Jump to content

I think I might be Infected


Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Were these programs installed by you?

If not you can proceed with the download and fix suggested below.
Other wise DO NOT RUN THE FIX.

p.s.
The date in 1994 and 1998 are very suspecious.
====

Task: {7F900570-3A4E-49AA-B3A5-7B33A941BD89} - System32\Tasks\{96BDFDB1-0C0E-4F7E-92F5-2EB971F6343D} => C:\Users\Ridge Roofing\Documents\Panzer2\PANZER2.EXE [1998-01-13] ()
Task: {8E1ED848-4994-428C-B636-0131545292C5} - System32\Tasks\{0694D2A6-268B-4DE0-BA0F-ACC152A5543C} => C:\Users\Ridge Roofing\Documents\Shanghai II\shanghai.exe [1994-05-16] ()
Task: {94FB191A-D891-4E81-83B2-D034CF4631EE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {98714B72-53DF-447F-918B-AB415E78A157} - System32\Tasks\{136405C1-154E-4B67-8F2D-7645922B710A} => C:\Users\Ridge Roofing\Documents\Panzer2\PANZER2.EXE [1998-01-13] ()
Task: {DAC87356-5D3A-4EAE-859A-3304E4D68B06} - System32\Tasks\{04DE44DF-5A6D-4972-92D9-2992D834CF0C} => C:\Users\Ridge Roofing\Documents\Shanghai II\shanghai.exe [1994-05-16] ()
Task: {DE09441B-4430-4569-925F-7C070ABF3547} - System32\Tasks\{F18AA95A-33D9-48AE-B4B4-E620576D8051} => C:\Users\Ridge Roofing\Documents\Shanghai II\shanghai.exe [1994-05-16] ()
Task: {DE196037-AB3D-46A5-BF99-4010F1E9D6C2} - System32\Tasks\{F6CAF470-AB3A-4AA8-BE72-16F0DF383DD4} => C:\Users\Ridge Roofing\Documents\Panzer2\PANZER2.EXE [1998-01-13] ()
Task: {E970A4A3-0B0B-454D-AEF7-713C1B579C84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E9FE840A-99EE-4335-8F6B-38931D8FF24D} - System32\Tasks\{C0ECE6BE-F978-414B-9A8A-2331B9EBCC5E} => C:\Users\Ridge Roofing\Documents\Panzer2\PANZER2.EXE [1998-01-13] ()
Task: {F9ED025E-5699-469D-8418-2328A730DECF} - System32\Tasks\{FF92EA2E-E237-42C4-BCD6-AFF98180F0A0} => C:\Users\Ridge Roofing\Documents\Shanghai II\shanghai.exe [1994-05-16] ()

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I keep getting scam emails from names in my address book.

Are all you contacts compromised?

Are they receiving  spam messages from you?

You or your contacts can find our if the  e-mall address(es) has been spoofed.
Visit this site.
https://haveibeenpwned.com/

If you execute the fix then please post the Fixlog.txt for my review.

fixlist.txt

Edited by nasdaq
Link to post
Share on other sites

Hi,

If you want to remove the references to the games run the fix.

I do not see any traces of the games in your Installed programs list.
So they will be cleaned completely.
===

Not sure if it's everyone on my list or not.

Look at the properties of these scam emails.
Ask the contact if he has sent the message.
If not then his email address has been compromised.

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.