Jump to content

Recommended Posts

hi, I've got 2 laptops and I think both are infected with something ...

1. Windows 11 , was preinstalled and I didnt make it to format and reinstall OS because I cant make it to get the product key out of it ;'( .. the tool "SpyDLLremover" shows up 3 unknown rootkits, but malewarebytes premium scan shows none..

2. Windows 10, older dell laptop, formated , fresh windows install + wasn't connected to the internet so far, but after the secound restart tons of svchost processes showed up and windows firewall was/is disabled (but looks active in the gui) malewarebytes premium scan shows nothing too

I attached the Farbar scans of both (FRST and FSS) and I also added the gathered logs from malewarebytes support tool

hopefully someone can help me out and get me few tipps how to clean these laptops anyhow :'(

Win10.zip Win11.zip

Link to post
Share on other sites

  • Root Admin

Hello @ssH2n and :welcome:

Please run the following on both systems

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

ok, thanks. 

I did that on both systems, .. funny that it doesn't show anything on the Win10 device (because SpyDLLremover detected more rootkits on it)

on the Win11 Laptop it has shown 3 threats and it removed/repaired them after the scan

+ I just triggered another scan on both to see if there are different results

but I attached the logs of the first scan of both

cureit_Win10.txt cureit_Win11.log

Link to post
Share on other sites

  • Root Admin

Windows 10 system

ATTENTION: System Restore is disabled (Total:118.2 GB) (Free:84.63 GB) (72%)

Please enable System Protection and create a NEW System Restore Point on the Windows 10 system.

 

How to Turn On or Off System Protection for Drives in Windows 10
https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html

How to Create a System Restore Point in Windows 10
https://www.tenforums.com/tutorials/4571-create-system-restore-point-windows-10-a.html

 

 

 

Next, Please run the following fix on the Windows 10 computer

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\ucrY.mk\Desktop\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

@ssH2n

If you wish to obtain help on Bleepingcomputer that is fine, but we'll close the topic here. You can only work on the computer from one resource as that wastes time and resources for everyone

If you wish to continue here then let Bleepingcomputer know and close that topic.

Thank you

 

Link to post
Share on other sites

done with the fix.

I copied the fixlog before restarting the win 10 device and attach it here

after the restart I got a bluescreen and at the next boot try it shows up recovery with 2 options

1. repair system 2. reboot

I took the reboot and now it boots to the startlockscreen but when I hit space to get to the password promt it throws me to the bluescreen again (Your device ran into a problem....)

Fixlog-Win10.txt

Link to post
Share on other sites

Hi there, sorry I had an accident and was in hospital the last days

+ sadly even after restoring the system with the restorepoint the startup failed so I did reset it.

now it is booting normal and we can go on to clean/repair it

I attach the latest logs made after the reset

Win10-Logs.zip

Link to post
Share on other sites

  • Root Admin

Since the computer has been reset I'd hope it's clean now, but let's start from the begging and do some scans

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

I downloaded all these tools you mentioned, but I wanted to try another clean OS install, 

first for the windows 10 then the system with the 11 on it.

Last time I tried to fresh install win10 I created the boot stick with the windows media creation tool, this time I used rufus and win10.iso

could you please have a look on the rufus logs from creating the boot stick? (cause if the bootstick is already compromised it won't make any sense to install it )

rufuslogCP.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.