Jump to content

Possible infection


Dkpits

Recommended Posts

I was trying to trouble shoot my son's hard drive (by removing it from his system and using it as an external drive)  and I think my computer may not be infected.

I ran malawarebytes this morning and this was the resulting scan.

I also did a boot scan with Windows Defender and it mentioned finding a Trojan:win32/Wacatac?

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 2/16/20

Scan Time: 6:54 AM

Log File: 07ed3f40-50b3-11ea-9adb-708bcd547426.json

 

-Software Information-

Version: 4.0.4.49

Components Version: 1.0.823

Update Package Version: 1.0.19288

License: Free

 

-System Information-

OS: Windows 10 (Build 17763.1039)

CPU: x64

File System: NTFS

User: DESKTOP-3JLP5K5\User

 

-Scan Summary-

Scan Type: Custom Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 1170530

Threats Detected: 29

Threats Quarantined: 29

Time Elapsed: 3 hr, 7 min, 36 sec

 

-Scan Options-

Memory: Disabled

Startup: Disabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 5

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\INTERFACE\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\INTERFACE\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 15

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\1gmsrh4b.ii1, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\1tekbaji.avp, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\25idjk2l.1pt, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\343ofr1n.zra, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\atgevhal.pmh, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\b3me3roi.ayj, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\hr1zlx4p.lod, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\hunjcofw.kgb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\ojh2i0g4.2tw, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\pzq15nie.1eb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\x0ssyvwy.sjs, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\xwpvva2l.r40, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\y0prfja5.5tb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator, Quarantined, 1086, 728595, 1.0.19288, , ame,

 

File: 9

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNSTUB.EXE, Quarantined, 1, 699661, 1.0.19288, , ame,

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNTOOLBARINSTALLER.EXE, Quarantined, 1, 383618, 1.0.19288, , ame,

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNIC.DLL, Quarantined, 1, 699662, 1.0.19288, , ame,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\partner.xml, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\settings.dat, Quarantined, 1086, 728595, , , ,

PUP.Optional.AuslogicsBoostSpeed, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\AVG\AVG10\PCTUNEUP\AXBROWSERS.DLL, Quarantined, 2839, 464521, 1.0.19288, , ame,

Backdoor.NetWiredRC, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\AVG\AVG10\PCTUNEUP\MICROSCANNERELEVATION.DLL, Quarantined, 3904, 712252, 1.0.19288, , ame,

PUP.Optional.Conduit, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\IRADIO.COM\TBIRA1.DLL, Quarantined, 199, 110946, 1.0.19288, , ame,

PUP.Optional.DriverUpdate, C:\PROGRAM FILES\SLIMWARE UTILITIES\SERVICES\DRIVERUPDATE.UPDATELAUNCHER.EXE, Quarantined, 2974, 533640, 1.0.19288, , ame,

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

 

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 2/16/20

Scan Time: 6:54 AM

Log File: 07ed3f40-50b3-11ea-9adb-708bcd547426.json

 

-Software Information-

Version: 4.0.4.49

Components Version: 1.0.823

Update Package Version: 1.0.19288

License: Free

 

-System Information-

OS: Windows 10 (Build 17763.1039)

CPU: x64

File System: NTFS

User: DESKTOP-3JLP5K5\User

 

-Scan Summary-

Scan Type: Custom Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 1170530

Threats Detected: 29

Threats Quarantined: 29

Time Elapsed: 3 hr, 7 min, 36 sec

 

-Scan Options-

Memory: Disabled

Startup: Disabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 5

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\INTERFACE\{9AEC63C2-831A-4134-8EB0-02C0B7B97620}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\INTERFACE\{C9276E23-AD64-404D-8D3C-1EBB1F965E40}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{31E87E80-E113-49FD-9789-A97E83CEA4F1}, Quarantined, 2974, 533640, , , ,

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 15

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\1gmsrh4b.ii1, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\1tekbaji.avp, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\25idjk2l.1pt, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\343ofr1n.zra, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\atgevhal.pmh, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\b3me3roi.ayj, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\hr1zlx4p.lod, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\hunjcofw.kgb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\ojh2i0g4.2tw, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\pzq15nie.1eb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\x0ssyvwy.sjs, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\xwpvva2l.r40, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers\y0prfja5.5tb, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\drivers, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator, Quarantined, 1086, 728595, 1.0.19288, , ame,

 

File: 9

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNSTUB.EXE, Quarantined, 1, 699661, 1.0.19288, , ame,

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNTOOLBARINSTALLER.EXE, Quarantined, 1, 383618, 1.0.19288, , ame,

PUP.Optional.ASK, C:\OLD DAVIDCORE-PC DRIVE DATA\C DRIVE\ADWCLEANER\QUARANTINE\FILES\XZKYXCCCULEBMPHHPDVRXSSAUMKQFJYH\APNIC.DLL, Quarantined, 1, 699662, 1.0.19288, , ame,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\partner.xml, Quarantined, 1086, 728595, , , ,

PUP.Optional.DriversFix, C:\Users\User\AppData\Roaming\Easeware\DriverNavigator\settings.dat, Quarantined, 1086, 728595, , , ,

PUP.Optional.AuslogicsBoostSpeed, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\AVG\AVG10\PCTUNEUP\AXBROWSERS.DLL, Quarantined, 2839, 464521, 1.0.19288, , ame,

Backdoor.NetWiredRC, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\AVG\AVG10\PCTUNEUP\MICROSCANNERELEVATION.DLL, Quarantined, 3904, 712252, 1.0.19288, , ame,

PUP.Optional.Conduit, C:\OLD DAVIDCORE-PC DRIVE DATA\D DRIVE\MY OLD 250GB DRIVE\PITS1 (250GB)\PROGRAM FILES\IRADIO.COM\TBIRA1.DLL, Quarantined, 199, 110946, 1.0.19288, , ame,

PUP.Optional.DriverUpdate, C:\PROGRAM FILES\SLIMWARE UTILITIES\SERVICES\DRIVERUPDATE.UPDATELAUNCHER.EXE, Quarantined, 2974, 533640, 1.0.19288, , ame,

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

I take it that those reports above are from YOUR pc.    ( that we are not dealing with some slaved disk drive !!  ).

Keep in mind that Microsoft Windows Defender has its own design set, with specific things / areas/ file types that it scans.

That Malwarebytes for Windows has its very own and unique design.

 

What was tagged by Malwarebytes are P U P  ….Potentially Unwanted Programs

That is not the same class as malicious malware that causes malicious damage.

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

Thanks for the report.  Kindly always attach report files with reply.   Just please do not Copy and paste into the main body of the posting on this forum.

The latter makes for very very long streams to go thru, as we have to do scrolling to get down to the last new posting on the case.

  • Please attach both logs to your reply if possible. 
  • To begin the upload  attachments please click the link as shown below  ( Choose files). Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

 

Now then,   Just please do a new Scan on this machine, using Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Have patience during the run.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Regards.

 

Edited by Maurice Naggar
Link to post
Share on other sites

Hi, Kim.   Thanks for the report.  That is excellent.   Yes, I believe this is a good indicator.

Let me suggest a different scan, which will not take a lot of time.

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

Best regards,

Maurice

Link to post
Share on other sites

Ok I have another question/concern...is it possible for a virus to destroy hardware? One day we came home and smelled burning plastic or something like when you first start your heater in the winter. We found it was our son’s computer. We thought power supply burned up. So we replaced it. It worked for an hour then died again. We thought bad power supply so we exchanged it and tried it again with similar results. The computer starts to boot and almost gets there but then restarts continuously. So we thought maybe virus on the hard drive. So we pulled the hard drive and connected to this computer. We started to run malwarebytes on the computer And suddenly thought bad idea because this computer might get infected and apparently it did. So we pulled it and out it on OLD laptop thinking what difference does it make on that laptop because we never use it anymore.  So we hooked it up and ran malwarebytes and let it run. It found the hard drive had Tr/atraps.gen2 and tr/crypt.xpack.gen3. The suddenly the c drive on the laptop had tr/crypt.xpack.gen 2.  Now it’s running hot and the fan sounds like it is in overdrive.  So back to my original question is it possible the virus has cause damage to the computer itself? 

Link to post
Share on other sites

Lets please remind you that hardware does not last forever.  Electro-mechanical parts can fail.   an example, is the power-supply.

If any part of your machine is HOT, please shut down the computer and disconnect the power.   Allos the mchine to return to normal temperature.

Over-heating is a serious , very serious situation.   The life of the system  is at risk.

and no, I never ecncountered a case where a infection cause a hardware to burn up.

Please get this hardware cooled down !!

 

and double check all vents around the computer case to be sure there is not gunk or dust-bunnies.

Just exactlt where is this hardware Disk now ??

 

There is no rush at this point here.  The biggest goal is to get the machine down to normal temperaturs.

What the MS Safety  Scanner has found is 1 adware  and a Windows Defender setting needing to be corrected.

 

Again, no, a virus is not causing the hardware issue or sounds.   It is just hardware over-heating.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.