Jump to content
Baru02

Trojan keeps coming back, help!

Recommended Posts

So, I have a few threats that keep coming back no matter how many times I remove and restart (Even in safe mode.). It has also disabled my windows defender and I cannot re-enable it.

How can I get rid of this, and fix my windows defender?

Thank you.

 

mwb.txt

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hello @Baru02 and :welcome:

Your computer is infected with a rootkit that requires a special means of removal.

 

For the next part, you'll need to download the FRST (executable on a clean computer and move them onto your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shut down or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB and you'll have to restart all over again.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depends on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) onto your USB Flash Drive

Boot into the Recovery Environment

  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press the Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive into the computer

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

 

Thanks, Ron

 

 

Share this post


Link to post
Share on other sites

Thank you for the reply. 

Im currently having some problems logging back onto my computer after restarting, am getting error 0xc0000225. 

Currently working on fixing that (doing a chkdsk), I’ll then post the document you requested if I successfully get back in.

Share this post


Link to post
Share on other sites

Unfortunately I could not get back into my computer after going to the Recovery Environment and had to reset my pc to factory settings. 

 

Should I still be worried about the rootkit?

Share this post


Link to post
Share on other sites

It depends on the type of recovery. I'd suggest you run the FRST scan again and send me new logs. Hopefully the infection has been removed.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Share this post


Link to post
Share on other sites

You have both Google updates and Malwarebytes disabled in your MSCONFIG settings.

Please remove any restrictions from Google and Malwarebytes before doing anything else.

I would also recommend you do a new clean install of Malwarebytes and a Threat Scan and post back the results.

Then restart the computer again and run the scans and logs again and post back the new logs.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Nevermind that, I found out what I needed to change in Additions.txt.

Logs will be posted soon

Share this post


Link to post
Share on other sites

Overall the computer looks pretty good. Our program is crashing which I can understand why since you've reset the computer. Please reinstall Malwarebytes one more time and reboot and it should fix any current issues with the program.

https://downloads.malwarebytes.com/file/mb3/

 

I would highly recommend that you stop using and uninstall µTorrent. This program can lead to your computer getting infected and the vast majority of software or media shared is illegal.

I would also recommend that you research the CCleaner program. It used to be an independent program heavily governed by community input. It has since been purchased. I'm not saying it's bad or not to use it but you should be aware and make up your own mind.

Unless there is something else we should be done here now. The computer does not appear to be infected anymore at this time.

Cheers, Ron

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.