Jump to content
Prom2306

Trojan with IP from Russia (77.73.68.175)

Recommended Posts

Hi,

as this problem is mentioned before in these threads

https://forums.malwarebytes.com/topic/248304-trojans/?_fromLogin=1 and

https://forums.malwarebytes.com/topic/249055-trojan-777368175/

I followed all the steps but still have this error popping up every time I start up my PC

trojan.PNG.5af00d714c3aa686453e88b7ce7c3500.PNG

 

 

 

 

 

I've seen some scripts that may fix this problem, but the attachments where removed in the linked threads.

Thanks for any input you can give me :)

Best regards

AdwCleaner[S01].txt farbar.txt FRST_12-09-2019 20.27.09.txt malwarebytes.txt

Share this post


Link to post
Share on other sites

Hello Prom2306 and welcome to Malwarebytes,

Can you post the last three website block logs please...

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...
 

Thanks,

Kevin..

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer and close all running programs before you run this scan!

Download RogueKiller and save to your desktop...

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Scan" then Start under ‘Standard Scan (recommended)’
  • Once the scan is complete, click on Results
  • click Open and then select text file
  • save the file to your Desktop as RKreport.txt
  • copy/paste the content in your next reply


NOTE: DO NOT attempt to remove anything that the scan detects, entries reported may not be malicious

Share this post


Link to post
Share on other sites

Hey Kevin, here is the RogueKiller log you suggested :)

 

RogueKiller Anti-Malware V13.4.3.0 (x64) [Aug 20 2019] (Free) von Adlice Software
Mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Betriebssystem : Windows 10 (10.0.18362) 64 bits
Gestartet in : Normaler Modus
Benutzer : Simon [Administrator]
Gestartet von : C:\Users\Simon\Downloads\RogueKiller_portable64.exe
Unterschriften : 20190913_092046, Treiber : Geladen
Modus : Standard-Scan, Scannen -- Datum : 2019/09/14 10:06:54 (Dauer : 00:10:04)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozesse ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozessmodule ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dienste ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - System Policies
  [PUM.Policies (Potenziell bösartig)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Gefunden

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts-Datei ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dateien ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Webbrowser ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Share this post


Link to post
Share on other sites
Run RogueKiller again....
 
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Make sure all found entries in the red zone are Checkmarked
  • click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply....


Post that log, also let me know if thre are any remaining issues or concerns...

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on 3 chimney icon (top right hand corner) and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Thanks,

Kevin

Share this post


Link to post
Share on other sites

Hi again Kevin.

RogueKiller provides the same  report as we've seen a few days before.

Zemana' installer crashes with the message attached below (google didn't provide me with a quick fix)

The Malwarebytes alerts seem to have declined though...which I don't understand at all to be honest.

How likely is it that these alerts are just false positives? It's just strange as others user report the same problem (even from the same IP)

 

Best regards

Simon

zemanabs.PNG

Share this post


Link to post
Share on other sites

I see from your logs that Chrome is your default browser, do the blocks only happen when you are using that browser..?

Share this post


Link to post
Share on other sites

Hey Kevin,

no, Chrome doesnt add to that issue, as this popup message fom Malwarebytes is literally the first thing I see after booting into Windows 10.

Fortunately, and without any good reasons, the Trojan message is going for two days now.

I have no idea what happened as no scan found any damages or viruses.

Thanks for your time though. This topic can be closed in my opinion :)

Best wishes!

Share this post


Link to post
Share on other sites

Thanks for the update, good to hear your issue has ceased... To clean up do this:

Uninstall the following programs:

Zemana

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Delete RogueKiller portable from this folder C:\Users\PC\Downloads also delete this folder if present: C:\ProgramData\RogueKiller

Next,

Right click on FRST here: C:\Users\Simon\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.