Jump to content

Recommended Posts

Now this happened about 3 months ago I have long before reset my PC to windows 10 by now but for some mysterious reason my ABV.bg email has been repeatedly getting hacked every time! even tho last time I changed my password to be unique combination of 30 symbols and letters including the secret question and answer. Its still getting mysteriously hacked and at this point its obvious the information is being leaked from my PC so the trojan/keylogger/hijacker or whatever has not been removed even tho I did repeated Malwarebytes scans and I even scanned with Bitdefender in boot environment still no such luck! Yesterday I saw about total of 74 SVHOST.exe processes in my task manager and I don't wanna say all of them are viruses but I doubt windows needs that many processes to run! So something is definitely up here! As for the virus I had in February that hijacked my browser immediately after I found my email hacked I checked my Temp folder and what do i find multitude of unknown files scattered on about I put them all in a 7zip archieve in case I need them to be give them to a professional for analyzing etc! The hacker had even hijacked my wifi (I even found some chinese characters within the wifi app pointing at some access point in some chinese province) I am pretty sure so at this point I am not even sure if its DNS hijack or browser hijack...or whatever hijack the trojan just keeps appearing and this time he seems to be not leaving any files on HDD so I am not sure if its using fake windows processes or services I need to get rid of the malicious files before trying another clean system install... The FRST.zip logs I have provided are from Safe mode scan today in Windows 10 I included some older ones too from previous months!

FRST.zip temp folder viruses package.7z FRST 09th-05 Logs.zip FRST 27th-04 Logs.zip

Share this post


Link to post
Share on other sites

Hello @Eneitilyn

Let's just see what we can find currently on the system.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Share this post


Link to post
Share on other sites

Okay I got them I also did couple extra scans with other tools namely Kaspersky virus removal tool and Eset online scanner! And something called Security Check? After making this thread Kaspersky found nothing and Eset found 19 threats that were left over from my previous Windows 7 system before 2020...I had some Malwarebytes files left over before opening this thread that were impossible to delete for some reason because they were locked and "used" by my display drivers/audio drivers etc. I am not sure but I am suspicious it was a impostor program that looked like Malwarebytes! Same thing happened when I installed Bitdefender Total Security(Trial version) too! I installed the program and the next restart it was asking me to install the Bitdefender Free Antivirus version as a "update" then I checked my Task Manager and I found a program that was auto-starting that is literally called "program" sadly I could not discern where it is located in my hard drive because i could not disable it from auto-starting nor could I open its location from task manager so I could not include it in the "virus package" archieve in my previous post but it got removed after I reset/reinstall my PC OS from previous month! I think the only way I could have found it is through the registry but I am not knowledgeable enough to do that manually the problem right now is this time there is nothing else like that in my system (at least I hope so) and my ABV emails are still getting hacked! There is 2 weird things I am concerned about in task manager there is these two programs one is left over from uninstalling Bitdefender today called "Setuplauncher" I checked its location it no longer exists after I restarted from the AdwCleaner app and copy of "Discord" and that program I had manually deleted it after I found it in C:\ProgramData\SquirrelMachineInstalls\ a while ago!

tskmgr.png

FRST.txt Addition.txt AdwCleaner[C02].txt MB Log.txt SecurityCheck.txt

Share this post


Link to post
Share on other sites

Not sure why you're trying to run this out of this folder

Controlled Folder Access blocked D:\DOWNLOADS\SumFolder\mbar\mbar.exe from making changes to memory.
Detection time: 2020-05-23T14:26:43.055Z

You also have some possible hardware issues

System errors:
=============
Error: (05/24/2020 02:11:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Push Notifications System Service service terminated with the following error:
The class is configured to run as a security id different from the caller

Error: (05/24/2020 02:11:10 PM) (Source: TPM) (EventID: 27) (User: NT AUTHORITY)
Description: The initializatio

 

This may or may not help correct any of those issues but let's try

fixlist.txt

Thanks

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.