Ryno2Rhino Posted March 3, 2019 ID:1301685 Share Posted March 3, 2019 Hello I am here due to an ongoing concern I have detected on now 3 of my laptops. I've researched for hours on end going on almost 2 months now until deciding to post here. Whatever this malware is, it's definitely deceptive. It accesses and changes passwords, usernames, logins, access privledges, virus scans, security settings, the list goes on. Through process of elimination I'm leaning towards a root on my PCI but I can be completely wrong on that. Any help would be so greatly appreciated! I look forward to any help in the future and thank you in advance! Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 4, 2019 Author ID:1301899 Share Posted March 4, 2019 I believe my laptop is crawling with smart malware and Rootkits, particularly the Smart Screen rootkit along with various other yet to be determined infections. It has relabeled my drives and partitions, making it extremely difficult to run an effective scan. I have noticed the malware and root has the ability to change user names, passwords, logins, credentials, security settings and features amongst countless other. Any help would be greatly appreciated! I have FRST files if you would like me to attach them let me know. My laptop security is being manipulated, outsmarted, and is now this malware and rootkits b*$ch. It changes logins, usernames, credentials, security processes, passwords, etc. I've reinstalled the OS 3 times and it keeps showing up. I haven't been able to find a virus scan that can detect anything, or a person who can figure it out. Any advice would be much appreciated! I've attached the FRST & ADDITION files as requested. I look forward to hearing from anyone on this matter. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 6, 2019 Author ID:1302310 Share Posted March 6, 2019 Addition.txt FRST.txt mwb scan.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6, 2019 Root Admin ID:1302335 Share Posted March 6, 2019 Hello @Ryno2Rhino Something appears to be up with the computer. The Addition.txt log is not complete at all. Please try shutting down the computer for a couple of minutes, then turn it back on and try running FRST again - make sure you're using an Admin account. Also, make sure to place a check mark in the Additions.txt check box. Then attach back new logs Thanks Getting pretty late so I may have to check back on you again sometime tomorrow. Ron Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 6, 2019 Author ID:1302417 Share Posted March 6, 2019 Hey Ron good afternoon and thank you so much for generously taking the time to help me out with this, I really appreciate it. I re ran the scan and here are those files.Addition_06-03-2019 13.14.15.txt FRST_06-03-2019 13.14.15.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7, 2019 Root Admin ID:1302505 Share Posted March 7, 2019 Please download and run the following Kaspersky antivirus scanner to remove any found threats Kaspersky Virus Removal Tool Let me know if it finds anything or not Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 7, 2019 Author ID:1302507 Share Posted March 7, 2019 I just downloaded and ran the scan. It says no threats found. I'm up and available to continue any suggestions you offer for as long as you're up for it. Let me know what you think. And I just wanted to verify that I was attaching the files correctly in the posts for you to look over. Whatever this is won't allow me to log in to malware bytes so I have to send the files to my phone and then reply from there. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7, 2019 Root Admin ID:1302508 Share Posted March 7, 2019 If more than one device is being affected it may be your router. Let's reset it to make sure. Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router. This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults. Reset And Reboot Hard reset or 30/30/30 Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 7, 2019 Author ID:1302526 Share Posted March 7, 2019 So just to be clear I should follow the instruction for the "30-30-30 hard reset" right? I picked up a Netgear Nighthawk x6 today but decided to wait until I got all this stuff figured out before making a switch, unless you think it's worth it to switch routers at this point. Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 7, 2019 Author ID:1302584 Share Posted March 7, 2019 Ok I have done the hard reset. What would you like me to do next? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7, 2019 Root Admin ID:1302646 Share Posted March 7, 2019 Okay, let me get a full set of new logs please. Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 8, 2019 Author ID:1302766 Share Posted March 8, 2019 MWB.txt FRST2.txt Addition2.txt And here is the Adwcleaner copied into the reply per your request # ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-03-04.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-08-2019 # Duration: 00:00:05 # OS: Windows 10 Home # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1250 octets] - [08/03/2019 00:55:01] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 8, 2019 Root Admin ID:1302771 Share Posted March 8, 2019 Not seeing anything in the logs to indicate an infection. Is this a new install of Windows? Doesn't seem to be much installed on it. Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. PC Winvids - How to run Kaspersky TDSSKiller If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection. Once the tool has completed scanning make sure to re-enable your other security applications. Thank you Ron Link to post Share on other sites More sharing options...
Ryno2Rhino Posted March 11, 2019 Author ID:1303203 Share Posted March 11, 2019 This laptop was recently updated to Windows 10 from Windows 7, but Ive had it for a few years now. Something new has begun happening, and that is getting a "You don't have permission" notification if I try to save anything to my C drive. And then getting kicked off my network with a "remote device won't allow accept this connection. Ive attached screenshots of both. TDSSKiller.3.1.0.26_10.03.2019_23.19.37_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.21.52_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.25.53_log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 11, 2019 Root Admin ID:1303270 Share Posted March 11, 2019 The log is clean. Detected object count: 0 As for the C drive save. That is a security feature of Windows 10. You cannot save directly to the root of the C drive on purpose without using an elevated process. Running a Browser or Explorer is not an elevated process. Normally one would save to their Downloads folder or their Documents folder or their Desktop folder and you should then not get that error. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt NOTE: This will run 2 Windows repair commands and may take up to about 30 minutes to run. Please let it run and complete on its own. Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2019 Root Admin ID:1304038 Share Posted March 16, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts