Jump to content
Mpit52

Possible Infection - Trojan.GenericKD.31067079 Generic.Malware/Suspicious

Recommended Posts

All,

I am having trouble finding/removing an infection from my computer. I noticed it the other day and have been battling it since. My primary AV is Bitdefender AntiVirus (Free) which logs constantly that it is blocking infections (example below) and I also have Malwarebytes Premium installed (post infection), logs attached. If I run full scans, including rootkits for malwarebytes, both scanners comes back clean but my BitDefender still reports that it is blocking infections all day long.  I have attached FRST, Additions and malwarebytes threat scan logs. Any and all assistance will be greatly appreciated. 

Bitdefender Log Example:

"Item was blocked. Threat name: Trojan.GenericKD.31067079. Path: C:\Windows\Temp\tmp00003cc\tmp\000001f1."

Addition.txt

FRST.txt

MalwarebytesRpt-12.27.18.txt

MalwarebytesRpt-12.27.18(2).txt

Share this post


Link to post
Share on other sites

Hello  and
:welcome:

Please take your time.

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Share this post


Link to post
Share on other sites

Well that was easy, Thanks! Initial state looks good but only time will tell. Prior to running the FRST with the fixlist.txt commands, Bitdefender would start to block files est 15-20 mins after a reboot. As of right now, things are looking good but I will follow up again after 5:00 pm today and once more tomorrow to verify. 

Would you mind telling me what was fixed/removed or what kind of infection I had?I would like to educate myself on the process and tools that you used. If there is an article or forum post already explaining FRST and how you use it, it would be interested in reading it. 

Thank you for your assistance. I will report back around the times listed above with updates. 

Fixlog.txt

Share this post


Link to post
Share on other sites

Other than Temp files, no idea what this bad guy was.

C:\WINDOWS\system32\drivers\eipkfwou.sys

Keep in mind drivers load when Windows loads in Normal Mode so it's possible if you would have started Windows in Safe Mode, Malwarebytes (MBAM) might have removed it.

Share this post


Link to post
Share on other sites

Well that's a bit more concerning. If you were unsure of what the 'bad guy' was, how did you know what to disable/delete from the "fixlist.txt" commands? Concerns aside, the computer does not show any additional signs of infection. I will update once more tomorrow so that a full 24hrs have passed. 

Share this post


Link to post
Share on other sites
Well that's a bit more concerning. If you were unsure of what the 'bad guy' was, how did you know what to disable/delete from the "fixlist.txt" commands?

Experience for one thing.

When items like that don't Google Search, it requires more searching.

I've never seen a driver named that.

Share this post


Link to post
Share on other sites

All looks well, my apologies for not getting back to you yesterday. Thank your or all of your assistance. 

Share this post


Link to post
Share on other sites

Great Job

You're quite welcome. I'm happy to have helped, and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Thanks for choosing Malwarebytes!

Peace Be With You


Help Secure your browsers

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari

https://www.ublock.org/

Opera

https://addons.opera.com/en-gb/extensions/details/ublock/?display=en

Edge

https://www.microsoft.com/en-us/store/p/ublock-origin/9nblggh444l4

AdBlock for IE

https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-released


Cryptolocker Ransomware: What You Need To Know

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

Tech Support Scams

http://blog.malwarebytes.org/tech-support-scams/#help

Seven tips to keep your PC safe

http://blog.malwarebytes.org/intelligence/2013/06/seven-tips-to-keep-your-pc-safe-this-summer/


LD Tate

Malware Removal Specialist

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.