Having problem with EpicNet Inc, Trojan.Agent, and PUP.Optional.Glupteba

[Lios]

I had this problem for a very long time and so now I decided to get rid of them for good this time.

Everytime my laptop booted up and do a scan on malwarebytes there's always 8 items detected by the name "RiskWare.BitCoinMiner" on Appdata. I tried using AdwCleaner there's always 2 items detected called "Trojan.Agent" and "PUP.Optional.Gluteba" and cannot be deleted.

I did some scan with FRST and save the logs so here it is.

Also I don't know why but my C: is slowly losing memory not sure if its because those RiskWare and Trojan.Agent or not if its caused by them I hope by getting rid of them will solve my memory problem as well.

FRST.txt Addition.txt AdwCleaner[C04].txt

[Maurice Naggar]

Hi,   

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

We need to get  additional   information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support- 1.5.1.681.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

[Lios]

All right here it is

mbst-grab-results.zip

[Maurice Naggar]

Close and save any open work files before starting this procedure.  I am sending a custom fix script to do some cleanups.

This custom script is for LIOS  only.

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply.

 

Let me know how this goes.  We can do other steps, later, as needed.

Cheers,

Fixlist.txt

[Lios]

Here the Fixlog.txt

Fixlog.txt

[Maurice Naggar]

That was a very good run.  Thanks for the report.

 

Let’s   follow up  by doing a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

 

 

Then you can proceed to click on the blue button Quarantine selected.

In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

 

Edited October 18, 2019 by Maurice Naggar

[Lios]

40 minutes ago, Maurice Naggar said:

On the line "Automatically quarantine detected malware" be sure it is ON

This only available for premium though and yes I don't have premium so what should I do?

[Maurice Naggar]

Just skip that line .....and keep going down the list.   In other words,  go forward.

[Lios]

The Scan Report

10-19-2019 Scan Report.txt

[Maurice Naggar]

Thank you for that.  That is a good cleanup.

How are things now, by the way ?

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

[Lios]

From using Malwarebytes that's the usual 8 detected items which always come back everytime the laptop is booted up.

I'm still scanning using this ESET you recommend and will continue it tomorrow I need sleep

[Maurice Naggar]

OK.   You should let me know the result after it is all completed & attach the report from ESET.

Regards,

[Lios]

ESET scan result

ESET Scan.txt

[Maurice Naggar]

Thanks for the report.  ESET found a bunch of P U P  and a few hacktools.

 

I suggest another, different scan.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

 

 

[Lios]

Oh boy this takes a lot of stuff just to clean my laptop

[Maurice Naggar]

Yes, take your time.  Patience.   I think we are near the end.

[Lios]

should I do quick scan or full scan?

[Lios]

I did a quick scan and it said there are some unwanted program and virus and it got removed no report or logs or anything it just removed it and that's it

[Maurice Naggar]

Thanks for the information.   If you would use Windows Explorer   you can fine the log named as MSERT.log

at this folder    C:\Windows\debug\msert.log

 

Tell me, How are things at this point?

[Lios]

Did a scan with Malwarebytes the 8 "RiskWare.BitCoinMiner" still there

Do you need the msert file?

[Maurice Naggar]

Yes, I would like to see the MSERT report.

Now then, I would like a special report using the FRST64  tool which is on Downloads folder.

 

Start FRST64.
Type the following ( better yet, use COPY  then Paste)   into the search box exactly as show then press the Search Files button

SearchAll: EpicNet

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

[Lios]

By the way I haven't quarantined the Malwarebytes result but FRST search found nothing thats weird man

Search.txtmsert.log

[Maurice Naggar]

The MS Safety scanner reported this:

Results Summary:
----------------
Found BrowserModifier:Win32/Soctuseer!excl and Removed!
Microsoft Safety Scanner Finished On Sat Oct 19 12:52:21 2019

.

Plus it removed 3 exclusions that were set in Windows Defender.

.

Question  ? 

Quote

I haven't quarantined the Malwarebytes result  ?

What / why ?

 

Edited October 20, 2019 by Maurice Naggar

[Lios]

I'm not sure if I quarantine it right away it will change the result of what we're doing because I still don't know if we're done or not, but judging from your reaction I suppose I should quarantine it now

[Maurice Naggar]

Please quarantine all items tagged by Malwarebytes.

Could you do a new run and do that ?