Jump to content
TheWatcher

Rat or key-logger malware

Recommended Posts

I have reason to believe there is some sort of rat malware on my PC.

I believe this because of some common symptoms associated with rat malware. 

  • random mouse movements.
  • random key clicks.
  • strange processes.
  • slow internet speed at times. 

Addition.txt FRST.txt ThreatScan.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You logs are clean of malware.

This fix will enable your System Restore which is disabled.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
The random mouse movements and random key clicks may be a sign that the mouse is possibly going bad.
Check it out.

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi,

Were you able to fix your mouse or even try an other one?

Are all the symptoms still persisting?

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Share this post


Link to post
Share on other sites

Hi,

This extension is normally good and does not create any problems.

CHR Extension: (Honey) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj

Just to make sure disable it in the Chrome Extension settings.

You can restore it at any time.

---

As for the  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-3772730712-2390982557-1196060190-1004\Software\Cain 
This is just a remnat registry key. It's not causing any problems.

===

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Let me know if you did anything about the mouse issue.


 

Share this post


Link to post
Share on other sites

sophos takes incredibly long to scan. Can we move to the next step?

I reinstalled mouse drivers but I am still suspicious of hidden malware.

Share this post


Link to post
Share on other sites

Hi,

On a slow computer I can understand.

 

 

Check the integrity of the operating system files.
Follow all the instructions on this page.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

 

 

 


Share this post


Link to post
Share on other sites

I will do the system integrity scan when I get home but is sophos supposed to be fast? I have a very fast computer do I dont understand why it is taking so long to scan. 

Share this post


Link to post
Share on other sites

Hi.

In your first post you said "slow internet speed at times."

The scan uses the internet.

 

Forget about the scan for now. Do the System Check.

 

 

Share this post


Link to post
Share on other sites

sfc /scannow Gets stuck at 70% and I am getting the error "Windows Resource Protection could not perform the requested operation".

I've tried safe mode, chkdsk, and Changing Security Descriptors. Nothing has helped. 

Ill continue to try and get this working but this probably means there is some corruption in windows right?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.