Jump to content
Codeit

Possible Trojan from web surfing

Recommended Posts

So i was seraching some pages wink wink and the next day my laptop started to heat up a lot (no it isnt something like dirt in the fans or my device is old i think) my pc is a gaming one asus and i got it recently  not more than 2 years ,

so i checked the task manager and found a really suspicious one Online Aplication Updater so i inmediatly end it and the heat went off to a normal point but it relaunch itself every twice a day and my antivirus (Bitdefen) and it blocke a connection made by this app to a web calle diedvirgin or something so i manually disinstalled it i scanned my device and it came out clean but the heat was still there it didnt heat up that much but once apps like google make my device heat as i was playing a heavy game of some kind so i checked task manager didnt found any suspicious program so search for help to malwarebytes and it came with 50 malware like trojan and adwares and 70 pup so i put all off them   9 on quarantine and restarted my device but the device restarted slow and when i tried opening malware bytes or        10 anything the text wouldnt appear so with some visual help (images) i put all of them out of quarantine and put again programs that malwarebytes detected as adwares or trojans but left all the pup except the ones that had the online aplication updater  or jet media but since i got this infection my device will be hot because just doing things i used to do like see videos make my pc go quite hot and i dont know if zoom that program for clases should heat up that much my pc for open google while zoom is running  but it does and only leaving it there for some minutes will make it cool down but in a few moments it will heat up a bit again so i think is probable that one of the 60 pup that are left is causing this and i hope its like this and is not a problem hardware but the thing is one of this is a vital part of windows or something because if  put  all of them it happends the same as lines 9 and 10

so could someone pls help me i want my old good laptop and play my games without out being able to fry eggs on my device . 

pd

i can upload the report of malware bytes i think

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Click the Send button.

Please attach the logs for my review.

Wait for further instructions
====

p.s.
Please attach also the Malwarebytes logs.
Instructions above.

Share this post


Link to post
Share on other sites

second report.txtfirst report.txt

here are the logs of malwarebytes

but the exe you told me to download isnt executing, i double click it and nothing happends i dont know why so do i download it again or try other tool? maybe its just taking its time but some minutes have already passed.

Nasdaq thanks for helping me and thanks for your quick answer its good to know someone is helping me .

bye

Share this post


Link to post
Share on other sites

or could you send a video or something to see how to run it?

 

Share this post


Link to post
Share on other sites

Hi.

It's possible that Windows Defender or an other Security program is objecting to the Farbar program and the file is Quarantined.

Do not worry the program is safe.

Check the quarantined  folder of your security program.

If the Farbar program is present restore it.

If you have any difficulties in searching the quarantine folder let me know if it's in Windows Defender or an other program.

 

Share this post


Link to post
Share on other sites

i checked on bitdefender and malwarebytes none of them have it on quarantine , the file is on the desktop

image.png.490d9453bcc9d89dc77db898eb6d2a38.png

but when i double click it and seems to be executing but some time passes and nothing happends 

 

Share this post


Link to post
Share on other sites

hello 

could you send me a video or some images for help i think this exe needs to be executed on cmd or something or maybe other way

Share this post


Link to post
Share on other sites

hi,

Right click on the file and run it as an Administrator.

Can you attach the logs?

Share this post


Link to post
Share on other sites

it doesnt run and it doesnt create any files , i run it as administrator and nothing happends only on the mouse icon the blue circle appears and nothing else

Share this post


Link to post
Share on other sites

malware bytes just run an automatic scan so i turned rootkits and he found some hacker tools or things so i need this malware out in less than a week so what do i do

Share this post


Link to post
Share on other sites

nasdaq is think i have a hacker theres a file called kms auto and other called regid.1991-06.com . microsoft pls help i think they found a way to block farbar or something pls help 

 

Share this post


Link to post
Share on other sites

Hi,

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

 

Try to execute the Farbar program is Safe Mode.

Post the logs if available.

 

Share this post


Link to post
Share on other sites

hi but last time when malwarebytes found some pup some of them werent and if i would have remove them my windows will not be working

 

Share this post


Link to post
Share on other sites

hi but last time when malwarebytes found some pup some of them werent and if i would have remove them my windows will not be working but anyways so i downlaod rogue killer and then scan my device give you the logs and on farbar how i do that safe mode

 

 

Share this post


Link to post
Share on other sites

quick question if one of the windows files gets deleted and makes the system start failing like when nothing had any text i click on reset on windows config and keep my files so windows reinstalls ?

 

Share this post


Link to post
Share on other sites

hi here are the logs of rogue pls check them so i know what to delete 

roguekiller.txt

if you need me ill be able from now to 2:40 and then ill be checking sometimes

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

I saw your RogueKiller.

definitely delete these entries.
[Root.Wajam (Malicioso)] MjNkYWR (0) -- (technologiechavanac.com) \??\C:\Windows\system32\drivers\MjNkYWR -> Encontrado
[Root.Wajam (Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MjNkYWR -- (technologiechavanac.com) C:\Windows\System32\drivers\MjNkYWR -> Encontrado

If an important file is removed it can be restored.

Quarantine or restore items with Malwarebytes for Windows v4
https://support.malwarebytes.com/hc/en-us/articles/360038479214-Quarantine-or-restore-items-with-Malwarebytes-for-Windows-v4

If I submit a fix with a Fixlist.txt a Restore point will be created.
You will be able to restore the system.

If there are files that you have created or that you wish to keep from your logs let us know.

---

You may still not be out of your problems.

Run Farbar in Normal mode if you can, do it in Safe mode if you have to and post the logs.

That is the only way I will be able to clean your system.

Edited by nasdaq

Share this post


Link to post
Share on other sites

ok it seems one of those files was blocking farbAddition.txtar but here is FRST.txt

well holy mackarel the broke my message but there they are addition and frst

Share this post


Link to post
Share on other sites

a message mm it seems imm gonna go a little bit early ill be back in 20 min but then ill be checking the post 

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

I'l be back tomorrow morning.

 

fixlist.txt

Share this post


Link to post
Share on other sites

Fixlog.txtok if you read the gmail i was able to sign in and start the device but i need help with some things i just start my device and open google for writing this post but it started the fan and heat up but it stoped but i was scared about the problem with the startup and bitdefender being offline and firewall didnt turned on but still it heated up a little and pls tell if there is  a problem with shuting down the device when it was restarting (more info on the gmail) but i dont know ill use it tomorow and ill tell you if there is something wrong but a question from my dad : If you reset the device will all the drivers like nvidia will be there? (is an old pc and he wants to reset it so it isnt that slow or change it for a new one , and yes it has nvidia i was surprised too because it doesnt load games that good)well cya tomorow ,well today if you read this tomorow 

Share this post


Link to post
Share on other sites
Posted (edited)

 

Quote


I'm posting them here for easy reference.

El lunes, 30 de marzo de 2020, The WHY <codeit000000@gmail.com> escribió:

Hope you are nasdaq , so when the device was restarting but i forgot to plug the device so it shut down i started again and it was slow and bitdefender lost conection or couldnt conect and neither the firewall maybe something didnt install well i think but no the device isnt loading so im gona try to start it and send you the files you told me to and i might recover some of those files but i dont know how to sign in to malwarebytes post so im in a problem if i dont find the way to get in ill create a new post ill called nasdaq help so you can find it i hope you read this

El lunes, 30 de marzo de 2020, The WHY <codeit000000@gmail.com> escribió:

hi nasdaq 
well i hope is you im here to tell you that i already runned the rogue scan and found some files and registers that i need help on what to delete and what not because i dont want to get a windows file deleted by error and not being able to get it back so help.pls and i want to tell you that i runned a rootkit malwarebytes scan and found kmsauto it is on quarantine i think but some archives are still there 2 files on a folder called TAPI1 and TAPI2 (one in each) and another file was reimage repair that i googled and found out is a anti malware i think but i didnt installed so i think it could be an impostor for anything you need to tell me go to the post
And with nothing more to tell i say bye 
Bye

Please keep these message in this topic.
If I need to review them is't easier.

Let take care of Chrome.

I d not see Chrome running as as process in your log.
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://www.google.com/search?q=chrome+export+password&oq=chrome+export+password&aqs=chrome..69i57j69i60l2.7991j0j7&sourceid=chrome&ie=UTF-8

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

Malwarebytes quarantine folder.
Files in that folder are not doing anything bad.
However I delete them all unless I know it's good.
In your case I would remove the  kmsauto

Also these folders called TAPI1 and TAPI2

and the  file was reimage repair

Restart the computer when done.
===

As I said before keep the messages on this topic. I check the one or twice a day.

Let me know now what problem you are having with this computer. 

p.s.

If any major problem please run the Farbar program and attach fresh logs for my review.

Edited by nasdaq

Share this post


Link to post
Share on other sites

i dont find kms anymore if it didnt got deleted i think is somewhere else and the reimage repair i just delete it ? i know its a tool for scans and stuff but i didnt download it and malwarebytes did an auto scan and found 56 pup and a malware but is on roguekilller quarantines .

ill be writing in a minute or 20 maybe

Share this post


Link to post
Share on other sites

well i dont know if this suposed to happend but i think on the processor or other component it gets warm and the ventilation too and i dont know if zoom is suposed to heat the device because is actually made ,i think, to use less resources but for now is just that ill tell you more

 

Share this post


Link to post
Share on other sites

Well Zoom may be compromised.

Delete it and you can reinstall it at a later date when all is well.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.