Jump to content

Please help frst scan attached.....


Recommended Posts

i have recently received my computer back from a friend and as such it has a lot of extra software, some of it i believe patched. (not my decision) From power on on the 27/01/21 i noticed servere slowdown, (this is xeon based 8c/16t 16gb qd chl, gtx 980, nvme equipped machine and is now stalling even opening web browser, whereas normally nothing i do slows it down) then next symptoms occured whilst screen flashing and all inputs dead, i was locked outve start, task manager, scheduler, and cmd and all of defender and system tools, ... have managed with a combo, of your trial, and windows defender and in place upgrade from 1902 to current 20h2 version of win10 pro (fully licenced) to retrieve start menu and task scheduler, and all my user controls (with some exceptions but still slow as hell) have now run 'frst' and discovered task scheduler items that shouldn't be there, as such deleted every single item in scheduler. Have also used process hacker to examine and can see secondary user processes when there should be no second user ever, and as such believe it is a complicated, and well hidden virus. (the symptoms include immediate drop from 99% cpu usage to nearly nothing on opening task manager however process hacker shows near on 99% usage and i am aware some of the smarter malware will self kill  processes on open of task manager..

mbam pro trial is detecting nothing even tFRST.txthough i included rootkits and a,i scan plus toggled the 'register with win defender setting to 'off', as you usually advise' although defender is periodically picking up some threats but due to the nature of defender it doesn't give me enough info to track and kill the source. also cannot delete windows.old and cannot elevate permissions as says i need system permission. (i am the admin and only legit user account, there is no one above me so shouldn't be denied access anywhere)

please find attached frst scan results and kindly provide some sort of fixlist.

i am familiar with cracked software as i have worked as a pc tech in the past having to remove it, however this infection is abopve my knowledge. i will be removing the potentially dodgy apps installed whilst pc was on loan, however these are clearly not the issue as i locked them in an encrypted file during my threat search and the issues persisted. i think the problems sound like a well hidden and quite smart trojan of sorts but need your help with a fix list please. 

Link to post
Share on other sites

am unaware if these will be of any use/assistance to you. However having been given some advice through peers prior to contacting you guys for your help. I had also been told there was value in scanning the system with 2 other tools. So please find attached, the reports derived from both 'Rouge Killer' and 'CKScan' having found a single malicious registry key using 'RKiller' 

HKEY_Local_Machine\Software\MicrosoftWindows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin    ... value at (0)

Using the option within RKiller result page, chose to repair that one discovery.

Have not analyzed the results dump from CKScan but it is attached also.

 

Thanks again and i await your advice

RKill rpt.txt ckfiles.txt

Link to post
Share on other sites

Hiya

Run Roguekiller again, after the scan completes remove the entry listed in the log you attached:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

Next,

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply..

Thank you,

Kevin..

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.