Jump to content

Recommended Posts

Hey all,

I got a suspected trojan virus recently through Origin. There seems to be a key tracking software that is linked to my computer. I have ran rkill, malwarebytes, adwcleaner, and HitmanPro and nothing has been found. I know there is a key tracking software on my computer however. This morning, I logged into Origin and entered my user and password. 30 minutes later, I received a text in Russian from EA sending me my two factor authentication code. I can't find this virus though. Any ideas on what to do next?

Thanks

Link to post
Share on other sites

Hi, @pburgh36     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

I am assuming this is on a Windows pc.  If it is not, then Stop and let me know.

Second, please stop running third-party tools or any fixes on your own.

[ 1 ]

 

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

To get & install the Malwarebytes beta Firefox extension.

Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

.[ 2 ]

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Link to post
Share on other sites

Thanks for the report file.  I see this pc has Avast.  Has it reported any infection ?

You already wrote that Hitmanpro found nothing.

The Adwcleaner found no adware.   That is good.

Note, I am not familiar with the Origin website.  But I am aware that a number of sites do use 2-factor sign-in.

I wished I would have known from you, Which web browser you used to login into Origin ?

 

I do hope you added the Malwarebytes Firefox browser extension.

.

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, ( if any detcted)  be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed.

When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply.

Link to post
Share on other sites

Thanks for the scan report.  That clean finding is pretty much significant.  It is my view that you need to get help on the login issue thru Origin support.  ask why there is the 2-factor code issue.

 

This here is just one other special scan.  Just as another opinion.  But I also think it will come back with zero infection.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

Link to post
Share on other sites

That cinches the reality of there being no "trojan" here.  There is no malware.

As to slow pc, that slowness can be due to any number of other factors.

Free up space on this pc by doing some cleanup deletion.

See this Microsoft article  https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup

.

No, do not do a re-install.  Instead , get the latest Build 1903  and do a upgrade in place.

Prepare by closing all un-needed open program, windows.

Use EDGE to go to the following Microsoft page  for Windows 10

https://www.microsoft.com/en-us/software-download/windows10

 

Click the Update now button and follow all prompts.

Have lots of patience, infinite patience  ( my term)  and let the run take as much time as it takes.   Monitor the process.

IF later on you see what looks like a all dark screen, do not panic.  Just move the mouse  and make circular motions  and eventually that will get the display to come alive.

and you can also tap the space-bar on the keyboard t get the display to come alive.

No panic.   Good luck.  Just monitor the process.

 

P.S.  Again ... for Origin, get help from the site administraors.

 

Edited by Maurice Naggar
Link to post
Share on other sites

1 hour ago, pburgh36 said:

Internet speeds are still extremely slow, only about 2mbps. Not sure what to do next. 

Reboot/unplug the power from your modem and check again. Also if you connect wireless the speeds are in many cases slow compared to using a wired connection.

Sorry for the intrusion, I just realized what section this posted in.

@Maurice Naggar

Edited by Porthos
Link to post
Share on other sites

@pburgh36  

Have you checked with your internet service provider?   That is the best place for help on the speed issue.

 

Is this machine just only on WIFI connection ?   If so, can you please see about having a direct connection via cable.

 

What is typically advised, as a one time procedure is:

To Power off the router,

Eject any CD or DVD or USB-thumb-flash drive.

Shutdown Windows along with disconnecting power.

Wait for one minute.

Then power back ON the pc.   Restart Windows.

Then turn the router back on.     Use a direct cable from the router to your machine for the internet connection.

 

If the same speed issue continues, Check again with the Internet Service provider.

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.