Jump to content

Trojan preventing malwarebytes and other tools from being opened URGENT

HavingFamous
 Share

Recommended Posts

HavingFamous

HavingFamous

Posted
Posted

I recently torrented software from a trusted uploaded on THAT website, and now something has access to my PC that shouldn’t possess it. Malware bytes and other anti malware software like adw and far are are being closed automatically. My free antivirus Avira is still working normally, and I’ve launched at least a dozen scans. It’s not reporting any further malware but I know it’s there. Notepad is among the software that auto closes as well. 
 

please advise, I do have a laptop nearby if that will help any. I’m ready at my phone to provide any necessary information. 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. Sorry to read of your issues.

Let's have you get, save, & then run the Malwarebytes anti-rootkit tool MBAR.

See this how to 

Disregard the title of the article.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Let me know the result. Also attach the log file from the run.

Link to post
Share on other sites
HavingFamous

HavingFamous

Posted
  • Author
Posted
17 minutes ago, Maurice Naggar said:

Hello. Sorry to read of your issues.

Let's have you get, save, & then run the Malwarebytes anti-rootkit tool MBAR.

See this how to 

Disregard the title of the article.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Let me know the result. Also attach the log file from the run.

Hi, Maurice. So between the time the initial topic was created and now, I found a weird "vlsd" process in the startup menu. I rebooted back into safe mode and removed that file and others I didn't recognize from startup. Here you can see what is related to this virus. I attempted to alleviate any of the conditions the modified system files would concoct. After some deep file scrubbing, using adw and tdsskiller (killer didn't find anything), I rebooted into safe mode + networking and managed to get good ol' malwarebytes to install. MB found Backdoor.NetWiredRC.E registry entry which I promptly quarantined and removed. As I'm typing this the MBAR software is running and has detected a trojan agent in C:\Windows\Resources\Themes\explorer.exe. I got that cleaned up as well. Attached is the log file it spat out.

 

I'd appreciate any further advice before I bring my main desktop fully back online. Thank you again.

system-log.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Let's be sure that you do not run any programs on your own. It's important that I guide you.

.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

 

We will do more later.

Link to post
Share on other sites
HavingFamous

HavingFamous

Posted
  • Author
Posted
8 hours ago, Maurice Naggar said:

Let's be sure that you do not run any programs on your own. It's important that I guide you.

.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

 

We will do more later.

Hello again, Maurice. Scan took two hours (multiple large hard drives) and found 7 detections. Three of any concern: another virus hiding in Themes: icsys.icn.exe and two other things hiding in the recycle bin. There were other potentially unsafe programs that I knew about but hadn't used in a while so I removed those as well.

 

I understand that to fully ensure a  clean system, a fresh install of windows is helpful, although I don't have the space to back up much of so I'll be contending with that after any further recommendations you have. Attached is the ESET log.

 

Thank you again.

ESETlog.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks for the ESET log report.

I would have to remark, since a few files were tagged as hack tools & a 'license' activator...

One must be super careful as to what one Downloads.  Be careful to stay away from dodgy sites.  Ones that tout free stuff that evades software licenses.  The latter are a sure way to get a encrypting ransomware infection.

.

Hopefully here you may just have had a trojan. We will run more scans.  We want to be sure nothing else is around.

Rebuilding the whole system from scratch is your choice.

Though here, there are possible avenue for a windows-repair-upgrade, or a Refresh operation.

Those are possible.  But hold off on that.

I would like to be sure your Malwarebytes for Windows works.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later.

Link to post
Share on other sites
HavingFamous

HavingFamous

Posted
  • Author
Posted
34 minutes ago, Maurice Naggar said:

Thanks for the ESET log report.

I would have to remark, since a few files were tagged as hack tools & a 'license' activator...

One must be super careful as to what one Downloads.  Be careful to stay away from dodgy sites.  Ones that tout free stuff that evades software licenses.  The latter are a sure way to get a encrypting ransomware infection.

.

Hopefully here you may just have had a trojan. We will run more scans.  We want to be sure nothing else is around.

Rebuilding the whole system from scratch is your choice.

Though here, there are possible avenue for a windows-repair-upgrade, or a Refresh operation.

Those are possible.  But hold off on that.

I would like to be sure your Malwarebytes for Windows works.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later.

I've used hacks of this sort before without issue, but let me tell you--one serious virus was enough.

With rootkit scan enabled it appears that no items have been detected, attached is the log. 

Maurice, at this stage, if it was your PC, would you allow a normal (e.g. not safe) boot? The device hasn't left safe mode since this issue started. Frankly, I've been too scared to even though I manually checked every process that runs on startup.

I also appreciate your thoroughness, even though I'm familiar with windows systems and the anti-malware software we've been discussing, your instruction is exceptionally clear and succinct. Thank you.

 

Standing by for further advice.

MBlog.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks for running the Malwarebytes. The fact of having run that is encouraging.  The remaining issues can be cleared up.

Please download the Farbar Recovery Scan Tool 64-bit and save it to your desktop.

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

After saving

Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

 

_Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.

Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

 

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the *disclaimer* appears in FRST.

 

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).

Press Scan button and wait.

 

The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt 

Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites
  • 1 month later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.