Jump to content
jchau067

Repeated "RTP Detection Trojan" on .NET Framework (Continued)

Recommended Posts

Hi there,

I've been instructed from a forum expert to run the recommended MBAM scans and the Farbar scans. I've attached the three text files in this thread. I will copy and paste the previous forum thread for context of my issue:

I'm hoping someone could provide some insight or assistance as to what I've been infected with and how to deal with it. Several days ago I've noticed that my Windows Security started to get some pings regarding Occamy and Unwaders detections. I've done several scans with Windows Security and its done its best to remove other instances of the aforementioned detections. At this point I've performed the following:

  • Multiple Windows Security quick scans
  • Windows Security Offline Scan
  • Two deep scans in MBAM with rootkit detection enabled

But I haven't found any crazy hits or anything. Everything that's popped up as getting quarantined and removed for each detection from Windows Security and MBAM.

My current situation right now is that Windows Security hasn't been getting anything crazy and a bit less after performing the offline scan, but MBAM is detecting an outbound trojan of some kind every minute to two minutes (see attached images). It seems to be targeted on .net framework.

I would appreciate any help than can be given,

Johnny

image.png.c3c568360862e9c63dd40ad785ec964b.pngimage.png.d6c12ad2e8a71d954a05a21dc682d498.png

FRST.txt Addition.txt MBAM Scan.txt

Share this post


Link to post
Share on other sites

I just wanted to make a quick update, I'm not sure the first set of FRST files I posted were run in admin mode, so the following two files were generated with FRST running in admin mode

 

FRSTadmin.txt Additionadmin.txt

Share this post


Link to post
Share on other sites

Hello @jchau067

APSDaemon.exe (otherwise known as Apple Push) is the service that wirelessly syncs your device. Is running on your computer which is okay, but its from 2013 if you really want or need this software I'd recommend you remove this old one and update to a newer version

Are you still using the Magix software?
HKU\S-1-5-21-629143106-1228852777-3627938079-1001\...\Run: [QMxNetworkSync] => [X]

 

Your computer appears to have this error in the Event Logs over and over. This link may be able to help you correct that.

Fix Tilerepository error
https://answers.microsoft.com/en-us/windows/forum/all/event-viewer-erro-esent-455-since-update-1903/624a2548-06e5-47f4-bb99-76d6412895a0

 

 

Please follow the directions from the following webpage and delete your current System Restore Points. Then when done, create a New System Restore Point

How To Delete Restore Points In Windows 10
https://www.intowindows.com/how-to-delete-restore-points-in-windows-10/

 

 

Next, Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Share this post


Link to post
Share on other sites

Difficult to say why but glad that all is working well again now and the logs look good too.

Windows Resource Protection found corrupt files and successfully repaired them.


Is there anything else we can do to assist you further?

 

Share this post


Link to post
Share on other sites

Hi there,

Sorry to say but the issue appears to have come up again and Malwarebytes is continually getting detections for the doddyfire outbound. Are there any additional steps I could try, short of reinstalling Windows?

Share this post


Link to post
Share on other sites

Did you delete all your System Restore Points?

Try turning OFF System Restore. Restart the computer.

Then go back to System Restore and don't turn it on yet, just click the Delete button again.

 

image.png

 

Then restart the computer one more time. Then turn System Restore back on again.

 

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.