Jump to content

Malwares never get deleted even after reboot


j777
 Share

Recommended Posts

Hi guys!

I've scanned with malwarebytes and it detected 5 threats. After the scan it said that the threats will be fully removed after a reboot but the threats are still there after rebooting. 
I've tried doing this in safe-mode as well but the results are the same. One weird thing is that I can't find those files/folders which the program says the malwares are in :S.

Hope you guys can help me out! 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-10-25
Scan Time: 13:23
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.25.08
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: j777

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399357
Time Elapsed: 8 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Banker, c:\downloads0\plus, Delete-on-Reboot, [b2ba1c81d8c2d660f7c136ce5fa41de3], 

Files: 4
Trojan.Banker, c:\downloads0\plus\hnovolog1.log, Delete-on-Reboot, [b2ba1c81d8c2d660f7c136ce5fa41de3], 
Trojan.Banker, c:\downloads0\plus, Delete-on-Reboot, [b2ba1c81d8c2d660f7c136ce5fa41de3], 
Backdoor.Hupigon, c:\downloads.exe, Delete-on-Reboot, [6a0265384555a096d1ed937f12f1ce32], 
Backdoor.Hupigon, c:\downloads\secheot.exe, Delete-on-Reboot, [aac288156d2dab8b8c3326ec81824eb2], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

  • Root Admin

Hello @j777

Not sure if you're aware, but this computer is being used to steal software. I would highly suggest removing all tweaks, hacks, and illegal software you may be aware of as that is almost certainly why this computer is infected. Using P2P software like BitComet torrent allows infected files to have direct access to potentially infect your computer. Downloading shared software always carries the potential for an infection which could sooner or later include one of the encrypted types of infections that would encrypt all your data and prevent access to it without having to pay a ransom to get it back.

Please reset the hosts file back to default. It's even trying to steal our software, not very cool thing to do to someone trying to help you, whoever set it up like that.

127.0.0.1 cap.cyberlink.com
127.0.0.1 www.magix.com
127.0.0.1 195.214.216.16
127.0.0.1 www.password-protect-folders.net
127.0.0.1 www.newsoftwares.net
0.0.0.0 keystone.mwbsys.com

 

Then review the computer for other potentially illegal software and remove it would be my advice.

https://forums.malwarebytes.org/topic/97700-piracy/

Fix those items, update MBAM and scan again and let us know how it goes.

Thank you

 

 

Link to post
Share on other sites

Hey thanks for your reply!

I'm going to start by saying I'm really sorry for this. My brother's the one who helps me install programs and such so I actually had no idea he installed illegal programs. He's the one I go to when I have problems like this and he's out of town now so that's why I had to ask you guys for help. So if you didn't say I wouldn't even know he had installed illegally. This might sound like I put the blame on someone else, but still I'm really sorry.

I've uninstalled those programs you've listed. I'm not 100% sure I got them all since the programs names aren't exactly like that but I've uninstalled some more just in case.

I've scanned again and the threats are actually gone now! So I guess it was one of those programs that caused it?

Anyways thanks for all the help, and again sorry for this!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-10-26
Scan Time: 10:21
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.26.02
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: j777

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375557
Time Elapsed: 5 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by j777
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.