Jump to content

Recommended Posts

Hello,

I've come to notice that these infected registry keys pertain to my drawing tablet in that quarantining them disables the tablet, but I also notice that my keyboard no longer produces subtle typos like double spaces and that my suspicious internet latency is gone. Unfortunately, there isn't any useful information nor solutions to be found upon googling the names of these registry keys. Unplugging and replugging the tablet restores them, as does installing/reinstalling the Wacom Bamboo CTH-461/S driver. My machine lacks a disc drive to accept the original disc that came with it, and I can't ensure that any driver software I download and install - even if it's from the original website - won't  be compromised by whatever sort of hidden remote access software is embedded within my machine.

image.png.47267e62c645ef599dcdfbb83f2ea154.png

 

Link to post
Share on other sites

  • Root Admin

This topic was moved to the False Positive forum to allow the Research Engineers to check on it.

Please gather some logs to assist

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

https://pastebin.com/15NwPyAb

Interesting how my mouse seems to double click, empty wordpad files with gibberish titles appear when I press Ctrl+Y in paint.net, and the executable  files I've opened like GZdoom or Drawpile have been detected by Sophos AV.

hijackthis1121.log hijackthis1121.log BUNNPC-333.txt my-ublock-dynamic-rules_2023-10-22_18.26.33.txt Addition.txt FRST.txt

Link to post
Share on other sites

@BreadmanYan

You posted lots of logs but not the one that was requested.

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

Link to post
Share on other sites

I tried SpyDLLRemover and found four entries that no other previously recommended antivirus has ever managed to pick up on. 
EDIT: This is a currently ongoing issue on my computer, as steam has given me a suspicious notification that suggested that something in my machine tried to hijack my steam account upon detecting and attempting to remove these four rootkits that have evaded the detection of every antivirus before it (e.g Malwarebytes, Windows Defender, KVRT, Sophos, FRST, ESET, AVZ).

image.thumb.png.865d58d040289b445ceb155c32d3603b.png

Edited by BreadmanYan
Context for clarification
Link to post
Share on other sites

28 minutes ago, Porthos said:

@BreadmanYan This thread is for the research staff to review possible false positives from your Adwcleaner scan, and NOTHING else.

Please refrain from any more posts or diagnosing your system. This is not the section for that.

I'm sorry, but what I had meant to report seems to be a symptom of a deeper issue on my machine, which I have reason to suspect are remote-access rootkits that launch upon startup that has managed to evade every modern cutting edge AV detection. All I want is for someone or something to detect the source of the infection which affects programs I use on a daily basis (i.e drawpile, discord, steam, paint.net, GZDoom, Wacom Bamboo, etc.) and remove it. Uninstalling and unplugging the tablet is not going to remove the source of the infection, and neither is simple abstinence - whoever got this malware onto my machine can simply wait for me to come back, and continue. 

Edited by BreadmanYan
Link to post
Share on other sites

3 minutes ago, BreadmanYan said:

I'm sorry, but what I had meant to report seems to be a symptom of a deeper issue on my machine, which I have reason to suspect are remote-access rootkits that launch upon startup that has managed to evade every modern cutting edge AV detection.

That is for another topic in the malware removal section.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.