Reoccuring Malware

[TacKnight]

Hello,

I have scanned my PC with MBAM and found the same trojans / registry issues over and over. I have tried my best to uninstall and remove as many unfamiliar programs as possible as well as kill all unusual start up programs. Now my cursor has the "hourglass" next to it blinking very fast constantly which further provides evidence to me that I am still infected. (Seems to be making outside connection to malware / trojan sites)

 

I will attach my FRST.txt, ADDITION.txt and MBAMscanreport.txt

 

Thank you in advance for any help!

Addition.txt

FRST.txt

MbamREPORT.txt

[LDTate]

Hello  and

Please take your time.

 

I need to see what MBAM has found before.

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

[TacKnight]

Thank you for the information, the file will be attached below.

mbst-grab-results.zip

[LDTate]

Do you know what these are?

C:\Program Files (x86)\Homicidal\Lamin.exe

C:\Program Files (x86)\Filtered\Lamin.exe

 

Please go to  http://www.virustotal.com click on Scan, and upload the following file for analysis:

C:\Program Files (x86)\Homicidal\Lamin.exe

Then click Choose File Tab.  Allow the file to be scanned, and then please copy and paste the link to the results page here for me to see.

 

 

[TacKnight]

Unfortunately I have already deleted these folders from my PC, however, I do have Lamin copies in my startup. I do not know this program and suspect this is one of a few malicious programs hidden in my PC. 

[LDTate]

OK.

Give me some time and I'll give you the fix.

[LDTate]

Please take your time.

I have attached A file I need you to download and save it to the same place that you saved the FRST program

This fix will include removing temp files and emptying the Recycle Bin.

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

[TacKnight]

I do not have a FRST.exe, only a .txt 

 

Do I simply change the extension type?

[LDTate]

It will be in your downloads folder

(Farbar) C:\Users\illusionist\Downloads\

C:\Users\illusionist\Downloads\FRSTEnglish.exe

[TacKnight]

Thank you for clarifying, my apologies for not seeing it sooner. Attached will be the fixlog.txt

Fixlog.txt

[LDTate]

How's it running now?

Is MBAM running clean now?

[TacKnight]

Unfortunately not a clean scan. I still have four found issues that I keep having to quarantine. 

[LDTate]

Make sure you attach the **Scan log** and not the Protection log.

Open Malwarebytes > History > Application Logs
Double Click the **Scan log** to open it
On the lower left select **Export** > Export to Text

Save as mbamscan and Save it to your desktop
Attach the mbamscan text file in your next reply.

[TacKnight]

My interface is a little different as I do not have a history menu. I rescanned and believe I exported the scan log corectly, the file will be attached. I apologize for any confusion earlier.

mbamscan.txt

[LDTate]

Give me about an 1/2 hr and I'll have a look.

[LDTate]

I have attached A file I need you to download and save it to the same place that you saved the FRST program

This fix will include removing temp files and emptying the Recycle Bin.

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

[TacKnight]

The computer seems to running much better now, Malwarebytes has only found one issue at this time. I additionally installed Comodo Firewall and have subsequently blocked the outgoing connections to malware sites. I believe this last found item is the one trying to make connections. Will we need to repeat the process again? Just in case I will add another scan report in addition to fixlog.

 

 

Fixlog.txt

mbamscan2.txt

[LDTate]

Lets make sure it;s gone

 

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

[TacKnight]

Malwarbytes as of now says no threats found! Additionally the strange memory hogging issue went away and my cursor is no longer plagues by an endless hourglasss

Fixlog.txt

[LDTate]

Great job.

You can delete the FARBAR tool and the fixlist.txt I had you install

I'm happy to have helped and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, Chrome, Opera , Safari, Microsoft Edge
AdBlock for Internet Explorer

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

 

Thank you for choosing Malwarebytes

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks