Jump to content

Macro Module Virus Kangatang


Recommended Posts

  • Root Admin

Hello @Lacazar

Please run the followings for me and we'll see what we can find.


To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you


Link to post
Share on other sites

  • Root Admin

Thank you for the log @Lacazar

This is a Macro virus from a while ago. We don't scan Excel files for macros but our Anti-Exploit should stop the further spread of the virus. I'll help you get the computer cleaned up though.


It looks like this was potentially the source of the initial threat. C:\Users\Linh-KTNV\Downloads\nhượng 18.8.xls

C:\Users\Linh-KTNV\Downloads\nhượng 18.8.xls_tmp

Once that was run and the Macro initiated it was then able to attach itself to other files on your system such as these for example

C:\Users\Linh-KTNV\Desktop\Mẫu biểu gửi khách.xlsb
C:\Users\Linh-KTNV\AppData\Roaming\Microsoft\Excel\XLSTART\mypersonnel.xls (this file should be deleted if it still exists)




Please download and run the following Microsoft Safety Scanner and choose the FULL scan.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft


Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is


Please attach that log with your next reply.



What is this program? A search on Google does not find it.

Startup: C:\Users\Linh-KTNV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WUPOSStartup.exe

Please upload that file to https://virustotal.com and have them scan the file and let me know what they find



Let me have you run another antivirus scanner to double-check on the system.


I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.


Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3




Please go to Control Panel, Programs, Programs and Features and uninstall the following



Please clean up the browser Cốc Cốc (Cup Cup) to make sure it does not contain any bad links, cache, cookies, etc.
Do the same with Google Chrome


Please download the following program and have it scan for and update any of your other software to make sure it's up to date.

Patch My PC Home Updater



Click on Start / Search and type in "Check for updates" and let Windows check for and install any updates it finds.





Edited by AdvancedSetup
updated information
  • Like 1
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.