Jump to content

this trojan hack my copy paste crypto address, and sfc and dism not run


liper

Recommended Posts

  • Root Admin

Please NOTE: This computer appears to be actively used for pirating or stealing software. We will not actively help you to pirate or steal software. We will review to assist with malware removal only. Failure to remove items we request you to remove will result in your topic being closed and no further assistance being offered.

 

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour
CCleaner
(computer experts no longer recommend this product)
Java 8 Update 221
Java SE Development Kit 8 Update 221

 

 

Your DNS Servers: 192.168.53.30

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

Please double-check and verify this software is valid and you do still want it running. Nothing wrong with it that I'm aware of, just pointing it out due to its age. It is from 2012 which is ancient in computer software terms.

HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] (Cambridge Silicon Radio Ltd. -> )
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)

 

 

Again, nothing wrong with the software but is a limited use type of software and is from 2018. If you're aware and want it running simply ignore I said anything

HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe [2479616 2018-03-26] (Proxy Labs) [File not signed]

 

It might be valid but I highly doubt it. Microsoft does not typically support and keep links valid for software that is over a decade old. If not really working perhaps remove the link that starts this

HKLM-x32\...\Run: [BCSSync] => D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)

 

This is set to start but Farbar says it cannot find the file

HKU\S-1-5-21-1976259267-1925778007-1183220360-1001\...\Run: [startup_system] => C:\Users\Philip\AppData\Roaming\MetaQuotes\Terminal\Common\wincpuhealthoptimizer.exe (No File)

 

More software that is now more than a decade old. It's highly unlikely this software is running properly (though it might be). Please double-check and verify that  you still want it running on your system

HKU\S-1-5-21-1976259267-1925778007-1183220360-1001\...\Run: [eMuleAutoStart] => C:\Program Files (x86)\eMule\emule.exe [5758976 2010-04-07] (hxxp://www.emule-project.net) [File not signed]

 

Please verify you still use these printer drivers, etc. If you are then ignore.

HKLM\...\Windows x64\Print Processors\Canon iP2700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA4.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\PrintMulti: C:\Windows\System32\spool\prtprocs\x64\printmulti.dll [892928 2011-11-03] (Dieter Riekert) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP2700 series: C:\WINDOWS\system32\CNMLMA4.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HCR Client Port Monitor: C:\WINDOWS\system32\csrportmon.dll [73416 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
HKLM\...\Print\Monitors\HP DF11 Status Monitor: C:\WINDOWS\system32\hpinkstsDF11LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)

 

You have a Visual Basic Scripting file set to run on startup. Is this a valid file for you?

Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wsl-run.vbs [2020-02-16] () [File not signed]

 

Please double-check these batch files

Task: {1595072E-5B69-4328-BB33-E31EC9C384C4} - System32\Tasks\automountvhdx => d:\Desktop\Google Drive\Philip\startup.bat [449 2021-01-26] () [File not signed]
Task: {1EEA0621-9025-41AA-BC9D-ABDE75597A1E} - System32\Tasks\ReksaBuySahamBuy => D:\reksasaham.bat [50 2021-02-26] () [File not signed]
Task: {2030D273-7FBA-4420-93CE-01514796B67B} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-05-01] () [File not signed]
Task: {AFE35A55-9974-4CB7-BF2E-89EBDB3A449C} - System32\Tasks\backupcctv2 => C:\Temp\backupcctv.bat (No File) <==== ATTENTION

 

 

Is this PROXY valid for you?


ProxyServer: [S-1-5-21-1976259267-1925778007-1183220360-1001] => 192.168.53.60:5566

 

 

CHR Notifications: Default -> hxxps://www.tokopedia.com

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

 

It is highly undesirable to be using TEST SIGNING with the advent of a massive amount of ransomware attacks that encrypt your data it really behooves one to use better security on their systems these days.

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

 

 

Please address, reply to the items above and then run the following scan please.

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Thank you @liper

 

Link to post
Share on other sites

Dear Mr. Thank You.. for quick reply, I will next post soon.. Thank You

Appriciate very much, 

 

 

I try to run 

* sfc /scannow
* DISM /Online /Cleanup-Image /CheckHealth

and it quit at 10-15%

i try run at safemode, and try startup repair, command prompt but 

it show blue screen sometimes green screen as attached files

and try boot from usb windows 10 and try to fix, can open command but it said as attached.. 

 

 

 

IMG_20211204_075845.jpg

IMG_20211204_084118.jpg

IMG_20211204_085613.jpg

Link to post
Share on other sites


Bonjour *uninstalled 
CCleaner (computer experts no longer recommend this product) *uninstalled 
Java 8 Update 221 *uninstalled 
Java SE Development Kit 8 Update 221 *uninstalled 

Your DNS Servers: 192.168.53.30 , 
i am using smartdns for speed when browsing...
https://github.com/pymumu/smartdns
because in past is provider internet somehow force using its dns until i using dnscrypt to bypass


HKLM\...\Run: [CsrHCRPServer]  I think it is my bluetooth dongle
HKLM\...\Run: [ProxyCap] to force software using proxy.
HKLM-x32\...\Run: [BCSSync]  maybe office 2010 

\Terminal\Common\wincpuhealthoptimizer.exe (No File)  : Virus this one hack me and post at previously post
emule: like to find old popular ebook/software/etc

Printer *i think ok

start up wsl-run.vbs [2020-02-16 : for running smartdns 

Google Drive\Philip\startup.bat: is ok, i made it for backup and Mounting virtual drive script 
reksasaham.bat : it is my script 
npcapwatchdog   : *task disabled, i dont know which software 
backupcctv.bat (No File) * task deleted
192.168.53.60:5566 <-- yes it is, this is tor. in past use this and not active

CHR Notifications: this is ok for me..


=======XXXXX=======
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
Please help, I dont understand...
=======XXXXX=======
 

Link to post
Share on other sites

  • Root Admin

Wow, up to you but with that much junk onboard the computer I'd personally back up my data, fdisk the partition and reinstall Windows.

I assume that's something you're probably not interested in, so let's go ahead and run an ESET scan too.

Please temporarily disable any real-time protection and run the following scan.

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Thanks @liper

 

Link to post
Share on other sites

Dear Mr @AdvancedSetup

I am using Eset like You recommend and still find virus. 

I think It's better for me to reinstall os... And yes Your Idea is the best... Thank You

Can You share me some good article for take care or good using Computer so dont infected by Today ?

And I check Ryzen 240G my cpu is not sypport by windows 11. so i think still using windows 10

 

 

Link to post
Share on other sites

  • Root Admin

Yes, I've tried Windows 11 and I just don't see the immediate need. Yes, a bit more secure perhaps but seems Microsoft is still ironing out some of the bugs. I'd go with Windows 10 too. @liper

 

I don't agree with Greg about the online account. I personally steer clear of it and want nothing to do with it. I don't share any programs or sync any data or apps between devices and don't want to either. Other than that, his article is excellent.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.