Jump to content

Trojan and unwanted VPN

Grasp2
 Share

Recommended Posts

Grasp2

Grasp2

Posted
Posted

Hey its me again :(

I made a new account cause Malwarebytes' scheduled scan detected a Trojan, successfully removed and ran anti rootkit which found nothing. My internet was slow and everything was on Hungarian so I checked on Ookla did someone made me browse thru someone else's VPN. Suspicions confirmed, i`ll attach a screenshot of Ookla's summary.

Sorry, but I am extremely paranoid cause this is a business PC and its not mine.

Trojan.txt

Ookla.JPG

Link to post
Share on other sites
Grasp2

Grasp2

Posted
  • Author
Posted

Our producer also had a security breach, in which we were affected too. Hackers modified payment email and redirected it to a bank in Spain.

My brother also downloads stuff without my permission.

All this to add up on my tension.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please make sure you have the IT's permission to run this program on the Co.'s computer.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions.

Link to post
Share on other sites
Grasp2

Grasp2

Posted
  • Author
Posted

Sorry for not answering. I noticed something out of order: Every device seem to be using its own VPN. And VPNs are not even "static" : After changing my IP, I was connected to another server, but "Provider" remained the same: On one computer its still Deninet, on my laptop its Hurricane Electric. Here are FRST files from my LAPTOP (you can scrap last files).

FRST.txt

Addition.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Let me know what problem persists.
===

fixlist.txt

Link to post
Share on other sites
Grasp2

Grasp2

Posted
  • Author
Posted

Hi,

Web site didnt help, but that is least what I need to worry about, because proxy came back. Fixlist you sent me did reverse it back to normal but seems like its not cured yet. Scan didnt show anything. I did a little research and heard that virus can be in router itself and a simple restart (And a strong password) can fix it. My question is (which answer I didnt find on google), is what happens to my password? Does it remove password or it has its default? I should probably ask our provider but just asking. TP Link is my provider.

 

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Lets try this.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.