Help with Trojan.MalPack

[concernedboi]

Hello i made a post yesterday and was recommended to post here about this issue. So yesterday i scanned my pc and it deteced the threat "Trojan.MalPack" in the location of "C:\USERS\MYNAME\APPDA..." , i was unable to expand the location to see the full file name but malwarebytes did thankfully quarantine it and i used the option to delete permanently from my PC according to malwarebytes. Now i did get a couple responses on my post last night from staff and users saying that this could have been a false positive but i am unfamiliar with malware and software in general and this is the first time something has been detected on my PC which is about a year old now. My main concern is that this is or was something serious and i would like to get some clarification to what this was exactly and if it is fully gone from my PC or if i should still be worried. Any and all help is much appreciated and thank you in advance to the people who take the time to read this and especially to those who respond.

[AdvancedSetup]

Hello @concernedboi

Let me have you run the following scans and we'll see what we can find and go from there.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

• If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• If you don't have Malwarebytes 3 installed yet please download it from here and install it.
• Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
• Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

• Right-click on the program and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now if any items were found.
• After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens, click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
• Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

[concernedboi]

Thank you for the help so far, i have just finished running all the tasks you have asked and here is all the info you have requested.

 

This is the adwcleaner:

# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-11-2018
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1252 octets] - [11/09/2018 23:52:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Malwarebytes Scan Log.txt

Addition.txt

FRST.txt

[AdvancedSetup]

Overall the logs look pretty good. A couple minor issues we'll clean.

You do have some applications that are crashing but that may be due to corruption or something else going on besides an infection.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

[concernedboi]

When i downloaded the FRTS tool i did not give me the option of where to save the file too. So i had to go into file explorer and then into downloads where i then dragged it to the desktop will this cause a problem like the one you just mentioned?

[AdvancedSetup]

No, that's fine. What browser are you using?

 

[concernedboi]

Currently i am using mozilla firefox

[AdvancedSetup]

Okay, no problem. Please go ahead and run the fix above and post back the log

 

[concernedboi]

And sorry do i download the fixlist.txt you linked in your reply or the one the scan will give me ?

 

[AdvancedSetup]

No, you need to copy the file I attached in the same folder as FRST and then click the Fix button.

You can set Firefox to ask where to save files.

https://support.mozilla.org/en-US/kb/change-firefox-behavior-when-open-file

 

[concernedboi]

Ok so to be clear and again sorry for the delay. So when i click on the hyperlinked fixlist.txt it opens and gives me options it says copy it to notepad which it says is the default and then gives me save options. And i want to save this to my desktop or just simply copy the text itself like CTRL+C ?

 

[AdvancedSetup]

If you right click over the fixlist.txt file above you should have an option called "Save Link As" this should allow you to browse to where to save the file. If FRST is on your desktop, then save Fixlist.txt there too. Then run FRST again and click Fix

[concernedboi]

When i download things from firefox like the tools earlier you requested they all went to the download section in the file explorer which means thats where the fixlist.txt will go if i download at this moment. Is this okay?

 

[AdvancedSetup]

Yes, as long as they're both in the same location

 

[concernedboi]

The PC has just finished restarting here is the log you have requested.

Fixlog.txt

[AdvancedSetup]

Great, that looks good.

Let me have you run a new Malwarebytes scan and AdwCleaner scan. This time both scans should come back clean.

How is the computer running now?

Are there still any other signs of an infection?

 

[concernedboi]

Both scans have shown up as clean and the computer was always running fine , i just got very very worried when my scan yesterday detected the Trojan.MalPack because i have been very careful on this PC as to what i look up and what i use. Ever since the original scan that caught the threat quarantined it and i used the option in the quarantine to delete it all scans have shown up as clean in the last 24 hours. So that being said how do the scans and logs look? are there or were there any signs of infection? and were you able to tell if the threat was a false positive?, because during my original post last night another staff member mentioned that it might be based off of other dealings with false positives that same day.

[AdvancedSetup]

The scans and logs look good. I'm not seeing any obvious signs of an infection.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

 

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education, you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog

Thank you and take care

Ron

 

 

[concernedboi]

Thanks for the help Ron you have taken a lot of stress of my shoulders over the last 24 hours due to this. Now if i may ask should i delete all these text and log files i have sent you? since they are no longer needed. And i haven't logged into any of my account since the detection because of my worrying. So to be clear my computer as of this moment is clean and malware free based off the data you have gone over for me and i can safely presume my regular activities?. Lastly when i downloaded and attempted to run FRST windows defender considered it a threat and gave me a warning before running the program, will this cause any conflicts in the future to your knowledge such as windows defender detecting this as a threat even though malwarebytes does not.

[AdvancedSetup]

Yes, you can delete all the tools we've used. AdwCleaner has it's own removal option. The other files just drag to the trash that you no longer need.

You're quite welcome for the help. If you need something else let me know. I'll probably close your topic a bit later tonight.

Cheers and have a great week

Ron

 

 

[concernedboi]

Thank you so much again and final questions here my last adwcleaner scanned asked if i wanted to restore winslock or something along those lines? not to sure what that is and do i or should i keep FRST on my system. And finally im good to go as far as signing back into personal accounts without having to worry about my system being at risk?.

PS: Sorry for all the back and forth/repeat questions like this im quite an anxious person so this stuff no matter how little kinda digs in and worries me haha, just looking for assurances or the all clear i guess.

[AdvancedSetup]

Thought you said it was clean, doesn't sound like it.

Please upload the last AdwCleaner log

 

[concernedboi]

Here you go

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build:    09-03-2018
# Database: 2018-09-11.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-12-2018
# Duration: 00:00:06
# OS:       Windows 10 Home
# Scanned:  41910
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1252 octets] - [11/09/2018 23:52:19]
AdwCleaner[C00].txt - [1418 octets] - [11/09/2018 23:52:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

[concernedboi]

After i scan it says "you may want to run a basic reapir which will reset winsock and other settings to their default values" no threats are detected though was just curious as to what that meant.

[AdvancedSetup]

It means that it thinks one or more of your winsock entries are invalid. Not necessarily a threat but potentially wrong from installation of other software or by damage from an old infection.

Let me have you run the following please.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.