Jump to content
Ryno2Rhino

Rootkits and Malware taking over my laptop

Recommended Posts

Hello I am here due to an ongoing concern I have detected on now 3 of my laptops. I've researched for hours on end going on almost 2 months now until deciding to post here. Whatever this malware is, it's definitely deceptive. It accesses and changes passwords, usernames, logins, access privledges, virus scans, security settings, the list goes on. Through process of elimination I'm leaning towards a root on my PCI but I can be completely wrong on that. Any help would be so greatly appreciated! I look forward to any help in the future and thank you in advance!

Share this post


Link to post
Share on other sites

I believe my laptop is crawling with smart malware and Rootkits, particularly the Smart Screen rootkit along with various other yet to be determined infections. It has relabeled my drives and partitions, making it extremely difficult to run an effective scan. I have noticed the malware and root has the ability to change user names, passwords, logins, credentials, security settings and features amongst countless other. Any help would be greatly appreciated! I have FRST files if you would like me to attach them let me know. 

 

My laptop security is being manipulated, outsmarted, and is now this malware and rootkits b*$ch. It changes logins, usernames, credentials, security processes, passwords, etc. I've reinstalled the OS 3 times and it keeps showing up. I haven't been able to find a virus scan that can detect anything, or a person who can figure it out. Any advice would be much appreciated! I've attached the FRST & ADDITION files as requested. I look forward to hearing from anyone on this matter.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hello @Ryno2Rhino

Something appears to be up with the computer. The Addition.txt log is not complete at all.

Please try shutting down the computer for a couple of minutes, then turn it back on and try running FRST again - make sure you're using an Admin account. Also, make sure to place a check mark in the Additions.txt check box.

Then attach back new logs

Thanks

Getting pretty late so I may have to check back on you again sometime tomorrow.

Ron

 

Share this post


Link to post
Share on other sites

I just downloaded and ran the scan. It says no threats found. I'm up and available to continue any suggestions you offer for as long as you're up for it. Let me know what you think. And I just wanted to verify that I was attaching the files correctly in the posts for you to look over. Whatever this is won't allow me to log in to malware bytes so I have to send the files to my phone and then reply from there. 

Share this post


Link to post
Share on other sites

If more than one device is being affected it may be your router. Let's reset it to make sure.

 

Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

Share this post


Link to post
Share on other sites

So just to be clear I should follow the instruction for the "30-30-30 hard reset" right? I picked up a Netgear Nighthawk x6 today but decided to wait until I got all this stuff figured out before making a switch, unless you think it's worth it to switch routers at this point.

Share this post


Link to post
Share on other sites

Okay, let me get a full set of new logs please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

MWB.txt

FRST2.txt

Addition2.txt

And here is the Adwcleaner copied into the reply per your request

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-03-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-08-2019
# Duration: 00:00:05
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [08/03/2019 00:55:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Share this post


Link to post
Share on other sites

Not seeing anything in the logs to indicate an infection. Is this a new install of Windows? Doesn't seem to be much installed on it.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Thank you

Ron

 

 

Share this post


Link to post
Share on other sites

This laptop was recently updated to Windows 10 from Windows 7, but Ive had it for a few years now. Something new has begun happening, and that is getting a "You don't have permission" notification if I try to save anything to my C drive. And then getting kicked off my network with a "remote device won't allow accept this connection. Ive attached screenshots of both. 

 

 

Wont Accept.png

permission.png

TDSSKiller.3.1.0.26_10.03.2019_23.19.37_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.21.52_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.25.53_log.txt

Share this post


Link to post
Share on other sites

The log is clean.

 Detected object count: 0

As for the C drive save. That is a security feature of Windows 10. You cannot save directly to the root of the C drive on purpose without using an elevated process. Running a Browser or Explorer is not an elevated process. Normally one would save to their Downloads folder or their Documents folder or their Desktop folder and you should then not get that error.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

NOTE: This will run 2 Windows repair commands and may take up to about 30 minutes to run. Please let it run and complete on its own.

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.