AlexUK Posted November 20, 2020 ID:1422315 Share Posted November 20, 2020 Hello, Trojan.Multi.GenAutorunProc.a was detected by Kaspersky but it said Rootkit Scan cancelled 1 object not detected. I then ran a full scan with Kaspersky but nothing was found. I ran a scan with Malwarebytes and nothing was found. I am not sure if this malware was removed by the full scan. I would be grateful for help on how to check if the trojan is still there. Many thanks, Alex Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2020 ID:1422320 Share Posted November 20, 2020 Hello AlexUK and welcome to Malwarebytes, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
AlexUK Posted November 20, 2020 Author ID:1422326 Share Posted November 20, 2020 Hi Kevin, Thanks for your reply. I attach the FRST files. Kind regards, Alex FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2020 ID:1422332 Share Posted November 20, 2020 Hello Alex, Do not see any obvious Malware or Infection in those logs, lets try another scanner to double check.... Please download Malwarebytes Anti-Rootkit from here Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Thanks, Kevin... Link to post Share on other sites More sharing options...
AlexUK Posted November 20, 2020 Author ID:1422334 Share Posted November 20, 2020 Hi Kevin, Logs from Malwarebytes Anti-Rootkit attached. I think no cleanup required. Kind regards, Alex mbar-log-2020-11-20 (22-22-12).txt system-log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2020 ID:1422336 Share Posted November 20, 2020 Hello Alex, From produced logs your system is looking good, are you ok with the results...? Cheers, Kevin... Link to post Share on other sites More sharing options...
AlexUK Posted November 20, 2020 Author ID:1422337 Share Posted November 20, 2020 Hi Kevin, Yes, all looks to be OK. Thanks for your help. kind regards, Alex Link to post Share on other sites More sharing options...
Solution kevinf80 Posted November 20, 2020 Solution ID:1422338 Share Posted November 20, 2020 Hello Alex, Run the following to remove FRST and all produced files/folders... Right click on FRST here: C:\Users\HTPC\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
AlexUK Posted November 20, 2020 Author ID:1422342 Share Posted November 20, 2020 Hi Kevin, I have removed FRST. Can I delete mbar-1.10.3.1001.exe ? Alex Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2020 ID:1422344 Share Posted November 20, 2020 Hello Alex, Yes you can delete mbar, no point keeping that as new versions are updated at source... Regards, Kevin... Link to post Share on other sites More sharing options...
AlexUK Posted November 20, 2020 Author ID:1422345 Share Posted November 20, 2020 Hi Kevin, OK thanks. I have sent a donation by PayPal. Regards, Alex Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2020 ID:1422347 Share Posted November 20, 2020 Thanks very much Alex, much appreciated... Regards, Kevin.. Link to post Share on other sites More sharing options...
kevinf80 Posted November 25, 2020 ID:1423287 Share Posted November 25, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts