Jump to content
rizpeep

Backdoor:MSIL/Bladabindi.AJ in powershell.exe

Recommended Posts

Hello, today after I updated my Windows 10, I received a notification that windows defender antivirus found a virus and asked me to restart my device. I have restarted my device multiple times yet the notification won't go away. I've done an offline scan and a full scan yet it still won't go away. Would be great if anyone can help.?

Share this post


Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

You have mentioned      Backdoor:MSIL/Bladabindi.AJ

 

This is some information about that at Microsoft.

https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=Backdoor:MSIL/Bladabindi.AJ

 

For the time being, I would advise to do no banking with this system.  No shopping, no online use of credit cards until the case is closed.

NOTE:

The Windows 10 System Restore service shows as Disabled.   It will need to be manually turned on later.

I am listing 2 things to do, below,  I would like for you to do all of it.  Do the first and then immediately do the second.

 

[   1   ]

This custom script is for Rizpeep  only.

Close and save any open work files before starting this procedure.  I am sending a  custom fix script to do some cleanups.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRST64.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply when you are all done.

 

 

[   2   ]

Thank you for the FRST reports.  It would be a very big help to have some added detail as to what Windows Defender found / tagged / possibly removed.

Things like filename, folder location, etc.

This is the way to look at the Windows Defender scan history.

 

Go to the Windows Start menu.  Click on the Settings icon.

Now click on Update & Security.   Then click on Open Windows Security.

·  Click the Virus & threat protection tile     and then the Protection  history label  ( in blue color)

The Protection history will have a list of recent events.   See about drilling down to get more detail.

 

.

Also, see if you could do a FULL scan with Windows Defender.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.    Pick FULL scan.   Have patience and allow it all the time it needs.

Provide as much detail that is meaningful about the results.

Thank you.

Fixlist.txt

Share this post


Link to post
Share on other sites

Hello.  How is it going ?  Are you still with us ?

Did you do the custom script fix that I relayed ?

Share this post


Link to post
Share on other sites

Hello.   I am glad to know things are well.  I will go ahead and close this case.

You should delete the FIXLIST.txt file that I had you save.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

All the best to you.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.