Jump to content

Had a trojan yesterday, unsure if I successfully got rid of it


Recommended Posts

Hello!

First off I want to thank you for reading this and also for participating in this community. The work you do is priceless, and I really appreciate it off the bat.

ANYWAYS--yesterday, a dodgy install unfortunately put a bunch of trojans and adware on my laptop. I didn't actually experience any negative side effects, because I noticed right away when the installer began installing a bunch of things like MaskVPN, etc... even though I specifically chose not to. Unfortunately, I did not pull my laptop from the wifi in my panic. What I did do, however, was immediately uninstall all unknown programs, delete odd files (including temp :( ) + services, run Malwarebytes and a slew of other programs: rkill, tdsskiller, Hitman Pro, ESET, Adwcleaner, RogueKiller, Windows Malicious Software Removal. I ran all of these until they came back clean for the rest of the night, and each one did indeed pick up little bits and pieces the others missed. It seems like no rootkits were detected but I'm particularly concerned because Malwarebytes indicates a backdoor file(?) 

That was around 8pm last night. This morning, I woke up to a text from Paypal asking if I wanted to spend $800 (obviously I said no and Paypal locked my account, then I proceeded to change all my passwords-email, banks, ebay, amazon, etc...- despite never having used this laptop for any sort of banking) I also woke up to an alert from Malwarebytes that at 2:55 AM a Trojan.Malpack.VB was detected named "BVZ.exe" (which, off the first result on google, appears to open a backdoor). This gave me pause, because all of the scans showed clean all the way until 10pm last night. I quarantined it and multiple scans from different programs have said it's clean, but I'm unsure. I've seen a lot of posts saying with backdoors, it's best to just do a complete reinstall. I wanted to ask here before I did that, though, as I also have a couple questions about reinstalling Windows.

Anyways, I've attached the logs asked for in the stickied post. I will attach the original scan (Original) from Malwarebytes that contains the first few trojans, and also the second one with just one (BVE). There's a lot of PUPs, but it looks like they're a result of something going on with Google which I know has an existing fix. I just don't want to log into my google with my new password yet on here.

Let me know if you need anything else, thanks!

Addition.txt FRST.txt BVE.txt Original.txt

Link to post
Share on other sites

Quick update: because there were backdoor programs reported I’ve decided that I will most likely simply reinstall windows and delete all partitions, if anything just for some peace of mind.

Regardless, I’ve only had this laptop for ~3 months and there is absolutely nothing of importance on here so it should be pretty straightforward. I will be reinstalling all programs fresh as well, rather than backing them up.

Are there any steps I need to take/suggestions after reinstalling besides running scans again?

 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

As far as I can see there is only one compromised files on your computer.
It's : C:\Windows\system32\ApsInsMonSvc.exe

This fix will send the file to VirusTotal for a can.
The result will be posted in the Fixlog.txt

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
Is Chrome Sync with other devices?

fixlist.txt

Link to post
Share on other sites

Hello nasdaq!

I ran FRST and this is the fixlog. Let me know if I should do anything further. I am not sure how to tell if the problem persists or not, since there are no noticeable effects (besides someone attemping a gmail account recovery yesterday).

Currently Chrome is not synced with other devices since I have changed all my passwords and have not logged back in. I believe that it was on previously, though.

Thank you!

Fixlog.txt

Link to post
Share on other sites

Hey nasdaq,

Thank you for the hard work you do! Unfortunately, I have an exam coming up tomorrow morning and did not feel secure putting a potentially compromised PC back onto wifi. Considering I had next to nothing on this PC, I simply went ahead and did a clean reinstall of Windows.

Before I reinstalled and reformatted, I did run one final Malwarebytes scan (although not of FRST). I will say that I noticed ApsInsMonSvc.exe running in Services still, and it was also in the system32 file as well after the fix so it looks like I might still have been compromised? 

I've attached the last scan I performed before reinstalling (Final) as well as a FRST & Malwarebytes (Clean) scan from my new reinstall just to be sure. I'm fairly certain this wouldn't have survived the reinstall (and ApsInsMonSvc.exe is indeed gone) but it doesn't hurt to check!

Thank you so much again. The work you do is priceless.

Clean.txt Final.txt Addition.txt FRST.txt

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.