Jump to content
jhj071389

Malwarebytes cant remove Trojan.Roraccoon

Recommended Posts

Two days ago my computer started running really slow, so i did a scan with Windows Defender and found nothing. So I ran malwarebytes and it found 2 Trojan.Roraccoon's. Went through the process like normal, select the two malware and click quarantine selected. Malwarebytes says it quarantined them but needs to restart. Restart computer and when i run the threat scan again they are found again. I ran FRST and attached the FRST.txt and affition.txt and also attached the export log of my last scan. 

 

Im hoping someone could help me please

Thank you

James

FRST.txt

Addition.txt

report.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)

Version 5.45 is compromised. Delete it and get the previous version.
https://www.bleepingcomputer.com/news/software/ccleaner-v545-pulled-due-to-anger-over-usage-data-collection/
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the restart if the problem persists with chrome execute this.
Chrome Secure Preferences detection always comes back

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
===========

Let me know if the problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi Nasdaq,

Thank you for taking the time to look into this for me. I uninstalled CCleaner through the control panel like you instructed but I decided not to reinstall it, don't know if that will effect anything but wanted to let you know. I downloaded the fixlist.txt and saved it to the same folder as where the Farbar tool is running. When I opened FRST a pop up opended that said Failed to update (4). I clicked ok and then clicked fix and waited like you said till it was done. It did require a restart, so I restarted it and ran Malwarebytes again but the trojans were still there. I clicked the link for Chrome Secure Preferences detection always comes back that you provided and followed the steps but it still persists.

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi,

If Edge is your default browser try this.

Edge > May be a Syncing issues.
Turn it off and leave it off for a day or two.
https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html
===

Your may have to reset Edge.
Reset, Repair or Reinstall Edge browser in Windows 10
http://www.thewindowsclub.com/reset-microsoft-edge-browser-to-default-settings-in-windows-10
<<<>>>

This may help also.
Microsoft Edge: How to Clear Browser History and Cache
http://acer--uk.custhelp.com/app/answers/detail/a_id/38047/~/microsoft-edge%3A-how-to-clear-browser-history-and-cache
===

If the problem exists in other browsers please advise.

Share this post


Link to post
Share on other sites

I have uninstalled all other browsers other then Edge and have turned off the syncing function and also have reset my Edge browser but still is showing up during my scans and is not being removed

 

 

Share this post


Link to post
Share on other sites

I first tried to reset Edge, followed all the steps and then rebooted my laptop. The scan still detected the 2 Trojans, so I tired the repair option. Followed the steps and rebooted the laptop and it is still detected by the scan

Share this post


Link to post
Share on other sites

I just ran the scan again and it found 6 malware now. So quarantined them and had to reboot. Rebooted, deleted them from quarantined, rebooted, rescanned and nothing. 

 

Thank you so so much for your help
You were amazing. Thank you 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.