GhostFella Posted September 29, 2018 ID:1272401 Share Posted September 29, 2018 Hello, I would like to start off by saying that I kinda think I removed it and cleaned my PC, but here it goes: I torrented an Microsoft Office activation tool, that was zipped. Now I know that most of those are false positive but this one was a beast. I firstly stopped real time protection with Microsoft Defender and Malwarebytes didn't report anything. The activation was successful but when I activated all security measures the PC literally freaked out. It stopped my services with Microsoft Defender but I was able to start a Malwarebytes scan and quarantine it. In what seems like an hour (but it only took no longer then a minute) the virus multiplied itself in 10 new files and was a "simple" trojan/generic malware/trojan password stealer. Now I am a person that hasn't had a proper virus outbreak in like 3 years and this seemed odd. Malwarebytes was able to remove the files and stop the spreading but it started to connect from outside from a page kikidoyoulobme222.ru (don't click or try to search please). I couldn't stop it at first and had about 200 connection inbound in less then an hour. Then it started showing a certain service that wasn't in its proper folder called "msiexec" which was now put into SystemWOW64 folder instead of System32. I did several threat scans but they got deleted somehow and I really don't know if there is a way to recover them. What do I do now? How can I find you those reports and how do I send the FARBAR info? Link to post Share on other sites More sharing options...
GhostFella Posted September 29, 2018 Author ID:1272403 Share Posted September 29, 2018 I will also add a picture as I recorded my progress on the torrent comments Link to post Share on other sites More sharing options...
GhostFella Posted September 29, 2018 Author ID:1272406 Share Posted September 29, 2018 I the only report I do have is about the inbound connection BlockedLog.txt Link to post Share on other sites More sharing options...
GhostFella Posted September 29, 2018 Author ID:1272414 Share Posted September 29, 2018 Okay here are my FRST and Addition logs BlockedLog.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
GhostFella Posted September 29, 2018 Author ID:1272415 Share Posted September 29, 2018 I also saved the zip file of said virus so if anyone wants to try it or test it, please message me. Link to post Share on other sites More sharing options...
GhostFella Posted September 30, 2018 Author ID:1272469 Share Posted September 30, 2018 I would also like to add that virus was first located in AppData\Roaming folder and managed to transfer itself to C:\ProgramData in a folder called Task Processor 3.0 with various .exe files 30.09.QuickScanMalware.txt Link to post Share on other sites More sharing options...
Recommended Posts