Carmas Posted December 6, 2021 ID:1491603 Share Posted December 6, 2021 I have some viruses "backdoor.farfli", I eliminate them with Malwarebytes, but every time I restart the pc it appears again, could you please help me. I am attaching my last report. Report.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2021 ID:1491626 Share Posted December 6, 2021 Hello Carmas and welcome to Malwarebytes, Run the following scan, lets see if anything shows up: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The tool will also make a log named (Addition.txt) Please also attach that log to your reply. If necessary: Disable smart screen ONLY if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin Link to post Share on other sites More sharing options...
Carmas Posted December 6, 2021 Author ID:1491643 Share Posted December 6, 2021 Attached files Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted December 6, 2021 Solution ID:1491799 Share Posted December 6, 2021 Hiya Carmas, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Scan and Clean and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take awhile to complete... You will have to register your name and email address to download the tool. You will also have to confirm your email address again each time the scan started... Found entries will have options to delete or quarantine, if you believe they maybe false positives you can change to ignore. A reboot maybe requested to remove difficult malware/infection, please allow that to happen Saved logs are found here: C:\ProgramData\Sophos\ScanandClean\Logs Attach those logs to your next reply... Thank you, Kevin. fixlist.txt Link to post Share on other sites More sharing options...
Carmas Posted December 7, 2021 Author ID:1491825 Share Posted December 7, 2021 Attached files SophosScanAndClean_20211206_1852.log Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2021 ID:1491913 Share Posted December 7, 2021 Hiya Carmas, Thanks for those logs, continue please: Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done attach the new logs. "FRST.txt" and "Addition.txt" Attach the produced logs to your reply... Thank you, Kevin. Link to post Share on other sites More sharing options...
Carmas Posted December 7, 2021 Author ID:1491997 Share Posted December 7, 2021 Attached files Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2021 ID:1492005 Share Posted December 7, 2021 Thanks for those logs, continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Also let me know how your system is responding, if any remaining issues or concerns... fixlist.txt Link to post Share on other sites More sharing options...
Carmas Posted December 8, 2021 Author ID:1492028 Share Posted December 8, 2021 I am very grateful for your help and patience. Attached files Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 8, 2021 ID:1492068 Share Posted December 8, 2021 How is your system responding now, any remaining issues or concerns..? Link to post Share on other sites More sharing options...
Carmas Posted December 9, 2021 Author ID:1492277 Share Posted December 9, 2021 It seems that now everything is fine, every time I reboot and scan it no longer detects those annoying files. Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2021 ID:1492311 Share Posted December 9, 2021 Hiya Carmas, Good to hear your system is ok for you now, continue to finish up: Download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. When the tool opens, ensure all boxes are checked, and select Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please copy and paste its contents in your next reply. Next, 1. How to create strong Passwords - https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/ 2. How to keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download 3. Keep your Operating System upto date and current - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 4. Answers to Security Questions and Best Pratices - https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ 5. Malwarebytes Browser Guard (Free) for Firefox, Chrome and Edge: https://support.malwarebytes.com/hc/en-us/articles/4402157637523-VIDEO-Set-Up-and-Use-Malwarebytes-Browser-Guard-Chrome-Edge-and-Firefox- Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Carmas Posted December 9, 2021 Author ID:1492345 Share Posted December 9, 2021 Attached files kprm-20211209175550.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 10, 2021 ID:1492381 Share Posted December 10, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts