nillle Posted December 5, 2023 Author ID:1603477 Share Posted December 5, 2023 i found another ressource in Germany to DL KCRT_20.0.11.0.exe Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603480 Share Posted December 5, 2023 5 minutes ago, nillle said: i found another ressource in Germany to DL KCRT_20.0.11.0.exe ok, the above version of KVRT said it's outdated. After clicking the deeplink, KVRT.exe was downloaded - so I guess I got what you described, but I couldn't DL from the US website. Link to post Share on other sites More sharing options...
JSntgRvr Posted December 5, 2023 ID:1603481 Share Posted December 5, 2023 I am contacting a colleague for other scanner, Dr. Web, I am sure he will contact me soon. Meanwhile, were the files deleted? Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603482 Share Posted December 5, 2023 Just now, JSntgRvr said: I am contacting a colleague for other scanner, Dr. Web, I am sure he will contact me soon. Meanwhile, were the files deleted? yes, a big portion of them, thank you. I manually deleted some from the desktop etc, but this was a good help. KVRT's scan is running now. and I forgot to attach fixlog.txt Fixlog.txt Link to post Share on other sites More sharing options...
JSntgRvr Posted December 5, 2023 ID:1603483 Share Posted December 5, 2023 Browse to the C:\FRST folder. Open the folder. You will see a Quarantine folder. Zip that folder and attach that zipped file to your reply. Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603485 Share Posted December 5, 2023 seems I have to wait for KVRT to be done with the scan for that?! - I get error messages that some files are blocked. Link to post Share on other sites More sharing options...
JSntgRvr Posted December 5, 2023 ID:1603487 Share Posted December 5, 2023 OK Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603507 Share Posted December 5, 2023 when zipping the FRST Quarantine I (still) get the following output ("Zugriff verweigert" = "Access denied") C:\FRST\Quarantine\C\ProgramData\NTUSER.pol.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineQC.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\chrome_installer.log.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\MpSigStub.log.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\msedge_installer.log.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmp1061.tmp.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmp1948.tmp.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmp1FA6.tmp.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmp58DC.tmp.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmpCD04.tmp.xBAD Zugriff verweigert C:\FRST\Quarantine\C\WINDOWS\Temp\tmpF683.tmp.xBAD Zugriff verweigert Quarantine.zip report_2023.12.05_19.21.10.klr.zip Link to post Share on other sites More sharing options...
JSntgRvr Posted December 5, 2023 ID:1603528 Share Posted December 5, 2023 How is the computer doing? Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603533 Share Posted December 5, 2023 on a technical level, it seems fine again! Data missing, obviously, but I will gather that from other sources again. Do you think it has been cleaned / restored with those last 2 Trojans deleted? Unfortunately, I had some unpleasant surprises (including a lot of unwanted email & even criminal activities), obviously because I didn't change accesses/pw's fast enough... Life lessons to learn, I suppose :-( Link to post Share on other sites More sharing options...
Solution JSntgRvr Posted December 5, 2023 Solution ID:1603537 Share Posted December 5, 2023 No one can say you are 100%, but you are well better than before. I would suggest you try Malwarebytes Pro. The full version of Malwarebytes could have protected your computer against this threat. We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Use this application to remove tools used and their quarantined items: Please download KpRm by Kernel-panik and save to your Desktop. Click on KpRm.exe to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator. Put a check mark next to these items: - Delete tools - Create Restore Point - Delete now Click the "Run" button. When the tool has finished, it will create and open a log report and delete itself. A few final recommendations: Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. Make sure you're backing up your files Keep all software up to date - PatchMyPC - Keep your Operating System up to date and current at all times - Further tips to help protect your computer data and improve your privacy: Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: Microsoft Edge: Mozilla Firefox: uBlock Origin Google Chrome: Microsoft Edge: Mozilla Firefox: Further reading if you like to keep up on the malware threat scene: Malwarebytes Bleepingcomputer Hopefully, we've been able to assist you with correcting your system issues. Link to post Share on other sites More sharing options...
nillle Posted December 5, 2023 Author ID:1603538 Share Posted December 5, 2023 Thank you so much for the guidance and good advice <3 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 5, 2023 Root Admin ID:1603539 Share Posted December 5, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts