Rapture Posted June 5, 2022 ID:1518698 Share Posted June 5, 2022 Hey,my pc is infected with some kind of virus who remotely can control it. The problem is that it's not detected by any antivirus/antispyware software i have used. I've had the same infection before and i was tryed to format the HDD and flash my BIOS. (unsuccessfully of course) So I had bought a new HDD and replaced it. And the infection was just gone. It's a little complicated to explain,but now my all devices are infected with this malware.(even my Android box) Now somehow the infection is back (somebody is hacked me with network attack i think). I can't afford to bought a new hard disk again. And i'm starting to think that my HDD have firmware virus. So what to do guys? Thanks in advance. :) Link to post Share on other sites More sharing options...
1PW Posted June 5, 2022 ID:1518711 Share Posted June 5, 2022 Hello @Rapture and While you are waiting for the next qualified/approved malware removal expert helper to weigh-in on your topic, please carefully follow the instructions within the following Malwarebytes support article: Run the Farbar Recovery Scan Tool to gather logs Please attach (not Cut & Paste) both the FRST.txt and Addition.txt report files in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
Rapture Posted June 5, 2022 Author ID:1518712 Share Posted June 5, 2022 Here are the logs you requested : FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 6, 2022 Root Admin ID:1518773 Share Posted June 6, 2022 The computer looks to be having some possible hardware or driver issues that need correcting. My suggestion would be to uninstall Kaspersky Security Cloud and restart the computer. Then run the following and let us know why you think you're infected. What are you seeing or experiencing? Microsoft Safety Scanner Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well STEP 1 Please set File Explorer to SHOW ALL folders, all files, including hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html STEP 2 I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. Thank you Link to post Share on other sites More sharing options...
Rapture Posted June 6, 2022 Author ID:1518806 Share Posted June 6, 2022 I removed Kaspersky cloud and then restarted the computer. My pc is doing strange things like example and i think somebody is playing with it : -hide tray icons -close processes -some passwords of my accounts were just changed -eject my dvd writer -my pc and internet sometimes are very slooooow -sometimes my internet just stops unexpectedly -my mouse is moving when i play games -etc etc Here is the log : --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.367, (build 1.367.1091.0) Started On Mon Jun 6 14:51:07 2022 Engine: 1.1.19200.7 Signatures: 1.367.1091.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Failed to submit MAPS report: 0x80072EE7 Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Mon Jun 6 15:31:05 2022 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 6, 2022 Root Admin ID:1518910 Share Posted June 6, 2022 What you describe does not sound like malware, but we'll do some more scans and checks. Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
Rapture Posted June 8, 2022 Author ID:1519260 Share Posted June 8, 2022 6/8/2022 21:47:55 PM Files scanned: 184221 Detected files: 0 Cleaned files: 0 Total scan time: 01:20:12 Scan status: Finished Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 8, 2022 Root Admin ID:1519269 Share Posted June 8, 2022 Thank you. Please run the following @Rapture Link to post Share on other sites More sharing options...
Rapture Posted June 9, 2022 Author ID:1519418 Share Posted June 9, 2022 mbar-log-2022-06-09 (17-11-34).txt system-log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 9, 2022 Root Admin ID:1519492 Share Posted June 9, 2022 Please download the following tool Farbar Service Scanner and run it on the computer with the issuehttp://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Click "Scan" It will create a log (FSS.txt) in the same directory the tool is run. Please attach the log to your next reply. Link to post Share on other sites More sharing options...
Rapture Posted June 9, 2022 Author ID:1519500 Share Posted June 9, 2022 FSS.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 9, 2022 Root Admin ID:1519505 Share Posted June 9, 2022 That looks good too. Create an Autoruns Log: Please download Sysinternals Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it. Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard. Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images Then click the Rescan button. Agree to the VirusTotal EULA Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns. Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply. Thank you Link to post Share on other sites More sharing options...
Rapture Posted June 9, 2022 Author ID:1519515 Share Posted June 9, 2022 Autoruns (2).zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 9, 2022 Root Admin ID:1519545 Share Posted June 9, 2022 Thanks, that log does not show any real issues either. Let me have you run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
Rapture Posted June 10, 2022 Author ID:1519639 Share Posted June 10, 2022 report_2022.06.10_07.31.51.klr.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2022 Root Admin ID:1519641 Share Posted June 10, 2022 Okay, as I was saying. We've now scanned the system with multiple antivirus scanners. The Farbar scanner, rootkit scanner and none of them find an infection. The issue you're seeing are probably due to a misunderstanding of how Windows works. Link to post Share on other sites More sharing options...
Rapture Posted June 10, 2022 Author ID:1519660 Share Posted June 10, 2022 Last question,is there a program to just block the connection between the ''hacker'' and me? Because i think that the firewall can't catch it also. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2022 Root Admin ID:1519720 Share Posted June 10, 2022 You can reset your router if you own it. The logs are not showing an indication though of any remote access. Please ensure that you have the user manual for your router. Then perform a factory reset. How To Reset Your Routerhttps://setuprouter.com/networking/how-to-reset-your-router/ Depending on one's preferences and the Router's capabilities please consider the following. Disable acceptance of ICMP Pings Change the Default Router password using a Strong Password Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option. Disable Remote Management Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another. Change the network name (SSID). Do not use your; Name, Postal address, or other personal information. Make it unique or whimsical and known to your family/group. Is the Router Firmware up-to-date? Updating the firmware mitigates exploitable vulnerabilities. Specifically set Firewall rules to BLOCK; TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555 Document passwords created and store them in a safe but accessible location. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2022 Root Admin ID:1519722 Share Posted June 10, 2022 You can copy and paste the following into NOTEPAD and then do a File Save-As and save it as a batch file to run it. You must put the name of the file you save as in " " quotes Example: "SetCustomFirewallRules.bat" Then save it to your system. Find the batch file and right-click over it and choose "Run as administrator" and this will create some custom rules in your firewall to help block unwanted items. @echo off :: Delete all custom Firewall rules netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP port 135" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP port 135" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP port 135" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP port 135" netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP port 137" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP port 137" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP port 137" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP port 137" netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP port 138" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP port 138" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP port 138" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP port 138" netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP port 139" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP port 139" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP port 139" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP port 139" netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP SMB 445" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP SMB 445" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP SMB 445" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP SMB 445" netsh advfirewall firewall delete rule name="1Custom Block all inbound TCP port 3389" netsh advfirewall firewall delete rule name="1Custom Block all outbound TCP port 3389" netsh advfirewall firewall delete rule name="1Custom Block all inbound UDP port 3389" netsh advfirewall firewall delete rule name="1Custom Block all outbound UDP port 3389" netsh advfirewall firewall delete rule name="1Custom Block WScript 32-bit" netsh advfirewall firewall delete rule name="1Custom Block WScript 64-bit" netsh advfirewall firewall delete rule name="1Custom Block CScript 32-bit" netsh advfirewall firewall delete rule name="1Custom Block CScript 64-bit" netsh advfirewall firewall delete rule name="1Custom Block Type 13 ICMP V4" :: Create all custom Firewall rules netsh advfirewall firewall add rule name="1Custom Block all inbound TCP port 135" protocol=TCP dir=in localport=135 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP port 135" protocol=TCP dir=out localport=135 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP port 135" protocol=UDP dir=in localport=135 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP port 135" protocol=UDP dir=out localport=135 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound TCP port 137" protocol=TCP dir=in localport=137 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP port 137" protocol=TCP dir=out localport=137 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP port 137" protocol=UDP dir=in localport=137 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP port 137" protocol=UDP dir=out localport=137 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound TCP port 138" protocol=TCP dir=in localport=138 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP port 138" protocol=TCP dir=out localport=138 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP port 138" protocol=UDP dir=in localport=138 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP port 138" protocol=UDP dir=out localport=138 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound TCP port 139" protocol=TCP dir=in localport=139 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP port 139" protocol=TCP dir=out localport=139 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP port 139" protocol=UDP dir=in localport=139 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP port 139" protocol=UDP dir=out localport=139 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound TCP SMB 445" protocol=TCP dir=in localport=445 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP SMB 445" protocol=TCP dir=out localport=445 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP SMB 445" protocol=UDP dir=in localport=445 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP SMB 445" protocol=UDP dir=out localport=445 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound TCP port 3389" protocol=TCP dir=in localport=3389 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound TCP port 3389" protocol=TCP dir=out localport=3389 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all inbound UDP port 3389" protocol=UDP dir=in localport=3389 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block all outbound UDP port 3389" protocol=UDP dir=out localport=3389 action=block enable=yes netsh advfirewall firewall add rule name="1Custom Block WScript 32-bit" dir=out action=block program="c:\windows\system32\wscript.exe" enable=yes netsh advfirewall firewall add rule name="1Custom Block WScript 64-bit" dir=out action=block program="C:\Windows\SysWOW64\wscript.exe" enable=yes netsh advfirewall firewall add rule name="1Custom Block CScript 32-bit" dir=out action=block program="c:\windows\system32\cscript.exe" enable=yes netsh advfirewall firewall add rule name="1Custom Block CScript 64-bit" dir=out action=block program="C:\Windows\SysWOW64\cscript.exe" enable=yes netsh advfirewall firewall add rule name="1Custom Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block pause Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 20, 2022 Root Admin ID:1521257 Share Posted June 20, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts