escorial Posted September 5, 2017 ID:1160574 Share Posted September 5, 2017 Hi I recently was told by Yahoo (or I think was yahoo who turned out to be Gemini Techies) that I had torpig. Well the Gemini co turned out to be scammers so beware. But now this has been brought to my attention cam Malwaybytes protect or even remove the torpig? Iam running the newest paid for home version of malywarebytes on one of my pc's and a fee version on the other. Neither has ever found anything as of today's date. I believe here is some info on these low lifes https://www.consumeraffairs.com/tech-support-services/24-7-techies.html Link to post Share on other sites More sharing options...
Firefox Posted September 5, 2017 ID:1160579 Share Posted September 5, 2017 Hello and Welcome... Seems you were a victim of a well known scam. If you paid these folks any money, I would call your credit card company and cancel the payment, and also call your bank and have the card replaced. If you allowed these folks to connect to your computer, you may want to have someone check your computer for possible malware. It can be done by a paid professional, or you can have it done here at the forum for free... Simply follow the instructions in this pinned topic here... I'm infected - What do I do now? Thanks Firefox Link to post Share on other sites More sharing options...
escorial Posted September 5, 2017 Author ID:1160690 Share Posted September 5, 2017 Yea they wanted echeck (said Credit card would be too dangerous over a non secure PC) which I gave them the info and as of today it had not been cashed so I did cancel the check. It was strange as I was having a issue with a new cell phone, I called the manufacture and they could not help so they put me in contact with Yahoo who told me I had the infection and said they could put me in touch with a company that could , what was strange they were able to do this while I was online. Now I look back very strange. They installed the remote software and did ask my yahoo pass word and my phones as well as check number and routing number and sent me a PDF receipt for my e check. I did remove all of there software and then changed my yahoo password. These jokers also switched my wired pc to wireless and uninstalled maylarebytes. I have since went back to wired and reinstalled malwarebytes. Also I do have zone alarm paid version running all the times. I believe that I have covered just about everything and my yahoo address has nothing to do with my banking email address for that account. If there is some freeware on here that I could use to double check my pc that would be great! TIA Link to post Share on other sites More sharing options...
escorial Posted September 5, 2017 Author ID:1160704 Share Posted September 5, 2017 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/31/17 Scan Time: 11:14 PM Log File: 11258871-8ecc-11e7-b99c-000272cc4cc3.json Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2700 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: j-PC\j -Scan Summary- Scan Type: Threat Scan Result: Cancelled Objects Scanned: 38505 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 5 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Telos Posted September 5, 2017 ID:1160714 Share Posted September 5, 2017 Your MBAM is outdated. Download the latest update (v3.2) directly from https://downloads.malwarebytes.com/file/mb3 and install it over top of your existing installation Link to post Share on other sites More sharing options...
escorial Posted September 5, 2017 Author ID:1160716 Share Posted September 5, 2017 will do Link to post Share on other sites More sharing options...
Firefox Posted September 5, 2017 ID:1160727 Share Posted September 5, 2017 (edited) 1 hour ago, escorial said: They installed the remote software and did ask my yahoo pass word and my phones as well as check number and routing number and sent me a PDF receipt for my e check. The fact that you gave them a check number, account number and routing number is not good. I would talk to your bank, and more than likely I would close the bank account and create a new one. They have all the details then need to start taking your money in your account. I had a customer with a similar story and they took over $20,000 US dollars from their account. Edited September 5, 2017 by Firefox Link to post Share on other sites More sharing options...
escorial Posted September 5, 2017 Author ID:1160738 Share Posted September 5, 2017 Have spoken with the bank and the echeck was not tendered and they have blocked that company, cost $30 money well spent! Just ran the updated MBAM here are the results;; Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/5/17 Scan Time: 1:55 PM Log File: ba20e382-926b-11e7-8c22-000272cc4cc3.json Administrator: Yes -Software Information- Version: 3.2.2.2018 Components Version: 1.0.188 Update Package Version: 1.0.2731 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: j-PC\j -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 326145 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 17 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
escorial Posted September 5, 2017 Author ID:1160765 Share Posted September 5, 2017 Ran FRST64 see attached FRST.txt Addition.txt Link to post Share on other sites More sharing options...
escorial Posted September 7, 2017 Author ID:1161284 Share Posted September 7, 2017 Also could anyone tell me if this is bad stuff and how could I fix it if possible??? (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-06 10:37 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Firefox Posted September 7, 2017 ID:1161300 Share Posted September 7, 2017 You can leave those files alone.... if you are worried that your infected you need to post in the right section for help... Simply follow the instructions in this pinned topic here... I'm infected - What do I do now? Basically you need to start a new topic in the correct section HERE and post your logs there for review. Link to post Share on other sites More sharing options...
escorial Posted September 7, 2017 Author ID:1161362 Share Posted September 7, 2017 Have ran MLB and Zone Alarm as well as Scf /scannow and all looks good. Is there any way manually to remove those files? I was on the Win Seven Forum and one reply told me to run the Win7 repair disc which I did and it just said it found some issue in the startup and fixed that. Then ran the FarBar tool again and those files still showed up. I have read on the farbar tool but just cant understand how to use it??? Link to post Share on other sites More sharing options...
Porthos Posted September 7, 2017 ID:1161364 Share Posted September 7, 2017 (edited) 2 minutes ago, escorial said: Then ran the FarBar tool again and those files still showed up. I have read on the farbar tool but just cant understand how to use it??? 3 hours ago, Firefox said: Simply follow the instructions in this pinned topic here... I'm infected - What do I do now? Basically you need to start a new topic in the correct section HERE and post your logs there for review. Please do the above. Help can only be given in that section. Edited September 7, 2017 by Porthos Link to post Share on other sites More sharing options...
Firefox Posted September 7, 2017 ID:1161417 Share Posted September 7, 2017 6 hours ago, escorial said: Also could anyone tell me if this is bad stuff and how could I fix it if possible??? (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-06 10:37 ==================== End of FRST.txt ============================ If your only concern is to remove these files in this list, you can not/and should not remove these files, it will render your computer unusable. That being said, I see you now started a new topic HERE which is the correct section for malware removal. They will review your logs and see if there is anything that needs to be removed, and guide you from there. Link to post Share on other sites More sharing options...
escorial Posted September 7, 2017 Author ID:1161422 Share Posted September 7, 2017 Pc seems to work fine with the exception of the zone alarm not updating to a newer version, but I believe it's a as issue as they are the ones who tried the update and had the issue, it's now a escalated case. There still working on it and will get back Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now