xeyalGhost Posted April 15, 2017 ID:1117485 Share Posted April 15, 2017 I somehow got these trojan files on my computer through a download, and while I would normally just run MBAR to fix them whenever I try to run any AV software besides Emsisoft Emergency Kit it pops up and says the requested resource is in use; booting into non safe mode leads to a BSOD saying IRQL DRIVER NOT LESS THAN OR EQUAL about 30 seconds after logging in. This is what EEK outputs in the logs: Emsisoft Emergency Kit - Version 2017.2 Last update: 4/15/2017 02:47:34 User account: DESKTOP-OF8ED87\REAL NAME Computer name: DESKTOP-OF8ED87 OS version: Windows 10x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off Scan start: 4/15/2017 03:35:04 Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DRMKPRO64 detected: Trojan.Trafmous (A) [286845] Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DRMKPRO64 detected: Trojan.Trafmous (A) [286845] C:\Users\REAL NAME\AppData\Local\fctusjpt\qdcomsvc.exe detected: Trojan.GenericKD.4757139 (B) [krnl.xmd] Scanned 142330 Found 3 Scan end: 4/15/2017 03:40:37 Scan time: 0:05:33 Link to post Share on other sites More sharing options...
kevinf80 Posted April 15, 2017 ID:1117495 Share Posted April 15, 2017 Hello xeyalGhost and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... The infection you have has a protective rootkit to stop security programs from running, that protection has been removalable with MBAR previously. If you cannot run MBAR we can use FRST via the recovery environment as follows: Please download Farbar Recovery Scan Tool from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit... Next, Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window.... From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port... Continue with the following: In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Thanks, Kevin... Link to post Share on other sites More sharing options...
xeyalGhost Posted April 15, 2017 Author ID:1117526 Share Posted April 15, 2017 First off thanks for the help Kevin, sorry I didn't already have the Farbar logs. I've attached them below. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
xeyalGhost Posted April 15, 2017 Author ID:1117529 Share Posted April 15, 2017 While I was waiting for a reply I installed the Malwarebytes Anti Rootkit Supplement from here and I am running that right now. I also tried exeHelper although I did not not any programmes run after that didn't run before Link to post Share on other sites More sharing options...
xeyalGhost Posted April 15, 2017 Author ID:1117531 Share Posted April 15, 2017 Thanks for the help Kevin, but after running Malwarebytes Anti Rootkit Supplement it appears that all malicious files have been removed. I no longer BSOD in normal mode and subsequent scans show no issue. Link to post Share on other sites More sharing options...
kevinf80 Posted April 15, 2017 ID:1117535 Share Posted April 15, 2017 Thanks for the update xeyalGhost, can you run FRST again and post fresh logs, there are often secondary infections left over after successful removal of primary infection and rootkit with MBAR.. Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Thank you, Kevin. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 25, 2017 Root Admin ID:1119713 Share Posted April 25, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts