Jump to content

Could someone make sure im not infected.


Recommended Posts

  • Root Admin

Hello @Xeno1234

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

11 hours ago, AdvancedSetup said:

Hello @Xeno1234

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

 

Addition.txt FRST.txt MBAM Scan.txt AdwCleaner[C00].txt

Link to post
Share on other sites

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

43 minutes ago, JSntgRvr said:
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Here is the log:
I did notice at some part it said access denied. I dont use Malwarebytes, I use Kaspersky, and it was placed in the Low Restricted group in Intrusion Prevention - this means that I believe some system restrictions were placed onto it. If something wasnt performed right I can redo it.

Fixlog.txt

Link to post
Share on other sites

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

How is the computer doing?

Link to post
Share on other sites

8 minutes ago, JSntgRvr said:
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

How is the computer doing?

Computer is running perfectly fine. I've not noticed any suspicious behavior, nothing weird in startup, nothing weird in applications, nothing weird in Kaspersky's Intrusion Prevention. I've noticed the System Process  using a bit of resources sometimes, but not always. It might use 5-10% of my CPU, which might be normal, im not too sure.
I just wanted someone to look cause I randomly just got the thought in my head of my pc having malware.

Fixlog.txt

Link to post
Share on other sites

It is all clear. Only orphaned entries and temp files were removed.

 

Congratulations.
 
Use this application to remove tools used and their quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and  delete itself.

A few final recommendations:

  • Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  • Make sure you're backing up your files
  • Keep all software up to date - PatchMyPC -
  • Keep your Operating System up to date and current at all times -
  • Further tips to help protect your computer data and improve your privacy:
  • Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

Further reading if you like to keep up on the malware threat scene:
 
Malwarebytes
 
Bleepingcomputer
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for contacting Malwarebytes. Regards. smile.png

Link to post
Share on other sites

50 minutes ago, JSntgRvr said:

It is all clear. Only orphaned entries and temp files were removed.

 

Congratulations.
 
Use this application to remove tools used and their quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and  delete itself.

A few final recommendations:

  • Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  • Make sure you're backing up your files
  • Keep all software up to date - PatchMyPC -
  • Keep your Operating System up to date and current at all times -
  • Further tips to help protect your computer data and improve your privacy:
  • Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

Further reading if you like to keep up on the malware threat scene:
 
Malwarebytes
 
Bleepingcomputer
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for contacting Malwarebytes. Regards. smile.png

So you didnt see any signs of infection? At all?

Link to post
Share on other sites

No malware was detected. Just locked files, which may have been locked by Kasperski.

Lets perform another scan to be sure:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit the ESET Online Scanner website

  • Click the One-Time Scan button to download the esetonlinescanner.exe file to the Desktop.
  • Double click esetonlinescanner.exe. then the GetStarted button.
  • Accept the Terms of Use  and the Get Started again.
  • Enable reccomended options, and continue.
  • Select the Full scan
  • Enable Eset to detect and quarantine potentially unwanted applications
  • Click StartScan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Attach the ESET log.txt report.
 
Don't forget to re-enable previously switched-off protection software!!

Link to post
Share on other sites

31 minutes ago, JSntgRvr said:

No malware was detected. Just locked files, which may have been locked by Kasperski.

Lets perform another scan to be sure:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit the ESET Online Scanner website

  • Click the One-Time Scan button to download the esetonlinescanner.exe file to the Desktop.
  • Double click esetonlinescanner.exe. then the GetStarted button.
  • Accept the Terms of Use  and the Get Started again.
  • Enable reccomended options, and continue.
  • Select the Full scan
  • Enable Eset to detect and quarantine potentially unwanted applications
  • Click StartScan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Attach the ESET log.txt report.
 
Don't forget to re-enable previously switched-off protection software!!

I will do this scan tommorow.

 What were some of the locked files? I don’t believe anything was placed into the “untrusted” category in Kaspersky (meaning zero file access and cannot start), but I might be wrong.

Link to post
Share on other sites

Quote

"ESProtectionDriver" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => \??\C:\Windows\system32\drivers\mbae64.sys <==== ATTENTION (Rootkit!/Locked Service)
"mbamchameleon" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\mbamchameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service)
"MbamElam" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MbamElam => system32\DRIVERS\MbamElam.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMFarflt" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt11.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMService" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMService => "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" <==== ATTENTION (Rootkit!/Locked Service)
"MBAMSwissArmy" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMSwissArmy => \SystemRoot\System32\Drivers\mbamswissarmy.sys <==== ATTENTION (Rootkit!/Locked Service)
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \??\C:\Windows\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service)

 

Link to post
Share on other sites

Kaspersky popped up with this today. I know what it is, its a fractueiser sample I sent in a .7z file to their Virus Labs through email. I delete it at this spot but it keeps coming back. Its inactive malware, but what should I do?

image.thumb.png.e3fb618240f8fbb3f835bc232f0e5c32.png

Link to post
Share on other sites

Wow. That is deep within your mail client.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

Didn't find files in that location.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

18 hours ago, JSntgRvr said:

Didn't find files in that location.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Fixlog.txt

Link to post
Share on other sites

Lets attempt to delete files in that location.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved.
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

Edited by JSntgRvr
Typo
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.