Jump to content

Intense Malware/Trojan Issues


Lasutriv

Recommended Posts

Hi Kevin, thank you for replying! I was infected on both my laptop and desktop from over the summer. I have ran process explorer to check which processes have been verified and I do have some that are running under Microsoft Corporation with unverified signatures (AKA Not gonna happen but you know that). I for sure still have the virus on my laptop but I wanted to confirm that it was completely gone from my desktop. It has been up and running now for some time but I believe the hacker is doing it's work remotely. Are there other tools we could run to make sure my network is safe and that I'm not compromised? Here are some recent logs from farbar. My first logs weren't ran in administrative mode (I'm a damn idiot please forgive me):

FRST.txt

Addition.txt

Also here are some processes I have been investigating via Process Explorer that have some weird strings in their memory (The parenthesis in the text file name is the PID it was used for)
These two and a few others have peaked my interest in what the heck they're doing:

 

 

SearchProtocolHost.exe(1540).txt

SkypeHost.exe(10312).txt

Edited by Lasutriv
Link to post
Share on other sites

Hello Lasutiv,

The first set of logs were ran from Administrator account...

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2017 01
Ran by DELL (administrator) on MIGHTYBEARD (15-09-2017 10:51:53)
Running from C:\Users\DELL\Desktop
Loaded Profiles: DELL (Available Profiles: DELL)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal

There is no signs of malware or infection in your logs. One possible issue could be with your router, maybe is worthwhile making a reset....

Reset your router, instructons available at the following link:

http://setuprouter.com/networking/how-to-reset-your-router/

Follow those instructions very carefully.

Next,

Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.

Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumper
 
  • Right click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run.
  • rom the left hand pane select "Flush DNS"
  • From the main interface select the dropdown under "Choose a DNS Server"
  • From the list select either "Google Public DNS" or "Open DNS"
  • From the left hand pane select "Apply DNS"



When done re-boot your system....

If you believe your laptop is still infected run FRST and post set of logs, make sure Laptop and PC are not networked with cross access...

Thank you,

Kevin

Link to post
Share on other sites

Your logs are clean, give the following a try......

Try "CurrPorts" and monitor what is happening yourself, it is a portable tool no installation necessary. Download from the following link and unzip the contents to your Desktop.

http://www.nirsoft.net/utils/cports-x64.zip <------ 64 bit

http://www.nirsoft.net/utils/cports.zip <------32 bit

Read the contained instructions for a basic understanding, it is very easy to use..... Right click on the tool and select "Run as Administrator"

When opened you will see your network activity. The easiest way to check what is happening is to "Right click" direct anywhere in the field and select "HTML report - All Items"
That will open the report in an easier to read fomat, have a look at the connections check the "Established" entries, are any suspicious and not known or recognized by your self.
Make a note of any unusual or suspicious IP addresses, you can send in reply for me to check or check them yourself at the following link:
 
Does that help, is anything obvious found with currports....
Edited by kevinf80
Link to post
Share on other sites

You would have to contact an Administrator to have logs removed from your thread. Personally I do not believe you need worry about logs and information, there are hundreds posted on here every week.

Run the following to delete FRST and saved folders from your system...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following item is the only one checked:
 
  • Remove disinfection tools <----- this will remove tools we may have used.

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.