Jump to content

I don't know if I have a virus or not


Recommended Posts

Hello, I don't quite know if I have a virus or not. I've been really worried that I do after downloading some mods for a game I play and then reading online that they can contain some viruses. I also got an alert that Farbar is dangerous but is that just a false positive? and one more thing a while back in March I got a RAT and malwarebytes found it however I did a full format anyways to be sure, but now I am looking in my windows folder and there are some files that were modified back in March before I did the full format so how could they still be there and could that be a RAT still on my PC? https://gyazo.com/dc12d0469140664dea565801bdb42a56

 

Here are the Farbar results, and if I did have a trojan or a RAT or anything they wouldn't be able to mess with the results or change the text files would they, maybe even manually? I'm just really paranoid.

 

 

Thank you so much to anyone can help with me this it really does mean a lot.

Edited by AdvancedSetup
Removed logs
Link to post
Share on other sites

Hi, 

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

.

Farbar FRST is perfectly safe.  IF you had seen a message from Windows about it, that is some normal message-prompt.   There is not a danger using the report.

Please do not have unwarranted "paranoia".  That is counter-productive.

.

I will be guiding you to run several scans on this system.  The goal is to check this current system & see whether or not  there is a actual identified infection.

Please have patience.   Regardless of what prior infections had been around ....what we will check is the current system as it is now.

 

Thank you for running the FRST and sending the 2 reports.  I notice that the pc has Webroot SecureAnywhere installed.   That would be a excellent program to run to check this pc for viruses.   Have you done that lately ?  I'd recommend you doing that at some point.

 

I am going to have you do a new scan with Malwarebytes for Windows.  That is just one thing to start with.

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed.
Let it remove what it has detected.
.

When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply. Thank you.

 

Edited by Maurice Naggar
Link to post
Share on other sites

Sorry for making three posts, but more one thing. You might not know since this is for malwarebytes and not webroot but, with webroot at the very buttom where it says end of scan it tells me cpu usage and such but then it starts to scan my Farming Simulator 19 mods, which I am most worried about and it says flags 256/36 but then it says 0 malicious files. I don't know why my farming simulator mods are the only files being scanned after it says end of scan log and those are the one I am worried about. It just brings me to even more paranoia that there is an actual virus.

Link to post
Share on other sites

There is no personal information of any sort in either report.  The Webroot said Malicious Files: 0

Sorry. I am not expert on Webroot logging.   The bottom line is that it reports zero virus / zero malicious files.   That is quite excellent result.

The Malwarebytes scan also reports no malware.

 

What follows is a deeper scan with Malwarebytes.   This will take an hour or two or more, depending on how many files are on C drive.

This custom scan will scan the whole C drive.

Open Malwarebytes

Click the Settings menu followed by the Protection tab.

Scroll down to Scan Options and turn the Scan for rootkits setting on.

 

Next, click the icon button at left marked SCAN

 

Then, from the 3 panel choices, click on the middle one marked CUSTOM

( IF you see a summary white screen with a green check, click on the Close X spot on the right side so you get to that out of the way & then click Scan button on the left & then Custom scan on the middle selected .)

 

 

Then click on Configure Scan button

 

be sure the Scan for rootkit on left is ticked

 

Be sure to click on the box marked C on the right.

You want to scan the whole C drive.

 

Then click Scan Now button.

 

Then see what the result is.

 

Link to post
Share on other sites

Alright I went ahead and did that scan and the results are attached it came back with nothing bad. 

 

However, I was reading a Bleepingcomputer news article that was just posted and it says that there is a new malware/backdoor that has been found that takes a lot of your Discord information etc. and it says one of the programs causing this is Synapse X.exe which I used to have. https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/ If that changes anything, is there anyway to check my computer to make sure there are no traces of that program left and that it isn't effecting my discord?

 

Thank you!

cscan.txt

Link to post
Share on other sites

This custom scan result from Malwarebytes is perfect.   No malware  /  no P U P

There was a prior Malwarebytes threat scan that also found no malware.  And the Webroot scan also reported no virus.

I am convinced that you can relax.   There is no infection here.

 

As to the Synapse X,  just look on Windows' list of installed programs  & visually see if it is listed as installed.

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run command.
2. Type appwiz.cpl
and tap Enter.
The Programs and Features window will appear.

3. Look for  Synapse X

 IF found,  then click once to select it, then click the Uninstall button.

 

I will provide tips about staying secure before we close this case.

Link to post
Share on other sites

Yeah, I didn't find Synapse X there but I didn't really expect to since it isn't really a trusted program it is a cheating program that I used with friends to mess around a couple months back.

Also, before you close it do you know anything about why my Windows files show that they were last modified March 18th if I had formatted it after that date because of multiple viruses. Is it possible that Synapse X and a RAT that I had before are still there hidden in there because I got those viruses around that time when it says last modified however I formatted my computer after and it is still showing last modified in March. https://gyazo.com/f2bc25a5c363fb3cc1f23c272e627963

 

Thank you!

Link to post
Share on other sites

You truly need to discard this "suspicion"  that the machine has a infection.

Both Malwarebytes & Webroot have found NO trojan.   No infection.

Cant tell what type of files that you are looking at  for the dates.   My supposition is that most of those are from the Windows operating system,

You have told us you had reformatted the old system.   That would have wiped all of the drive.

To this point, there is NO basis for suspecting any sort of infection.

 

Let us just do one more special scan  & see what it says.

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Link to post
Share on other sites

DO do the ESET scan.  You and I need to see the result.   I do not expect that "viruses" or "trojans" will be found.

You say you "formatted the computer twice".   What did you use ?

and then, How did you install Windows ?

 

What I am saying to you IS....  that the screen grab you cited twice, are folders created by Windows.   Those are NOT to be used to judge or  suspect a trojan or any infection.   I need for you to cease  ( if I may use that term) to jump to having "non-fact-based suspicions".

We use scan tools of different sorts to judge whether a infection actually is present.

Lets do the ESET scan.

Thanks.

Link to post
Share on other sites

To format it I just did the format through windows Reset this PC in Update and Security I believe. Is there a better way to format? I was just worried about the windows files because they were modified in March which is when I downloaded the virus. And even after formatting it still says last modified in March. If that doesn’t matter though then that’s good thanks.

Ill do that ESET scan once I get on my computer thank you!

Link to post
Share on other sites

Alright, I went ahead and did that scan and got two results back however those results don't seem to be like viruses or anything bad. Also, is that full scan enough or should I do a custom scan and do all the drives? Since, this has nothing really do you think I am fine even after that Synapse X discord malware backdoor and the mods I got from mega.nz and the RAT I used to have? 

Also, one more question. I just got a new SSD (C Drive) a few weeks ago but for some reason it says in my C Drive that some files were modified in March but how could that be if I just got a new one?

 

Thank you!

eset.txt

Link to post
Share on other sites

Thanks for the ESET log.  It found and deleted 2 items that they classify as potentially unsafe application

This scan is enough, with the Eset.

 

I have been conveying to you:   The March dates on the folders that are MICROSOFT WINDOWS related, are ones who carry dates that are directly related to the Windows Operating system !!!

The dates on the Windows folders  ( those belonging to the Windows Operating system ) have March dates.,

Those dates are ones from the Windows 10  Build 1903  operating system that runs on this machine !   When you ran the RESET operation, the  Windows system folders would have those dates set by Microsoft Windows itself.
 

Those dates are NOT a basis for any suspicion of a booger or a infection.  Lets please put that to rest.

 

Also you may have had a rat as you put it.   That was in the past.  To this point, after running several scans, there is NO basis to "think"  there is a "infection".

.

Lets do one check with Microsoft System File Checker tool.

This procedure will use the Windows System File Checker tool  ( SFC ).

 

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is

To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )

When prompted, click on the YES button  to let it go ahead and run.

 

On that command prompt,  Copy & Paste this command

sfc /scannow

 

Have patience.  Let it run to completion.

Thanks.

 

NOTE:   Please do NOT be seeking random type ideas from other forums.   How is it that you accidentally downloaded CKscanner ??

Please do not do things on your own.

It happens that CKscanner is  known special tool.  It is not a bad tool.   But you should delete it.

 

Please let us not go off on tangents.

Link to post
Share on other sites

When I did the Windows key + X Command Prompt wasn't there so I just searched command prompt and ran it as administrator if that works here are the results.f8414bf642373cbda3c74de3b2cef0e1.png
https://gyazo.com/f8414bf642373cbda3c74de3b2cef0e1

 

Also, I didn't mean to install that CKScanner I was just browsing some other peoples posts on a different site and it said go here to download CKScanner and so I clicked it to see what website it was because I hadn't heard of it but it was an automatic download. I did go ahead and remove it but hopefully it doesn't contain anything bad or any viruses/malware that would make everything we have done so far invalid.

 

Thank you! :)

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.