Octavia1001 Posted May 16, 2022 ID:1515769 Share Posted May 16, 2022 Hello! As title states. Yesterday when I opened steam Malwarebytes stated that it blocked trojan. I did not think anything of it. But when it happened again toady I started to get worried. I read that there is so called steam.exe coin miner virus but but no process use more than few precent of the resources. Steam in particular uses only few % of CPU and 0% of GPU. Unlike stated that it should use about 70%. I also read that it is false positive. But I rather would be sure. I have attached FRST logs and extract from malwarebytes history. Lastly I scanned steam.exe individually and it showed no threat. Thank you in advance FRST.txt Addition.txt Export.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 16, 2022 Root Admin ID:1515832 Share Posted May 16, 2022 That IP is blocked due to an Emotet threat Please run the following @Octavia1001 Microsoft Safety Scanner Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well STEP 1 Please set File Explorer to SHOW ALL folders, all files, including hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html STEP 2 I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. Thank you Link to post Share on other sites More sharing options...
Octavia1001 Posted May 18, 2022 Author ID:1516052 Share Posted May 18, 2022 Hello! Sorry for the long response I did not expect for he scan to take this long. While the computer was scanning just before I went to sleep it showed that I had 5 infected files. The folder that is mentioned in the log file has never been opened, and can be easily deleted if necessary but I have not as to not impede your investigation. Also the computer decided that it must absolutely update now and I have attached the new FRST and addition files aswell. Addition.txt FRST.txt msert.log Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted May 18, 2022 Root Admin Solution ID:1516054 Share Posted May 18, 2022 That IP block turns out to be a False Positive after retesting. Please open Malwarebytes, go to Settings, General and check for updates. This should no longer be detected. However, the Microsoft scanner finds a threat in one of your saved files that you should consider deleting or at least uploading the file to https://virustotal.com and have them scan it too to make sure. Full Scan Results: ------------------ Threat Detected: Trojan:Win32/Rundas!plock, partially removed. Operation failed. Action: Remove, Result: 0x800700DF. Please use a full antivirus product ! ! file://F:\Downloads\Call of Duty Black Ops 2 SP-MP-ZM_LAN-repack ^^nosTEAM^^\Call-of-Duty-Black-Ops-2_nosTEAM.part1.exe->(RarSfx)->Call of Duty Black Ops 2\buddha.dll SigSeq: 0x0000166733FA04EB containerfile://F:\Downloads\Call of Duty Black Ops 2 SP-MP-ZM_LAN-repack ^^nosTEAM^^\Call-of-Duty-Black-Ops-2_nosTEAM.part1.exe Link to post Share on other sites More sharing options...
Octavia1001 Posted May 18, 2022 Author ID:1516133 Share Posted May 18, 2022 Hello! I am very grateful for you help! Update that you suggested has helped and no longer shows a trojan. Also the file has been deleted. I have marked your last post as a solution. Thank you very much and have a nice day! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 18, 2022 Root Admin ID:1516140 Share Posted May 18, 2022 You're quite welcome. Take care and have a great day. Here are some recommendations to help keep you and your computer safe. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 19, 2022 Root Admin ID:1516357 Share Posted May 19, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts