aaroncanfield Posted August 30, 2017 ID:1158530 Share Posted August 30, 2017 Resources were being hogged up, and I found the files, googled them and have found out about their nature. Attached are my frst files, any help would be greatly appreciated! FRST.txt Addition.txt Link to post Share on other sites More sharing options...
aaroncanfield Posted August 30, 2017 Author ID:1158531 Share Posted August 30, 2017 Sidenote: I did go ahead an try some files that werent specifically for my frst file, don't know if this might effect things. Link to post Share on other sites More sharing options...
Aura Posted August 30, 2017 ID:1158605 Share Posted August 30, 2017 Hi aaroncanfield My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Give me a few to review your logs and get back at you. Link to post Share on other sites More sharing options...
Aura Posted August 30, 2017 ID:1158612 Share Posted August 30, 2017 Except for 2 entries in the Firewall rules, I don't see anything related to KMS-R@1n on your system. Can you tell me where you saw it? Also, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
aaroncanfield Posted August 30, 2017 Author ID:1158834 Share Posted August 30, 2017 Yeah It looks like the previous files I tried removed it and the final fix you added removed the firewall exception, one other major problem I seem to be having is that now my ethernet seems to be throttling. On wifi I get 2.5 megabytes down, ive tried multiple ports on my ethernet to no avail and I also use a power over ethernet adapter but it never gave me this much trouble, all happened after the kms-r@in to be quite honest. Would an answer if any is available Link to post Share on other sites More sharing options...
Aura Posted August 30, 2017 ID:1158835 Share Posted August 30, 2017 KMS-R@1n isn't malicious (although it is an illegal piece of software). I doubt your issue is caused by a malware infection, since I don't see any in your logs. You would get more appropriate assistance for this question in the General Windows PC Help section. https://forums.malwarebytes.com/forum/6-general-windows-pc-help/ By the way, 2.5 down isn't a lot. Link to post Share on other sites More sharing options...
aaroncanfield Posted August 30, 2017 Author ID:1158836 Share Posted August 30, 2017 2.5 megabytees to 200 kilobytes is a mighty difference to me Link to post Share on other sites More sharing options...
Aura Posted August 31, 2017 ID:1158851 Share Posted August 31, 2017 I can understand that Have you tried to configure a clean boot, and see if you get better speeds afterwards? https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows Link to post Share on other sites More sharing options...
Aura Posted September 2, 2017 ID:1159775 Share Posted September 2, 2017 Hi aaroncanfield, Are you still with me? Link to post Share on other sites More sharing options...
Aura Posted September 4, 2017 ID:1160316 Share Posted September 4, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts