Help with virus. Installed a fake version of blender

[XirdasPL]

Hi evryone

I was trying to download blender onto my computer, but when I searched it on chrome, the first result was this website that only fake orignal download page for blender, I didn't realize this website was fake until I actually tried installing the program. It didn't seem to do anything at first. But now i have problems with leaked passwords from my accounts. I scaned computer with malware bytes and buy profesional version of it. The program find some viruses but still have problems with leaked passwords (i changed all paswords after that). 

I've seen that you've been helping others with this issue by creating reports from FRST. It appears that soQmeone is able to gain controll of my chrome browser, they've tried to access my other accounts. Would you be able to create a fixlist for me?

Here are my logs from FRST Scan
 

 

https://drive.google.com/file/d/1U4uvt42V5DfxCrepHkVt1jMAvav6rF-H/view?usp=share_link

https://drive.google.com/file/d/1kOvZamvSHzwjO9BPjvZEGPxn8FTqjLmc/view?usp=share_link

 

 

If you're able to help I'd really appreciate it.

 

Best,

Lukasz

Edited March 5 by AdvancedSetup
Disabled live hyperlink

[1PW]

Hello @XirdasPL and :

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

1. Download the Malwarebytes Support Tool.
2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
4. Run the MBST Support Tool.
5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

[XirdasPL]

I scaned with that tool. Here is a file. mbst-grab-results.zip

[AdvancedSetup]

Hello  and       @XirdasPL

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

• Please follow all steps in the provided order and post back all requested logs
• Please attach all log files to your post, unless otherwise requested
• Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
• Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
• Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
• Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
• Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
• Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
• Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
• Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
• If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

• CCleaner (computer experts no longer recommend this program)

 

[ 2 ]

Please run the following fix. Temporarily disable your Avira real-time protection.

 

NOTE: Please read all of the information below before running this fix.

• NOTICE: This script was written specifically for this user, for use on this particular machine.
• Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\lukka\Downloads\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases.
3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[XirdasPL]

Hi thx for instructions and fix list.

 

I run a repair here are file that was generated: 

Fixlog.txt

 

Is there any other steps?

 

Thanks

Lukasz

[AdvancedSetup]

Thank you for the log @XirdasPL

The script ran well, but when it went to check the Windows system files it ran into an issue and did not run correctly.

The DISM command returned the following error.

Error: 0x800f081f

The source files could not be found.

 

When DISM failed, that caused SFC to also fail.

Windows Resource Protection found corrupt files but was unable to fix some of them.

 

Please review and follow the directions from the following topic which should help you to correct this issue.

Using SFC and DISM to correct file corruption

 

Thank you

 

 

[XirdasPL]

Hi. 

I was going acording to the topic you sended. Here are my results

 

Is there any other steps that i should fallow. Or are we do all what need be done? Do i get "all clear"?

 

Thanks for all help you give me so far.

 

Best

Lukasz

[AdvancedSetup]

No, that looks like it ran correctly that time. Thanks @XirdasPL

Please run the following now

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 

Select the     Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt   Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.   That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed...   Thank you

 

 

[XirdasPL]

Ok here are results of scan:

 

Here are log files created by kaspersky. I packed them as zip file becouse forum dont allow extendions from kaspersky to add directly to forum

 

Thanks

Lukasz

report_2023.03.07_08.17.34.zip

[AdvancedSetup]

Unless you really want or need those files I would suggest you delete them. If you really want to keep them then submit for review on https://virustotal.com and see what other AV engines think of them too.

Please clean up Google Chrome as well

 

Please follow the directions from the following topic.

 

Thank you

 

[XirdasPL]

I have a question. Do i really need to clear all data from chrome (a special all paswords and bookmarks)? Thats collection of some years and im afraid that for me is big loss to lose.

Is there any posibilites to clear other that from chrome and leave that 2 options not cleared?

 

Thank for reply and all Helps to this point.

Lukasz

[AdvancedSetup]

Nope you don't have to do anything. It's your computer. But I would suggest you make sure you have a FULL backup of your entire computer if you're that tied to a browser and the junk it has in cache and cookies as it can easily be damaged and then what would you do?

If the computer is working okay for you now and you have no other issues then let me know and we'll clean up and finish.

Cheers

 

[XirdasPL]

Sorry for not replaying so long i was checking if some strange thinks still ocurs. Right now i think everythink is allright. So i would skip that part of clearing google chrome. 

Is there any other step that should be done to finish?

 

 

Thanks for all help that you provide me so far

Lukasz

[AdvancedSetup]

No, if you're no longer having issues we should be done here now @XirdasPL

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please attach that file to your next reply. (not compulsory)

 

1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
   https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

[XirdasPL]

Hi

sending logs kprm-20230317160646.txt

[AdvancedSetup]

Great, all looks good @XirdasPL

I will go ahead and close your topic now and wish you well.

Take care and stay safe out there.

Cheers

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you