Jump to content

An unidentified malware


Recommended Posts

Hi Malwarebytes team.

I think I have an unidentified type of malware in my main computer.

Here is the deal, when I bought my main laptop a Lenovo V510 my computer started acting very funny, like somehow during briefs moments my mouse started acting alone as if it had life, windows would also zoom in out and out (for example firefox). I always suspected I had malware in my computer, so I run my Zone Alarm Free and my Malwarebytes. However both didn't detect much. The symptoms continued. Later just for safety I bought the internet security version of Kaspersky. And I run the software, nothing was detected. The malware lied dormant in my computer for a year, sometimes it would move my mouse, but with less frequency. Last week my computer started breaking away, not working at all, it wouldn't even load. I thought all of this was an hardware problem, so i went to the shop where I bought my laptop and they told this was some kind of malware trying to damage the first sectors of my laptop, the thing was trying to damage my harddisk. So I did the same thing, I picked up a copy of PartedMagic and wrote zeros in the whole disk and rewrote the disk, but not before cloning the disk with clonezilla. Now I have an external disk with an exact copy of my computer. I did copy some of the data to this computer, so it might be infected, if I feel like this computer is infected with this kind of malware I can do the same thing. In this case the malware would be isolated in an external disk.

Could you help me out remove this extremely annoying malware?

Kind regards

Link to post
Share on other sites

Hello @silveringking and :welcome: Forums.

Please read the content of the topic I'm infected - What do I do now?, perform the scans and attach the requested logs for review.

We need to see the information on those logs in order to help you.

Thank you.

Android8888

Link to post
Share on other sites

Hi, I run malwarebytes premium (evaluation) in my computer right now, both in my c disk as in my g disk, the g disk is the clone of the infected disk I told you about (an exact copy, even the white space was cloned), I tried to run the frst64 in my g disk, but it seems it only scans the main disk. Anyway, no threats were found as far as I could understand (I might be wrong). All I can tell about this menace in specific is that it seems damage the boot sectors, I can't anything more.

I'm attaching all the reports I could run. The malwarebytes report is in portuguese, I hope this isn't a problem, I'm also from Portugal Android8888, but I live almost opposite to you in Fafe.

Kind regards

AdditionC.txt

FRSTC.txt

test1.txt

test2.txt

Link to post
Share on other sites

Olá @silveringking,

 

4 hours ago, silveringking said:

The malwarebytes report is in portuguese, I hope this isn't a problem

No, this is not a problem. However let's keep the English language so that others can understand.

 

4 hours ago, silveringking said:

I'm also from Portugal Android8888, but I live almost opposite to you in Fafe.

I have been in the North but never in Fafe.

 

4 hours ago, silveringking said:

I tried to run the frst64 in my g disk, but it seems it only scans the main disk.

Farbar Recovery Scan Tool (FRST) was developed to scan certain areas of the Operating System, therefore it only scans the partition where the OS is installed which in your case is C.

 

Alright, first of all please tell me if you know or use this software: Chocolatey

Edited by Android8888
typo
Link to post
Share on other sites

I planned to keep this conversation in English anyway, it is important to keep it this way. I see... I personally love the North, born and raised you, come here, the veal is amazing.

 

Yes I use Chocolatey, it is a package manager, it keeps me from downloading every single program I have to install, I just run in the command line and presto, everything is installed without a fuss, even my Malwarebytes was installed with Chocolatey.

https://chocolatey.org/

Link to post
Share on other sites

Hello @silveringking

That you for your time and patience.


I do not see evidences of active malware in your logs.

We will run a script fix using FRST just to tidy up.

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file!
  • Right-click on the FRST icon and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


Now please perform this scan with ESET Online Scanner to search for leftovers. This is a very thorough scan but it's worth it. I suggest you run it when you are not working on the computer.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your Antivirus and Anti-malware programs to avoid potential conflicts, improve the performance and speed up the scan.
    4. Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    5. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.

  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Please attach this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Now re-enable your Antivirus and Anti-malware programs, please.


To summarize, in your next reply attach the following logs, please:
Fixlog.txt
AdwCleaner clean log. This log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and the one I need to see).
The ESET log (if it produced one).


Also, let me know in detail which issues remain on the computer at this time.


Thank you.

Android8888

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.