DaBoss236 Posted June 14, 2020 ID:1387863 Share Posted June 14, 2020 here's the logs you need. i have no idea where i got the RAT from since i didn't download anything sketchy. I did a full system reset with settings to try and get rid of it but apparently they can survive those so i want to get rid of all rootkits/ rats/ hidden malware in my pc. thank you in advance! Addition.txt FRST.txt malwarebytes log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 14, 2020 ID:1387870 Share Posted June 14, 2020 Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your reply. Thank you, Sincerely. Link to post Share on other sites More sharing options...
DaBoss236 Posted June 14, 2020 Author ID:1387916 Share Posted June 14, 2020 here you go! you can just call me by my username. thank you for what you do. msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 14, 2020 ID:1387922 Share Posted June 14, 2020 Hi Daboss. Thanks for the Safety Scanner run log. That result is good. . Run a scan with Malwarebytes. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the SECURITY tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Click it to get it ON if it does not show a blue-color Now click the small X to get back to the main menu window. Click the SCAN button. Select a Threat Scan ( which should be the default). When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Be sure all items were removed. Let it remove what it has detected ( if anything). Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 . Link to post Share on other sites More sharing options...
DaBoss236 Posted June 14, 2020 Author ID:1387930 Share Posted June 14, 2020 there you go! thank you very much for helping me. malwarebytes log 2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 14, 2020 ID:1387933 Share Posted June 14, 2020 This report is all good. Lets do a one-time run with a different , special tool. Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. Link to post Share on other sites More sharing options...
DaBoss236 Posted June 15, 2020 Author ID:1387943 Share Posted June 15, 2020 here's the log! thank you mbar-log-2020-06-14 (20-10-00).txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2020 ID:1387944 Share Posted June 15, 2020 This scan by the MBAR tool is also very excellent. So far, no malware found. I would suggest that you do a scan with a scan tool from ESET to just only scan the C drive. Please be aware this can take several hours. I would suggest a free scan with the ESET Online Scanner Go to https://www.eset.com/us/home/online-scanner/ Look on the right side of the page. Click Scan Now It will start a download of "esetonlinescanner_enu.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Custom scan ( the choice on far-right side) We want just the C drive to be scanned. In the display "Select custom scan targets" keep the top 3 lines ticked, plus the one for the C drive ( which should be your Windows drive) UN-tick the other drives ( D, E, F, etc...) Then click on the blue button "Save and continue" Leave as is the radio selection "Disable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. Look for it on the bottom left, in blue. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. The goal here is to see if there are suspicious or actual threats on the C drive. Link to post Share on other sites More sharing options...
DaBoss236 Posted June 15, 2020 Author ID:1387948 Share Posted June 15, 2020 here's the log! thanks again. it said no detections so i hope my pc is clean. eset log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2020 ID:1387954 Share Posted June 15, 2020 Hi. This too is a very very good result. I do not believe there is actual malicious malware here. That said, I would like you to do one check for adwares. I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Thanks. Keep me advised. Link to post Share on other sites More sharing options...
DaBoss236 Posted June 15, 2020 Author ID:1388028 Share Posted June 15, 2020 here's the log. there were some hp preinstalled stuff and they slowed down my pc anyway so i got rid of the ones i didn't need. adware log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2020 ID:1388035 Share Posted June 15, 2020 Thanks for the Adwcleaner report. Other than the pre-installed HP applets .....there was no actual adware, I believe this HP pc has no malware. Is there anything else that you need ? SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
DaBoss236 Posted June 15, 2020 Author ID:1388042 Share Posted June 15, 2020 here it is! thank you for what you do you are amazing. security scan log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2020 ID:1388077 Share Posted June 15, 2020 (edited) The check report indicates that you ought to look for a Nvidia driver update. NVIDIA GeForce Experience 3.17.0.126 v.3.17.0.126 Warning! Download Update We can wrap up this case. What follows is a cleanup on the tools used. To remove the FRST64 tool & its work files, do this. Go to your Desktop. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete SecurityCheck.exe Delete msert.exe Delete the ESET download esetonlinescanner_enu.exe Delete MBAR.exe Delete the folder \mbar , Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/ It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. Do a Windows Update. Make certain that Automatic Updates is enabled.https://support.microsoft.com/en-us/help/12373/windows-update-faq Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" Keep in mind that you can still Upgrade for free to Windows 10 from Microsoft. That would get this machine onto a more modern and more secure Operating System, At zero cost. Ed Bott at ZDNet has a excellent resource article from May 2020 https://www.zdnet.com/article/hands-on-with-windows-10-upgrading-installing-and-activating-in-the-real-world/ Stay safe. I wish you all the best. 😎 Sincerely, Maurice Edited June 15, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2020 ID:1388078 Share Posted June 15, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts