Jump to content

Another infection, Windows Security Hacked : GrayWare/MSIL.Kryptik.eve


Go to solution Solved by RenatoKorr,

Recommended Posts

When i playing, my fps drops inusually in a moment. I go fast to Windows Security and... i take a photo later. Remember that after formatting, I went straight to playing lol with my friends and forgot to install mwbytes...

These are the logs. 

When i start to download Adw, A strange FRST64English.exe file appear in my downloads folder... Before deleting it, I checked the executable on virustotal.com and it gave me that result.

The file appeared out of nowhere and was infected with that, how could it be possible that a virus fell on me from the sky????

My HDD disappeared from file explorer... And windows security is all hacked... I don't know what's happening XD HOWW???

In Windows main Folder i find these "DtcInstall" and "PFRO" 

Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt FRST.txt mbst-grab-results.zip

Link to post
Share on other sites

I thought that how another problem and another infection arose, I needed another post so as not to mix things up or I don't know :/ I'm already tired of this I think xd

 

I did everything you said, I followed all the steps, but the virus keeps appearing again and again XD

Link to post
Share on other sites

This is what Windows AV looks like, I know you don't understand Spanish so I'll explain to you that basically all the words are jumbled up, they don't make grammatical sense and there is always %1ls or something like that somewhere... That's why I was asking you if it was safe to reinstall Windows... this happened after formatting... as I told you, I followed all your steps and the virus does not disappear xd

image.jpg

Link to post
Share on other sites

  • Root Admin

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

  • Root Admin

Okay, if wanted we can try to clean and repair it. However since you were going to rebuild the other computer, maybe try that first and see how that goes and decide if you want to rebuild this one too.

If you want to continue and try to clean it, let me know.

 

Link to post
Share on other sites

Ehm, this is the previous PC, so far everything that has happened is on my PC. And yes, please, if you know any way to repair all this, I would really appreciate it. The truth is, luckily I'm on vacation, but if this had happened to me working or studying, I would be dead. 

 

 

I was able to secure the other PCs, but this one has given me problem after problem. Every time I format it, viruses appear...

Link to post
Share on other sites

  • Root Admin

Almost guaranteed if you have an infection return it is because of syncing with something Online. I know the world loves that but if something goes wrong, well that same garbage is pushed down to a fresh new machine too.

Google Chrome is one of the most common ones that does that.

Please run the following one more time.

 

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

The Farbar (FRST) program is located here in your Desktop folder:  

Please follow the process below to perform a fix in Safe Mode

 

Start in Safe mode:

  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.


After that:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

 

Start::
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
GroupPolicy: Restriction
End::

 

  • Right-click on FRSTEnglish in your Downloads folder, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in your Downloads folder or where you have the Farbar program located.
  • Attach that log in your next reply.
 
Thank you
 
 
Link to post
Share on other sites

I have news, I went to the Windows applications and features and deactivated several printer options and things like that (I don't have a printer and I have never configured anything for it), I also uninstalled a language pack, since this Windows came in English, everything It was normal, even Windows Security, but suddenly they stopped the process, I restarted it quickly, but I saw that there were several very suspicious fax and printing processes... this is very strange XD

I also uninstalled Snipping Tool but it appeared again in the programs... Something tells me that the virus is hidden in the Windows system files, I don't know where so much printing configuration comes from if I've never connected a printer.

Link to post
Share on other sites

In the task manager there are quite a few processes about credentials and user accounts xd such as Windows Logon, Windows Session, Credential Guard, Workstation etc... The previous time they had removed permissions on files and folders and modified the internal Windows applications. Everything indicates that it is a very elusive malware

Link to post
Share on other sites

The last time I logged into my Microsoft account, Windows security crashed and the system started crashing. I quickly disconnected the internet and formatted the drive, but I think I got a backdoor or something like that. So far we haven't found anything, but suddenly Windows security stops and the problems start. I don't know where the virus is hosted, but I'm still worried that the system won't detect my HDD (I have three disks, an SSD for Windows, an HDD for data and another SSD for games). It detects both SSDs but the HDD only detects it. device manager as connected and working, but it doesn't appear in the browser. Will it be a consequence of the virus?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.