Jump to content
Budi

I'm reporting, I think I've found some new malware..

Recommended Posts

 I think I've found some new malware..

winreg64.exe

is under dir. SystemNative

set.exe

under Logic Cramble

would anyone check them out..

Share this post


Link to post
Share on other sites

Hi Budi :)

There's nothing we can do if we don't have the actual payload (file). Any chances that you have these two files (winreg64.exe and set.exe), can .zip them and attach the .zip here?

Share this post


Link to post
Share on other sites

The fierce and most savage one that's I am infected now is :

Quote

xmrig.exe

its description: xmrig CPU miner 

Help me !!!

Help me by sending me a copy of MALWAREBYTES that'd run on Windows 10.. mine from DL cannot launch like the same famous issue:

Quote

 

User Account Control

This app has been blocked for your protection

 

 

Share this post


Link to post
Share on other sites

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply


 

Share this post


Link to post
Share on other sites

Here FRST.txt and Addition.txt

Note:

1. I managed to remove most of them but the remaining emerges on every Windows start up

2. don't bother :

- Arabic file/folder name, if any, it's my own.

- C:\Windows\SysWOW64\svchost was renamed to C:\Windows\SysWOW64\svchost=.exe

because it is misused by the M/W

FRST.txt

VirusFound_3-10-2018.zip

Addition.txt

P6MLE690AH.zip

Share this post


Link to post
Share on other sites

Alright, follow the instructions below.

a6csRll.pngMalwarebytes Anti-Rootkit Beta

  • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction)
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
  • Copy/paste the content of that log in your next reply

Share this post


Link to post
Share on other sites

Awesome :) We're not quite done yet though! I would appreciate if you could stay with me until I declare you clean. Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Share this post


Link to post
Share on other sites

Hi Budi,

Are you still with me?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.