Jump to content

Repeated Popup/Leftover Malware


Recommended Posts

So, I had in the past downloaded something that I realized a little too late was a trojan. After removing what I thought was all of it, I've been having issues getting anywhere removing the rest. Both the MalwareBytes software and ADWCleaner detect no issues, but I get repeated popups of a command prompt, and an error stating:

Quote

"Windows cannot find 'C:\Users\Name\AppData\Roaming\ServiceApi\MicrosoftApi.exe'. Make sure you typed the name correctly, and then try again."

In addition, random bits and pieces of my system seem to function in very peculiar ways, i.e command prompt will only open upon forcing it open with Windows + R and "cmd", refusing to open from the start menu, the audio icon in the bottom right of the main screen claims "No speakers or headphones detected" while audio performs normally, random Windows default icons, such as command prompt have no available icon, etc. I'm at a loss for what I'm supposed to do, and have no real place to turn to fix this issue.

Link to post
Share on other sites

Hello @NotMyAlias and  :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

Step 1

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Thank you.

Link to post
Share on other sites

Thank you for those logfiles @NotMyAlias.

 

 

This infection is more than two month old.

Let's scan a little bit deeper... maybe we can find something.

Thank you again!

 

 

 

Step 1

  • Run FRST again.
  • Copy and paste the following whole green content into the search field:

SearchAll: ServiceApi;MicrosoftApi.exe

  • Press the Search files button. Please be patient, this scan may take some time.
  • FRST will create one log now (Search.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Check the box in front of 90 Days Files.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Link to post
Share on other sites

Ok, we got it @NotMyAlias 😉

 

We are going to remove those orphans and check windows system files (Step 1). This may take some time (>15 min), please be patient. Do not run any other program during this time.

After that, please run another scan to check (Step 2).

 

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( D:\Chrome Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi @NotMyAlias,

Thank you again for attaching those logfiles as well as posting some status update.

Your logfiles look clean, no sign of malware now.

 

 

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

 

 

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.