Jump to content

MalwareBytes Detected a trojan injector


Go to solution Solved by Maurice Naggar,

Recommended Posts

So malwarbytes recently I launched a scan; advanced one in my C drive. It detected a  trojan injector in my appdata/local/google/chrome/user data/default/cache/F__ some random numbers

So what I also noticed is I've been constantly getting this in windows defender!

I am extremely scared, and have been desperate for the past couple of hours. Please someone relieve my stress and help me out because I am near a breakdown as many of my passwords on this computer. Thank you.

 

Pleasehelp4!.PNG

Pleasehelp3!.PNG

Pleasehelp2!.PNG

Pleasehelp!.PNG

Link to post
Share on other sites

Helle @Crayolaman 

My name is Maurice. Please try to remain calm & steady. Do not use Chrome for the time being. Use Edge browser or another.

Do not surf the web.  No online games.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard prog ram). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

 

 

 

Link to post
Share on other sites

5 minutes ago, Maurice Naggar said:

Helle @Crayolaman 

My name is Maurice. Please try to remain calm & steady. Do not use Chrome for the time being. Use Edge browser or another.

Do not surf the web.  No online games.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard prog ram). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

 

 

 

Hey Maurice, Thank you so much for the advice; I am currently running a full scan! I'll complete the rest of the steps and tell you what happens :)! I have been panicking for the past hour. What happens if I browse on google chrome by the way? I logged into my school site from when that happened so far and also my paypal account. Do you think its compromised (auto saved) passwords

Link to post
Share on other sites

At this time, I can't say whether anything at all was compromised.

Know that Malwarebytes is protecting this pc if it has the Premium or the trial.

Also, Defender antivirus is protecting the pc. There were just 2 things it could not fully deal with.

Stay off the web if at all possible, except for going to this forum or getting tools I suggest as you & I go along.

There is not one single step fix. There will be more passes / rounds between me & you.

If pc is on Windows 10, just use Edge browser for the time being.

I will later list steps to deal with flushing & securing Chrome.

Much patience please.

Finish your current scan.

Finish the ESET scan & post it's log when all done.

While scan is running, close all browser tabs & exit out of all browsers. Stay off the web.  :cool:

Link to post
Share on other sites

39 minutes ago, Maurice Naggar said:

At this time, I can't say whether anything at all was compromised.

Know that Malwarebytes is protecting this pc if it has the Premium or the trial.

Also, Defender antivirus is protecting the pc. There were just 2 things it could not fully deal with.

Stay off the web if at all possible, except for going to this forum or getting tools I suggest as you & I go along.

There is not one single step fix. There will be more passes / rounds between me & you.

If pc is on Windows 10, just use Edge browser for the time being.

I will later list steps to deal with flushing & securing Chrome.

Much patience please.

Finish your current scan.

Finish the ESET scan & post it's log when all done.

While scan is running, close all browser tabs & exit out of all browsers. Stay off the web.  :cool:

Hey Maurice, so it finished; here's what was said.

 

2021-04-29 14:23:39 PM
Files scanned: 338676
Detected files: 0
Cleaned files: 0
Total scan time: 00:49:48
Scan status: Finished.

The same trojan that was persistent and windows defender could not delete, malwarebytes was able to but am I safe??? It constantly came back and I'm still parranoid.
 

SCANLOG.txt

Link to post
Share on other sites

Please always mention tool name of each log, unless it is listed in it. Was this last one from ESET ?

.

Further, I am listing 2 other procedures to do.

#1

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

.

#2

I would suggest that you do all 6 steps like on this one post of mine 

 

https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523

Attach the report from Adwcleaner back here. We will do more later. 

Link to post
Share on other sites

2 hours ago, Maurice Naggar said:

Please always mention tool name of each log, unless it is listed in it. Was this last one from ESET ?

.

Further, I am listing 2 other procedures to do.

#1

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

.

#2

I would suggest that you do all 6 steps like on this one post of mine 

 

https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523

Attach the report from Adwcleaner back here. We will do more later. 

Heres what else I got for you from the adwcleaner 

 

image.png.069e5e7c65a399b42cd1905a7dc1bec0.png

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-29-2021
# Duration: 00:00:04
# OS:       Windows 10 Home
# Scanned:  31969
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

Link to post
Share on other sites

image.png.befb3fa061e7cc772f6d1023d2e40f24.png

this is what i got after the clean up and this

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-29-2021
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [29/04/2021 16:59:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

Before I make the next step, I want to make it clear to Not copy & paste copies content of scans.

I only want the file itself to be attached.  And no screen grabs unless requested or absolutely necessary.

The Safety Scanner 

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

 

Please attach that log with your reply.

Link to post
Share on other sites

3 minutes ago, Maurice Naggar said:

Before I make the next step, I want to make it clear to Not copy & paste copies content of scans.

I only want the file itself to be attached.  And no screen grabs unless requested or absolutely necessary.

The Safety Scanner 

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

 

Please attach that log with your reply.

 

msert.txt

Link to post
Share on other sites

Thanks. You & I are the only ones active on your topic. When you want to initiate a reply, you do not need to click on 'Quote'.

You just simply use the white  block at the bottom of screen.

The next thing to do is one scan with Malwarebytes for Window.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

 

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

We will do more, later. 

Link to post
Share on other sites

image.png.f047cfaf66f0b1e693c9b88e57323440.png

 

 

Thi sis what I got, Im confused though about what you mean by "

 have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected."

Link to post
Share on other sites

My note section on ticking all detected items flagged is for when there are actual such detections.

Here in this case, Zero items were detected at all.

This here indicates things are fine as per Malwarebytes.

Here are tips on keeping your web browsers safer.   Please make time  and read all of this.     apply the tips.

 

See this article on our Malwarebytes Blog

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

 

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

 

To get & install the Malwarebytes Browser Guard extension for Chrome,

Open this link in your Chrome   browser: 

 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

.

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

 

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

 

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

Link to post
Share on other sites

Hello. We have run 4 scans so far. We can run a couple more to keep checking the system.

As to the Task Manager display in general, be aware that percentage of use is a snapshot at that instant.  The thing is your pc could have been in the midst of running a task, or maybe a background update.

It's better to check later in a few hours or tomorrow.

.

As to passwords, yes you ought to change them to more secure passwords & also use a password manager. @AdvancedSetup has a excellent set of tips on that.  I will provide you a link on the next round.

For now, let's do a different new scan report. This is just a diagnostic information collection.

Please download the Farbar Recovery Scan Tool 64-bit and save it to your desktop.

 

Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

 

Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen.

Click YES when prompted by Windows U A C prompt to allow it to run.

Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

 

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the *disclaimer* appears in FRST.

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

 

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).

Press Scan button and wait.

The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt 

Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Thanks for the FRST reports.

As a next step, to checkout your system a bit more, a new scan with Sophos.

Download Sophos Free Virus Removal Tool and save it to your desktop.

 

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

 

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

Click Next

 

Select I accept the terms in this license agreement, then click Next twice

 

Click Install

 

Click Finish to launch the program

 

Once the virus database has been updated click Start Scanning

 

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Copy and paste the results in your reply

 

Close the Notepad document, close the Threat Details screen, then click Start cleanup

 

Click Exit to close the program

If no threats were found please confirm that result....

 

The Virus Removal Tool scans the following areas of your computer:

 

Memory, including system memory on 32-bit (x86) versions of Windows

The Windows registry

All local hard drives, fixed and removable

Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Link to post
Share on other sites

I make the following observations.  The Malwarebytes is keeping your pc safe from potential harm.  Block notices are a courtesy notice.

Please use Edge browser instead of Chrome.  Please do not do any web surfing.

Please do Not play online games.

Be sure that Chrome is Closed before you initiate the scan with Sophos.

I am looking forward to getting your Sophos report after it is done.

Meantime, please stay off the web.  Meaning close all browsers, except for when getting tools I requested you to get.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.