Clean, I think?

[Sarien]

Hello, The other day I downloaded a rather shady program in a moment of stupidity. 

The executable I launched seemed to have installed a suite of malware onto my system. Ranging from adware, a keylogger, and a RAT known as DarkComet.

I immediately nuked and paved my system in an attempt to save my computer from being compromised. I've run malwarebytes, TDSSkiller, Mbarm, rkill, avast, adwcleaner, and CCleaner and caught a rootkit that was established in my MBR even after reformatting all 3 of my drives while reinstalling windows. So, I proceeded to flash my bios, router, and drives again after removing the rootkit. 

Since then, things have seemingly returned to normal but since this is a RAT with a keylogger embedded into it and its rootkit survived a re installation of Windows 10 I'm a tad bit worried it might have survived into my router or bios and it may return. 

As a side note I've tried running GMER, but it seems to always crash for some reason. I also have Hijack this logs, but I don't know what exactly to do with them.

[Sarien]

Forgot to post my Hijackthis log. 

hijackthis.log

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

[Sarien]

Hi, Nasdaq, thanks for the help. 

 

 

Addition.txt

FRST.txt

[nasdaq]

Hi,

Other than this extension your logs are clean.

Some privacy issue with this Chrome extension.
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\ambrt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche 

Read the remarks and decide if you with to keep it.
https://chrome.google.com/webstore/detail/pop-up-blocker-for-chrome/bkkbcggnhapdmkeljlodobbkopceiche/details?hl=en
===

For your peace of mind run this scan.

ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

• Download esetsmartinstaller_enu.exe and save it to your Desktop.
• Double click the icon.
• Check YES, I accept the Terms of Use.
• Click the Start button.
• Accept any security warnings from your browser.
• Then select: "Enable detection of potentially unwanted applications" - Yes.
• Click Advanced settings.
• Check the following items.
  

Enable detection of potentially unwanted applications

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology

 

[Sarien]

That extension is safe.  I ran the scan as instructed and it picked up two infected files/PUPs.

C:\Users\ambrt\AppData\Local\Temp\{5481D7A0-05C9-4529-BF37-7365E2514058}.exe    Win32/Visicom.C potentially unwanted application    deleted
C:\Users\ambrt\Downloads\ccsetup547.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting

[nasdaq]

Hi,

I agree that the extension is reported as Safe.

It's also know that your privacy may be at risk.

 

 

 

[Sarien]

I do not understand what you mean with my regards to my privacy. Is that referring to the extension or the infections found in the scan?

[nasdaq]

Yes if you read the comment on the extension your browsing habits may be captured.

it's your call if you want to keep it.

 

[Sarien]

Ah, well if that's the case I'll remove it.

Other then that if there's nothing else any my system looks clean I'm guessing my issue is resolved.

Thank you for your help, Nasdaq.

[nasdaq]

Hi,

Your good.

Stay safe.

 

 

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks