the system with bitdefender boot rescue USB but this trojan again keeps coming back after every restart only with MB.

3. After I remove the threat with malwarebytes it does not detect anything the next time until I restart the system.

4. Another theory is that edgeadblock changed the host files which I fixed but also probably changed some registry keys which make the changes to hosts file when I restart everytime?

I dont know if the above information is helpful but I thought I would let you know to save some trouble if possible

 

Thanks again for the help.

Scan Log.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Staff

 


Hello Waseem

.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please attach the two reports for me

JRT.txt
AdwCleaner[S0].txt

Gringo

 

 

Edited by gringo_pr
Link to post
Share on other sites

  • Staff

The last reports from FRST are looking good so If you do not see anything else that you want me to check for you with the computer then we are good to go and all we have left to do is to clean out our tools. please reply when complete so I may close this ticket. If there is anything else I may have missed now is the time to tell me.

.
: Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by volunteer malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight. They are updated all the time and some of them more than once per day so by the time you are ready to use them again they will already be outdated.

.
The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

  1. Download DelFix and save it to your desktop: >> Delfix.exe <<
  2. Double-click “DelFix.exe”.
  3. select all options avalible
  4. Click the “Run” button.
  5. The tool will delete itself once it finishes, if not delete it by yourself.
  6. If asked to restart the computer, please do so

.

: Security awareness:

.
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article >> Strong passwords: How to create and use them <<

Then consider a password keeper to keep all your passwords safe.

.

.
The other question I am asked all the time is “How can I prevent this from happening again.” and the short answer to that is to be aware of what is out there and how to start spotting dangers.

.
Here are some articles that are must reads and should be read by everybody in your household that uses the internet

From my friends at Bleeping computer – Simple and easy ways to keep your computer safe and secure on the Internet

.

Regards,

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.