Jump to content

Help with possible infection

lokey_

By lokey_
in Resolved Malware Removal Logs

 Share

Recommended Posts

lokey_

lokey_

Posted
Posted

Hello, I did something real dumb and installed something in kali linux without even thinking and it happend in a virtual machine but I looked up online to see if Malicious stuff can crose over to the real computer and I read something about the connection and remembered that I forgot to isolate the virtul machines network so now im scared I opened my self to attacks I was just trying to learn kali linux because Im trying to get a job in cybersecurity and Im taking computer classes at school currently and im doing other stuff out of school too to help with getting a job in cybersecurity I was also gonna try to learn netowrking because I heard that needed too but im scared to even turn on my pc im worried ill risk everyone on the wifi I am planning to get a seperat router for rare cases that malware passes on my pc anyways here are the scan logs.

FRST.txt Addition.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello @lokey_ My name is Maurice. I will guide you to look for actual malware (if any are found). Please insure that the system does have a internet connection as we work the procedures I list for you to do.  I certainly hope you got the Linux distribution from a legitimate source.

What follows are what I suggest to do next.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[ 2 ]

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan .

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

If still frozen, then Close the app ( Cancel /exit out). Then Restart Windows and let the system settle in. Next to do 

This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Regret to hear that. Let us do a visual check in Windows Security to see (visually) that Microsoft Defender is on . And do a Update run & do a Custom scan on the C drive.

 

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options. Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.

I would like you to select CUSTOM scan from scan options

Then select the C drive

Then have it scan the whole C drive.

Once it is started & is scanning, you should take a long long break. This scan will take several hours. You do not need to sit & watch. Have a long respite break. 

Sincerely.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

A lot of this is simply the ability to clear out the Recycle Bin. That is where most of the complaints were by MS Defender antiirus. 

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. This is really just housekkeping.

We will use FRST64  on the Desktop  folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Lokey  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will rebuild the Winsock. 

NOTE-2: It should empty out the Recycle Bin in its entirety. This should run a quick scan with MS Defender antivirus and remove outstanding action items, if any.

NOTE-3: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   Desktop   folder

Fixlist.txt           <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Desktop   folder.


RIGHT click on FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. Thank you. That is a good, fine run. 

[  now   Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

Link to post
Share on other sites
  • AdvancedSetup changed the title to Help with possible infection
lokey_

lokey_

Posted
  • Author
Posted

Hello and Ill run the scans right now I couldnt reply becasue I was on a little vacation as of right now my computer cant get internet connection becasue the wifi adapter broke the day it fell so i dont have wifi on my computer right now im responding from another device hop thats ok but ill run the scans right now and also do yo know of a any little wifi adapter that I could buy thats secure.

Link to post
Share on other sites
lokey_

lokey_

Posted
  • Author
Posted

another thing i forgot to say the day the adapter stopped working the update was complete for the windows defender stuff but the  Cumulative Update for Windows 10 Version 21H2 for x64-based Systems was not finished I think its that one i had to do some research to find the name and if my memory is correct its that update that didnt update.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. If the WiFi connection is not solid / not reliable, then please have the pc  connected via a Ethernet cable to the internet router box.
Your machine needs to be reliably connected to the internet.
How to Connect Your Computer to Your Router with a Wired Connection
https://www.highspeedinternet.com/resources/what-cables-do-i-need-to-connect-my-router-to-my-computer

Link to post
Share on other sites
lokey_

lokey_

Posted
  • Author
Posted

Hello sorry for the long wait ive been having alot of problems with family lately and its been affecting my mental health and I just dont feel motivated to do stuff when getting home I just fall asleep and also been really busy with school and im in the middle of looking for my first job to save up for collage aswell its just a mess right now Ive had everything on hold while i get myself together ill try my best to reply back as quick as possible I havent had a lot of time to get on my computer because of the problems ive been with family and stuff but back to the topic it isnt my mother board thats broken my motherboard is fine it comes with the wifi capability but the little antenna broke and I dont think I will be able to find a replacment im currently looking for one as im typing this and I also want to point out that when i was deleting some things off of my computer right now like a little maintenance I noticed that a file named exportBCD popped up in c drive I think it popped up today when i turned on my computer didnt notice it till today so i dont know If when I was  deleting stuff it made that file appear or if i moved something on accident but back to the topic again sorry if im getting side tracked ill also try to look for a cable aswell to connect the pc to my router but the only problem is I have to find a long one that will reach, and also I just want to thank you for helping me out so far I really apreciate it.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

I am very sorry for your troubles. Taking care of your personal and family matters come first. Take care of you and them first.
This pc comes last.
I cannot guess as to what lead to the display line that you mentioned. It possibly could be a leftover scheduled task, perhaps. or a unfinished run from before.
I am sorry that your pc is without internet access. That means you have to use another computer that works to transfer files to and from the problem-computer.

Edited by Maurice Naggar
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.