Jump to content

Infected with a trojan.


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi,   I want to insure that we both keep in sync as to the current status.   I had provided a custom script to be used thru a FRST Fix.

Where exactly do we stand on that ?

I have hidden your post that you said to scratch.

Link to post
Share on other sites

My advice is to go forward,  without rush,  but with faith in what you are doing.

Look on the Downloads folder.   There is where the FRST64.exe   is saved ( from before).

The FIXLIST.txt  should be saved to the same folder,  in order for the custom fix to work.    Did you save the FIXLIST  fie there ?

That is what I need to know  & have a confirmation from you.    We then want to do  is a FIX run  especially listed in bullet item # 2   on ths post that I had made before

https://forums.malwarebytes.com/topic/264519-infected-with-a-trojan/?do=findComment&comment=1412234

 

IF and only IF it does not go thru,  we just may need to turn OFF the antivirus  app .

Link to post
Share on other sites
On 10/11/2020 at 2:10 PM, WilliamWilliam said:

Top of the morning to you, Maurice.

Fixlist.txt is in the same folder as FRST64.

* No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located. (FRST) *

No sure what happened or what I did different here.

Maurice, Everything is where it was. The downloads, etcetera. Should I perhaps reinstall FRST64?

Billy

Link to post
Share on other sites

So, the FIXLIST.txt  is there + we know that the tool is there from before.   No, do not do any re-download for FRST64

 

The tool named FRST64 .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Link to post
Share on other sites

You can send me a personal message  & attach the log (s).

As far as what you posted before, all I can do is request  @AdvancedSetup   to see what he may do.   I cant remove any of your prior posted files.

Please also understand those reports do not have any personal information.  They do not have your name, nor your addreess, or any actual content of files.

Note:  I do not know what you mean by 

Quote

 I have noticed more suspicious activity on my PC

Specificity counts a lot.   also, this is a malware removal help forum.  We use security tools to locate malware if it is around.

Did you manage to do the FIX run with the FRST64  ?   ?

  • Like 1
Link to post
Share on other sites

Good morning.    

Billy,  I got the FRST reports generated on 14 October.   Here's the sticking point.   I was not looking for a "scan" run.

I was urging a specific procedure & set of steps to do a   FIX .    Please take new looks at all my recent prior posts.   Where is it that we diverge ?   ?

Where is it that I need to re-clarify ?

I am re-attaching here the FIXLIST.txt   which must be saved on the DOWNLOADS folder  ( saved as is ) before you do the FIX run.

The file is with this reply.

The procedure to run the FIX run  was re-posted at this reply 

https://forums.malwarebytes.com/topic/264519-infected-with-a-trojan/?do=findComment&comment=1414143

 

Fixlist.txt

Link to post
Share on other sites

Good morning, Maurice.

From my difficulty getting it to work before, I got confused between scan and fix somehow. This computer is really getting me frustrated and impatient. I was thinking of getting an external hard drive and backing up everything on it then do a wipe of the drive here. Next time, I will invest in backing up every few days so I can do just that.

It is doing the fix at the moment. Thanks, again.

Billy

Link to post
Share on other sites

Thanks for the Fixlog.

The Ipconfig file that was in appdata has been removed.   However, Virustotal did not have any of its detection engines find any detection of it as malware.  That is to say none of its multiple engines found it to be a threat.

The Windows System File checker ( SFC ) was run to check Windows system files. Its Windows Resource Protection found corrupt files and successfully repaired them.

The Windows 10 DISM tool found no issues.   That is a good thing.

Question to you at ths point:   How is the situation at this point vis-a-vis the original issue ?

 

  • Thanks 1
Link to post
Share on other sites
  • Solution

Very good,   :thumbup2:      :bounce:

I am very pleased to have helped you.

Now we can cleanup on the tools I had you use,  and after that, a few other safety & best practices tips to stay safe.

.

Delete   msert.exe

Delete the ESET download file    esetonlinescanner.exe

To remove the FRST64  tool & its work files, do this.  Go to your  Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup proceed.

 

Any other file I had you download, you may delete.

 

Here are tips on keeping your web browsers safer.   Make time  and read all of this.     apply the tips.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

.

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Don't remove ( or change )  your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

All my best to you.     😎

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.