Jump to content
monkeyjoker

Infected with Trojan horse nearly an year.

Recommended Posts

Hi, Everyone. My system is malware affected. I reinstalled it with this windows 8.1. In reinstalling process I formatted local disk (c) also. But malware is not gone. Local disk(c) size is always increases and decreases. No app is set automatically update in my computer even in windows update settings I choose 'never check for updates'. I am using internet in my system. It always uploads data. Scanned with may anti-malware applications but no use. Once I did not started my system for two months after that I scanned it it showed trojan malware. I removed it but nothing useful. Help me.

Share this post


Link to post
Share on other sites

Hello monkeyjoker,

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs in your reply....

Thank you,

Kevin...

fixlist.txt

Share this post


Link to post
Share on other sites

Greetings, Kevin.

May I tell you something. I have been through with all these FRST, AdwCleaner, Rougekiller anti-virus, tdsskiller, eset online scanner, OTL, rkill, JRT,  Revo uninstaller, Speecy app etc. The fixlist I tried it made me lost IP address, I called Technician he came and given a new IP address. It is 10 months my system had this malware. I have been using internet on my system like 4 years. Local disk(c) size changes even there are no downloads and uploads. I used AVG also it even got worse.

Share this post


Link to post
Share on other sites

Have you ran what I asked, if so can I see those logs...?

There are two IP addresses listed on your system 172.28.28.1 and 8.8.8.8

172.28.28.1 is listed as private, is that an address known to you and trusted. read here: https://whois.domaintools.com/172.28.28.1

8.8.8.8 is listed to Google, have a read here: https://whois.domaintools.com/8.8.8.8

Also read at the following for 8.8.8.8 https://cleantalk.org/blacklists?record=8.8.8.8  you can see that address is a known spammer

Share this post


Link to post
Share on other sites

Greetings,

do you have system restore enabled?

https://windirstat.net/ is a utility which gives a visual indication of disk usage. See those large chunks of data.

https://imgur.com/a/vEGzj

They are using the most data on your PC. It shows you a file tree but you can also click on those blocks and right click on Explorer here and go directly to that file. The program can show you where you can possibly save the most space.

Could you also disconnect the other disks as well and let connected only the one with OS you have issue on?

Edited by sosprepc

Share this post


Link to post
Share on other sites

Nope. System Restore is disabled. Winsxs folder in windows supposed to be 5.17 GB containing 45,141 files and 12.024 folders. But after infection it is showing 16.1 GB.

Share this post


Link to post
Share on other sites

Do the following, let me know the result:

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

Accept UAC alert...

At the Command prompt, type or copy/paste

dism.exe /Online /Cleanup-Image /AnalyzeComponentStore

hit the Enter key.

 

Edited by kevinf80
typing error

Share this post


Link to post
Share on other sites

Greetings, Kevin. The free space in local disk(c) is increased. The operation took 3 hrs 15 mins. Here it is Log file. Now winsxs folder in windows was showing 7.10 GB. Before Dism operation it was always showing 16.1 GB. I will inform you if it increases again.

dism.log

Edited by monkeyjoker
Forgot to attach log file

Share this post


Link to post
Share on other sites

Greetings, Kevin. 9.86 GB free now. But sadly it variates within seconds again like in the past. Is it multiplying itself or downloading from internet i don't know.

nnn.png

nnn1.png

nnn2.png

nnn3.png

nnn4.png

Share this post


Link to post
Share on other sites

You are only seeing minimal changes in free space, that is quite normal for windows. The system and other 3rd party services are constantly adding/removing data/temp data from your hard drive.Unless you see massive free space changes i would not be too concerned. 

https://www.theguardian.com/technology/askjack/2017/jan/05/what-is-the-best-way-to-deal-with-windows-10-updates-on-a-32gb-netbook

if you still feel there maybe malware/infection on your system run the following online AV scan, it is very thorough so may take several hours to complete..

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.
 
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
 
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology
 
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish

Thank you,

Kevin

Share this post


Link to post
Share on other sites

Ok. I ran ESET online scanning. Here is the report. Do you know what, by increasing like that it made full disk without free space left. I reinstalled my system, I formatted the local disk(c) and checked everything was fine. But after minutes again it was full. Now, also it slowly increasing. Yesterday it was 9.90 GB now it is 9.08 GB. Tomorrow it will be 8.50GB, and after tomorrow 8GB. At last it will make disk full. Sometimes it drains internet bandwidth so bad, within two seconds it can drain 100 MB. What do you have me do?

Share this post


Link to post
Share on other sites

That log is more or less clean, uTorrent is not malicious per se but what it transfers maybe.  Did you read through the following link previously and the problems with free space requirements for windows !O...?

https://www.theguardian.com/technology/askjack/2017/jan/05/what-is-the-best-way-to-deal-with-windows-10-updates-on-a-32gb-netbook

As your system does not have the presence malware or infection I cannot offer you any further help, go to General PC help forum and open a thread there....

https://forums.malwarebytes.com/forum/6-general-windows-pc-help/

Thank you,

Kevin

Share this post


Link to post
Share on other sites

Greetings, Kevin. Ok. If there is no malware I am happy for it. By the way I am using windows 8.1 not windows 10. Why should I read that one.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.