Jump to content

I believe I'm almost certainly infected...


Recommended Posts

...with either malware, a coin miner/jacker, or a virus.

I have MBAM Premium 3.6.1 and I run an auto scan (including rootkit) every night and I've run multiple scans on different areas (Full scans, C:/Windows/System32, the USERS folders, etc) and I can't find the nasty little critters! 😒

I also have Kaspersky Total Protection 2019. I've got the MBAM exclusions set up in KTS so as to avoid conflicts. Run regular scans with KTS as well. Next stop if y'all don't find it is the Kaspersky forum.

FRST and Threat Scan logs are attached. Please help if you can and thanks so much! 😊

I don't see a "Follow" button but I do have "Notify me of replies" checked.




Threat Scan 2018.12.01.txt

Link to post
Share on other sites

Hello Ike

and :welcome:

Please take your time.


I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.


Link to post
Share on other sites

Thanks for your help, @LDTate  ! 😁

The tool ran, and required a reboot. Everything seems A-OK at the moment. Fixlog.txt is attached.

I am usually a pretty prudent surfer; I believe this may have been a targeted attack against me from an "MVP" of a very well-respected Windows blog as revenge for me calling out for very un-MVPlike behavior.

Is it possible for you to let me know what was found/removed and what the vector might have been and when? I suspect it was between Sunday 11/25 and Monday 11/26.

If you need to PM me the info I understand and I might prefer it that way. 😊

Again, thanks so much,




Link to post
Share on other sites

You can open the fixlog.txt using note pad to see what was found / removed.

The only Item that really jumped out was:

2018-11-26 12:53 - 2018-11-30 09:41 - 018991320 _____ () C:\Users\OWNER\AppData\Local\Temp\reflectPatch.exe

I think it's part of this:






Link to post
Share on other sites

Great job

You're quite welcome. I'm happy to have helped, and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Thanks for choosing Malwarebytes!

Peace Be With You

Help Secure your browsers

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari






AdBlock for IE


Cryptolocker Ransomware: What You Need To Know


Tech Support Scams


Seven tips to keep your PC safe



LD Tate

Malware Removal Specialist

Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.