Solomon Posted April 28, 2021 ID:1453925 Share Posted April 28, 2021 Downloaded a bad torrent with Malware, Run the .exe installer inside the file, installation was unsuccessful as MSCVR100.DLL/MSVCP140.DLL/d3dx9_43 was missing realized the file and installer was bad, Windows Defender picks up Trojan:Win32/CryptInject and Trojan:Win32/CryptInject.PW!MTB deleted installer file and did a full scan and offline scan on Windows Defender, everything appears to be healthy PC have no lag issue, no adware is popping up, but suspected crypto-mining malware Using Malwarebytes Premium Trial 4.3.0 to do a full scan, with all the checklist enable and on both my HDD and SSD Malwarebytes runs for 5~6 hours, then crashes, PC freezes up, can only force shutdown Tried running Malwarebytes full scan on both online and offline, crashes and freeze both times Tried to place a few files under Windows Defender's ransomware protected files Starts to get protected memory access blocked by CorsairLink4.Service.exe, protected folder location is suspicious Personal Deduction: Suspected malware masked itself as other application, and possible stopping Malwarebytes from making full scans I have included the FRST and Addition for your reference. Please have a look, thank you FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1453932 Share Posted April 29, 2021 Hello @Solomon Please run the following and post back the log Link to post Share on other sites More sharing options...
Solomon Posted April 29, 2021 Author ID:1453943 Share Posted April 29, 2021 Hi, as requested, I have run the program smoothly. and the requested log text attached below for your reference. Thank you mbar-log-2021-04-29 (10-20-14).txt system-log.txt Link to post Share on other sites More sharing options...
Solomon Posted April 29, 2021 Author ID:1453944 Share Posted April 29, 2021 @AdvancedSetup So I see that there are 2 trojan files that are detected, those are 2 items that I am well aware off as I need it for some software usages (I think you get what I mean). But for the sakes of doing a clean removal, I have ask the app to cleanup those 2 files too. So for now, may I know what is the next step? Re-run malwarebytes full scan with rootkits on? or any other next step Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1453959 Share Posted April 29, 2021 Thank you for the logs @Solomon I'm sure those files were not your issue. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. NOTE-3: This fix will also do a full network and firewall reset back to factory default settings. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Solomon Posted April 29, 2021 Author ID:1453966 Share Posted April 29, 2021 @AdvancedSetup okay, done, run, restart, disk check and gotten the fixlog. Please instruct the any next step. Thank you! Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1453973 Share Posted April 29, 2021 Great, the log show it found and fixed some OS issues. Windows Resource Protection found corrupt files and successfully repaired them. Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
Solomon Posted April 29, 2021 Author ID:1453994 Share Posted April 29, 2021 Hi @AdvancedSetup I have done the ESET scan, found 11 files, most of them are stuff that I am aware off. I am guessing overall my PC should be clean? or are there any next step to ensure my PC is totally malware free? ESET.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 29, 2021 Root Admin ID:1453996 Share Posted April 29, 2021 Yes, the computer should be clean now. Let's see about checking on the Malwarebytes program. I'll check back on you again sometime tomorrow. Please do the following Can you please do the following? Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click the CLEAN button and follow the onscreen instructions to reinstall Malwarebytes NOTE: Please have patience as it can take a while to remove and reinstall. The computer will restart to complete After the restart please do the following Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 28, 2021 Root Admin ID:1465883 Share Posted June 28, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts