ohmRICE Posted July 3, 2016 ID:1049171 Share Posted July 3, 2016 Hey, good afternoon. I have some concerns about a Trojan that a recent scan with Malwarebytes found in my system, I've attached the log from the scan to my post for reference. I'm not sure if this is the actual Trojan or just a false positive. It seems that a file in my download folder contained to the Trojan Kovter, which has me extremely worried that I've been infected. I have scanned an additional time after it has been quarantined and it has not returned as of yet. My PC is also not displaying any obvious symptoms of being infected as of right now. I am aware that this is an extremely difficult Trojan to remove and did end up using Syamatec's removal tool just in case, but the tool gave me the "Trojan.Kovter has not been found on your computer" message. What are the next steps I can take to ensure that the Trojan is fully gone? As a precaution, I've already changed all of my passwords. Thanks. scanlog7-3-16.txt Link to post Share on other sites More sharing options...
ohmRICE Posted July 3, 2016 Author ID:1049190 Share Posted July 3, 2016 I apologize, I forgot to also attach addition.txt and FRST.txt to the post from my Farbar scan. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049282 Share Posted July 4, 2016 Hello ohmRICE and welome to Malwarebytes.org, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Enable System Restore and create a new restore point, instructions at the following link:http://www.howtogeek.com/237230/how-to-enable-system-restore-and-repair-system-problems-on-windows-10/ Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial.... Right click on Zemana Antimalware and select "Run as Administrator" From the GUI select "Settings" In the new window Select 1. Updates, when complete Select 2. Real Time Protection. In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon. In the new window select "Scan" When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab The action complete window will open, from there select the "Back" tab. That will take you back to the home screen... On that screen select the "Reports" tab. (Looks like 3 chimneys) On that screen select and highlite the scan details line, then select "Open Report" Copy and paste that log to your reply... Next, Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs, also give an update on any remaining issues or concerns.... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049315 Share Posted July 4, 2016 While I was in the middle of applying the fix with FRST, my monitor shut off like it had fallen asleep. But any attempts to wake it back up haven't worked, I can still hear my hard drive working inside my PC tower, so it's obviously still running. I don't feel safe shutting it off, what should I do? Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049317 Share Posted July 4, 2016 Can you shut off the power to the monitor, then power back on.. Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049318 Share Posted July 4, 2016 I have, all I'm getting is a No Signal message. I also checked to see if a ll of my cables are secured as well. Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049320 Share Posted July 4, 2016 Can you select Ctrl - Alt - Delete keys together on the keyboard, does Task manager open? Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049321 Share Posted July 4, 2016 No, it does not. Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049322 Share Posted July 4, 2016 Well, it may, but the monitor is not displaying anything. It's like my PC isn't sending an image to it. Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049323 Share Posted July 4, 2016 Also, I hooked up a laptop of mine to the monitor and it displayed the laptop screen fine as well. Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049326 Share Posted July 4, 2016 You will have to re-boot your PC.... Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049328 Share Posted July 4, 2016 Okay, rebooting restored my monitors. Everything seems to be working as normal. Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049335 Share Posted July 4, 2016 Did FRST produce a log? Logs are saved to this folder C:\FRST\Logs Link to post Share on other sites More sharing options...
ohmRICE Posted July 4, 2016 Author ID:1049336 Share Posted July 4, 2016 It did, but not to that location, it produced one on my desktop, likely because I ran FRST from my desktop. Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 4, 2016 ID:1049338 Share Posted July 4, 2016 Normally FRST creates the log folder I listed, it also opens a log to the Desktop... Can you continue with the other steps... Link to post Share on other sites More sharing options...
ohmRICE Posted July 5, 2016 Author ID:1049428 Share Posted July 5, 2016 Thank you so much for your help and patience, here are the logs for the other scans. Also, Sophos reported that my PC was clean. AdwCleaner[C1].txt 2016.07.04-12.08.56-i0-t92-d0.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2016 ID:1049442 Share Posted July 5, 2016 Thanks for those logs, if no remaining issues or concerns lets clean up: Download and run the following to uninstall Zemana and Sophos AV: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Program name to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
ohmRICE Posted July 5, 2016 Author ID:1049556 Share Posted July 5, 2016 Done, the uninstalls went smoothly. Everything seems fine on my end, so it seems that only the single file Malwarebytes found was infected. Thank you again for your help, it's brought me some peace of mind! Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2016 ID:1049621 Share Posted July 6, 2016 You`re very welcome, it was a pleasure to work with you.... Regards, Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 12, 2016 Root Admin ID:1050666 Share Posted July 12, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts