Jump to content

Infected with some wierd RAT?


Recommended Posts

Hello Malwarebytes. I am suspecting that my PC is ratted because it wont go to sleep anymore (it wakes up again), my mom saw it yesterday going from screensaver to login screen and typing 4 characters in the pw field - my PC pw is 4 chars long....

I am booting from a SSD and I have a HDD also. Even though I reinstalled Win7 from Scratch recently, this is happening...

I scanned my system with ESET and Malwarebytes, both say I'm clean. What should i do?

Link to post
Share on other sites

:welcome:    Hello Keemstar.

 

I will be guiding you as we go forward.  I do need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue.
I would like to ask that you always attach any report or file I ask for, from time to time.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports.
  •     
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable, it is unlikely, but things can go  wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward.  Approve the Windows’ UAC prompt on by clicking on Continue or Yes.


When we are done, I'll give you instructions on how to clean up all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days.

 

Link to post
Share on other sites

Please do a Threat & Rootkit Scan:
Start the Anti-Malware program.
Please look at the Dashboard screen. Would you please press the blue line marked Update  and let it update itself.

Click the Settings icon ( on the top bar) > then click Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
Click on the Scan icon ( up on the top row ), then click on Start Scan button >> .

A Threat Scan will begin.


With _some infections_, you may see this message box.
'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart.    ( as needed )


Continue with the rest of these instructions.


When the scan is complete, be sure to press Review results and look at all of the listed items ( if any ).
It there are found items, be sure to have each line item check-box marked with a check-mark  in order to remove them.
click REMOVE Selected button.


Wait for the prompt to restart the computer to appear ( if any ), then click on Yes.
After the scan has completed, Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click the EXPORT button at the bottom left.
Click TEXT file
Be very aware as to what folder and what NAME you give this report.  You have to make a note so you can send it.

Then attach that file with your next reply.

 

Link to post
Share on other sites

The FRST reports are normal.  And the Malwarebytes Anti-Malware scn reported no malware.  Those are all good.

This pc does have ESET NOD32 Antivirus, a very fine antivirus.  What has it said the last time you scanned?
Do a new scan with ESET today  and let me know the result.

One cannot just assert some sort of infection when no security app has reported one.

Link to post
Share on other sites

Awareness  of the situations is good.   But too much F U D  is not always a good thing.

Adware is not malware.

Adware can be a very real nuisance and very difficult to remove.
While we do identify and remove some adware variants, our main focus is on malware so there are many adware variants that we do not target (mostly for legal reasons as they do have a eula and an opt out feature in most cases)

 

Please run the following:

Please download AdwCleaner and save it to your desktop.
from this link

ATTENTION: After you click the Download Now button, another page will open - DO NOT CLICK any additional 'download now' buttons as they are sponsored advertisements. Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.

Double click on AdwCleaner.exe to run the tool.
Click the "Options" menu heading on the menu bar and uncheck "Reset Winsock Settings"
Click on the Scan button.
After the scan has finished...

The contents of the Results section may appear confusing or as gibberish.
Unless you see a program name that you know should not be removed,please continue with the next step.


click on the Cleaning button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[Cn].txt) will open automatically.  n is the number of clean runs performed)
Attach that log file to your next reply.
A copy of that log file will also be saved in the C:\Program Files (x86)\AdwCleaner folder on 64-bit systems
or folder C:\Program Files\AdwCleaner on 32-bit Windows.

Please provide a fresh detailed status after all this is completed.   Thank you

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.