Jump to content

Trojan Keeps Coming back after deleting entire folder


Recommended Posts

2 hours ago, kevinf80 said:

How does your system currently respond, any issues or concerns..? I see from the logs that you have very little free space on C:\ drive...

some things take a while to startup, but nothing too crazy, im sorry for responding so late i didnt see that there was two pages,i cleared up some space by uninstalling a few games on my ssd to see if that would help and i havent noticed much of a diffrence

Link to post
Share on other sites

Hiya issacf2007,

Thanks for the reply, yes freespace is critical for windows to work efficiently, the recommended freespace for a mechanical hard drive is approximately 15% and for an SSD is approximately 25%...

Response time is not an issue, being in different time zones means we can mean we miss each others replies.. Apart from freespace have the infection issues ceased...

Thank you,

Kevin..

 

Link to post
Share on other sites

Hiya isaacf2007,

Thanks for the information update, try the following please:

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Please download the correct portable version (32-bit or 64-bit) of RogueKiller for your system and save the file to your computer Desktop.
 
  • Right-click on the RogueKiller file and select Run as administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open.
  • Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button.
  • When the scan is complete, click on Results button. NOTE: DO NOT delete any found entries. All listed entries will be carefully analyzed.
  • Then click on Report button.
  • Click Export button and select "Text file".
  • Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it.
  • Click the Finish button and close RogueKiller window.
  • Copy and paste the entire contents of that log into your next reply.

Thank you,

Kevin...

Link to post
Share on other sites

  • Root Admin

Hello @isaacf2007

Can you please post back the full log from the detections?

 

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

The log KRNL.Detection.txt was from 2 day ago:  Scan Date: 6/13/21

The log UpdateDetected.txt was also from 2 days ago: Scan Date: 6/13/21

The current scan is no longer showing either of those detections

Please wait for @kevinf80 and he may have other scans or routines he'd like you to run @isaacf2007

Thank you

 

 

 

Link to post
Share on other sites

Hiya isaacf2007,

Thanks for the information update, can you find and post the log from AdwCleaner. Logs are saved here: C:\AdwCleaner\Logs

Now, let's re-run RogueKiller and remove all of the items it initially found:
 
  • Right-click on the RogueKiller file and select Run as administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open.
  • Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button.
  • When the scan is complete, make sure every item listed is checkmarked.
  • Then click the Removal button and wait until the removal process is complete.
  • When complete, click on Results.
  • Click Report.
  • Click Export and select "Text file".
  • Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it.
  • Click the Finish button and close RogueKiller window.
  • Copy and paste the entire contents of that log into your next reply.


Next,

I want a new log from a fresh Malwarebytes scan to confirm if the infection is still present...

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


In your reply I want to see the logs from the following:

AdwCleaner
RogueKiller
Malwarebytes


Thank you,

Kevin.
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.