Jump to content
Gkoyro

10,000 + counts of Malware and counting, happening right now

Recommended Posts

Hi! All of a sudden I started to receive several threat alerts from BitDefender. I inspecte it and it seems that several files from the folder "windows/temp/tmp(8digitcode starting with several 0s)/" were infected with different types of malware: Trojan.Generic.20337683, Trojan.GenericKD.4529011, Application.KeyGen.GV.

All threats BitDefender could manage to block. So I went ahead and tried to delete all files inside the folder. There were 6,000+. Most of them I couldn't due to permission (I'm administrator of the machine :S). Even BitDefender file shredder couldn't.

I started Malwarebytes Scan 10 minutes ago and it's still scanning, about 11,000 threats. All into the description RiskWare.Tool.HCK. Bitdefender prompted me to restart since one file it can't delete. I'm waiting to do this after malwarebytes scan is complete. 

After restart I can post more details.

Running W10 up to date. I don't know what more details it would be nice to provide.

Share this post


Link to post
Share on other sites

Hello  and :welcome:

Please take your time.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Experts

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply. 

Share this post


Link to post
Share on other sites

Hey LDTate! Thanks for your reply!

Here is are the logs

Meanwhile Malwarebytes is querentining 14,834 threats and it will take about an hour... Also, I'm receiving a regular error from Recycle Bin (either because i tried to exclude the files from the tmp folder or because malwarebytes quarentine is corrupting those files) saying "The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?" After clicking Yes, it excludes sucessfully some files with large filenames.

Update: the tmp000004d8 folder is 11GB with 55k files, and has fulfilled my entire C drive. Other drives aren't affected. 

Screenshot 2018-12-06 15.28.10.png

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Not sure why I can't open that zip file.

 

STEP 01

If you didn't already. Quarantine everything Malwarebytes (MBAM) detected.

empty the Recycle Bin

STEP 02

Please download AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner by Malwarebytes and save the file to your Desktop.

    Right-click on the program and select Run as Administrator to start the tool.
    Accept the Terms of use.
    Wait until the database is updated.
    Click Scan Now.
    When finished, please click Clean & Repair.
    Your PC should reboot now if any items were found.
    After reboot, a log file will be opened. Copy its content into your next reply.


RESTART THE COMPUTER Before running Step 3

STEP 03


Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here https://support.microsoft.com/en-us/help/15056/windows-7-32-64-bit-faq if you're not sure if your computer is 32-bit or 64-bit

FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST

FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64

Note: You need to run the version compatible with your system. You can check here https://support.microsoft.com/en-us/help/15056/windows-7-32-64-bit-faq if you're not sure if your computer is 32-bit or 64-bit

    Double-click to run it. When the tool opens, click Yes to disclaimer.
    Press the Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
    Please attach the Additions.txt log to your reply as well.

Share this post


Link to post
Share on other sites

After MBAM completes and after AdWcleaner

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Hey LDTate, I completed all scans, bitdefender's, mbam's, and from those softwares you recommended. I was able to completely exclude the folder after all, ran CCleaner, then ran both mbam and bd again and nothing was found. I guess I'm over it.

If you still need me to upload the log files, I'm happy to do it. From the files I sent you from the mbam diagnose tool could you already have a sense of what was going on?

Thank you very much for your help! 

Kind regards,
Gabriel

Share this post


Link to post
Share on other sites

Great Job

You're quite welcome. I'm happy to have helped, and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Thanks for choosing Malwarebytes!

Peace Be With You


Help Secure your browsers

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari

https://www.ublock.org/

Opera

https://addons.opera.com/en-gb/extensions/details/ublock/?display=en

Edge

https://www.microsoft.com/en-us/store/p/ublock-origin/9nblggh444l4

AdBlock for IE

https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-released


Cryptolocker Ransomware: What You Need To Know

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Tech Support Scams

http://blog.malwarebytes.org/tech-support-scams/#help

Seven tips to keep your PC safe

http://blog.malwarebytes.org/intelligence/2013/06/seven-tips-to-keep-your-pc-safe-this-summer/


LD Tate

Malware Removal Specialist

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.