Jump to content

I believe I'm almost certainly infected...

Ike

By Ike
in Resolved Malware Removal Logs

 Share

Recommended Posts

Ike

Ike

Posted
Posted

...with either malware, a coin miner/jacker, or a virus.

I have MBAM Premium 3.6.1 and I run an auto scan (including rootkit) every night and I've run multiple scans on different areas (Full scans, C:/Windows/System32, the USERS folders, etc) and I can't find the nasty little critters! 😒

I also have Kaspersky Total Protection 2019. I've got the MBAM exclusions set up in KTS so as to avoid conflicts. Run regular scans with KTS as well. Next stop if y'all don't find it is the Kaspersky forum.

FRST and Threat Scan logs are attached. Please help if you can and thanks so much! 😊

I don't see a "Follow" button but I do have "Notify me of replies" checked.

-Ike

FRST.txt

Addition.txt

Threat Scan 2018.12.01.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Hello Ike

and :welcome:

Please take your time.

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Link to post
Share on other sites
Ike

Ike

Posted
  • Author
Posted

Thanks for your help, @LDTate  ! 😁

The tool ran, and required a reboot. Everything seems A-OK at the moment. Fixlog.txt is attached.

I am usually a pretty prudent surfer; I believe this may have been a targeted attack against me from an "MVP" of a very well-respected Windows blog as revenge for me calling out for very un-MVPlike behavior.

Is it possible for you to let me know what was found/removed and what the vector might have been and when? I suspect it was between Sunday 11/25 and Monday 11/26.

If you need to PM me the info I understand and I might prefer it that way. 😊

Again, thanks so much,

-Ike

Fixlog.txt

 

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

You can open the fixlog.txt using note pad to see what was found / removed.

The only Item that really jumped out was:

2018-11-26 12:53 - 2018-11-30 09:41 - 018991320 _____ () C:\Users\OWNER\AppData\Local\Temp\reflectPatch.exe

I think it's part of this:

https://www.virustotal.com/en/file/e04f58e4cbf6ad38b46854b7879ab27e9deb36f6e92c8fbc4cd2331ff374ff62/analysis/

 

 

 

 

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Great job

You're quite welcome. I'm happy to have helped, and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Thanks for choosing Malwarebytes!

Peace Be With You


Help Secure your browsers

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari

https://www.ublock.org/

Opera

https://addons.opera.com/en-gb/extensions/details/ublock/?display=en

Edge

https://www.microsoft.com/en-us/store/p/ublock-origin/9nblggh444l4

AdBlock for IE

https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-released


Cryptolocker Ransomware: What You Need To Know

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Tech Support Scams

http://blog.malwarebytes.org/tech-support-scams/#help

Seven tips to keep your PC safe

http://blog.malwarebytes.org/intelligence/2013/06/seven-tips-to-keep-your-pc-safe-this-summer/

 

LD Tate

Malware Removal Specialist

Link to post
Share on other sites
  • 5 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.