Jump to content

Backdoor:Win32/Fynloski.A - Could use help to see if I'm in the clear

MBrown90

By MBrown90
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

The way we're doing it now is not logged. There will actually be an error message at the bottom saying it could not log it. As long as it completes we should be okay.

Then go ahead and get me a new set of FRST logs after the disk check is done and you've started the computer back up normally again. Make sure you click on the Additions.txt check box and attach both new logs when ready.

Let me know what issues if any you're currently still having or seeing.

Thank you

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The computer is still set to do a full disk check. Let me have you run the following which will remove that entry so it doesn't kick off when you least expect it.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

 

Ron

 

Link to post
Share on other sites
MBrown90

MBrown90

Posted
  • Author
Posted

I haven’t noticed any problems with the computer with regards to how it’s running and I’ve had no notifications of any other infections. Did you see anything at any point that would have said there was something more serious than the few PUPs or whatever go loader may have been?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The loader was a potential concern as there were only a few hits for it on Google. With several billion computers on the Internet now it's rare to only find a few hits for a program entry which makes it suspect. We could try to upload the file and check if it's really bad or not if you like.

Aside from that then all looks good at this time.

 

Link to post
Share on other sites
MBrown90

MBrown90

Posted
  • Author
Posted

I see.  What would it take to upload it? I had never heard of it before and I’ve never had anything come up about it with MSE or MalwareBytes so I suppose it’d be more of a curiosity than anything. 

But if everything appears clean then I’d be ok with that, thank you for all the help so far.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

This will create a zip file on your desktop as Date_Time.zip

Once the fix is done, please find on your desktop a new zip file with a name including the date_time you ran it and upload it here.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thank you

Ron

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

This appears to be software for school training and remote proxy tutoring.

The last time it was used for recording was in Nov 2015

The software does not appear to be any type of threat to your system.

https://www.virustotal.com/#/file/0283320648585acdabebe29e880866626d8bf0d6c69ff7837df54c9330b131d0/detection

https://www.virustotal.com/#/file/2fb971f6ca0cb80b5d2295e061aaa647ed046ef71c4d17739ea15e89a0bbfb83/detection

 

 

Edited by AdvancedSetup
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.