ToontownMessiah Posted August 23, 2022 ID:1529647 Share Posted August 23, 2022 I downloaded some songs off of KHinsider, and out of nowhere it detected one of the files as a trojan. I did one of the full custom scans last night for 12hours and it had no detections, but I did a quick scan before than and there was another file I had to quarantine. Ill post below what I got from malwarebytes. I dont know how this is happening but is my system just infected in general? What should I do? Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/23/22 Scan Time: 4:42 AM Log File: dd536cca-22c7-11ed-b57f-b42e991a2284.json -Software Information- Version: 4.5.12.204 Components Version: 1.0.1725 Update Package Version: 1.0.59041 License: Free -System Information- OS: Windows 10 (Build 19043.1889) CPU: x64 File System: NTFS User: MarioKartGod\Ricardo Poferl -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 346642 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 3 min, 9 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.ShellCode, C:\USERS\RICARDO POFERL\DESKTOP\OST DL'S\TWILIGHT PRINCESS\2-17. SACRED GROVE.MP3, Quarantined, 6813, 1059167, 1.0.59041, , ame, , 7536BAB2D1772881C5C808D0ECD52A29, CA688105CCD5705EBD06BD7332E482F0735C07FFA48CB4EED5DDF86D930C2057 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2022 ID:1529670 Share Posted August 23, 2022 (edited) Hi A. First, if this were me, I would not do any more downloads from where you got that sound file. B. Trojan.Shellcode see https://www.malwarebytes.com/blog/detections/trojan-shellcode Trojan.Shellcode is Malwarebytes' generic detection name for Trojans that run shellcode on affected systems in order to launch malware or download additional malware. C.Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.htmlD. D. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan . Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Edited August 23, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
ToontownMessiah Posted August 23, 2022 Author ID:1529690 Share Posted August 23, 2022 I ran a full scan and it said everything was okay, and when the file was restored it also said everything was okay. My PC has been blue screening and failing for a while so I am assuming it's just a false positive and not real. I am factory resetting it right now anyways cause it has so many problems I might as well. The place I got the files from are trusted, I think there was just different malware in my PC doing weird things. It flagged something else 2 days ago I never even downloaded. I am pretty sure it will be resolved once I finish the factory reset, even though it could take a damn long time. Thanks for your help anyways. I would've kept this going to resolve it but it blue screened 2 times cause of my hard drive so I decided to just fac reset. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2022 ID:1529809 Share Posted August 24, 2022 (edited) Hello. Assuming that the factory reset has completed, I would suggest [ 1 ] Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. [ 3 ] I would like a diagnostic report in order to review. Specifically the FRST Farbar diagnostic report. It is safe to get & use. Be very sure you SAVE it first.https://support.malwarebytes.com/hc/en-us/articles/360039025013-Run-Farbar-Recovery-Scan-Tool-to-gather-logs Attach FRST.txt + Addition.txt with your reply. You may if you wish, ZIP the 2 into a zip file & then attach. { just please do not copy, paste their contents in main body of reply box here.) Edited August 24, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
ToontownMessiah Posted August 24, 2022 Author ID:1529817 Share Posted August 24, 2022 I checked for updates and it says I am good. I ran a scan since complete and plan on doing a complete full scan on both drives with rootkits and all to make sure it's gone. Here are the txt files in the meantime. Hope I did this right FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2022 ID:1529837 Share Posted August 24, 2022 Thanks for Farbar FRST reports. I will look them over & get back with you. As to scans, to start, just do a regular Malwarebytes scan, and attach a copy of that scan-report. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 24, 2022 ID:1529840 Share Posted August 24, 2022 When you get some quiet time / when you are not running any scans, take a moment & do this adjustment. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > By the way, later on, you need to take pro-active steps to get the MS update for Windows 10 so that it updates to build 21H2. As of the FRST report, this Windows is one build behind, Windows 10 Pro Version 21H1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 8, 2022 ID:1531736 Share Posted September 8, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts