Jump to content

I have different named trojans being detected weekly

rkzco
 Share

Recommended Posts

rkzco

rkzco

Posted
Posted

Hi, about three and a half weeks ago, I downloaded a few files, which I don't have any more, off of the internet for a music program, and one of them seemed to have trojans. They were detected on Windows as 'Win32/Wacatac.H!ml', located in 'C:\ProgramData\HJKECAAAFH.exe', which from my knowledge isn't even a thing, and the other also called 'Win32/Wacatac.H!ml', located in 'C:\ProgramData\AAFBAKECAE.exe', and 'C:\ProgramData\IJJKKJJDAA.exe'. I ended up deleting the trojan through Windows, changing my passwords and everything else just to make sure I was safe. I ran multiple scans that day, and they all came back as 'Detections - None'. I still did this early in the day after to be 100% sure there was nothing else aswell and it was just a one off. Later that night, another was detected on Malwarebytes, called 'Trojan.PyengyLoader' and located in 'C:\Users\(name)\AppData\Roaming\menu\'. I went ahead and checked the folder whilst the trojan was quarantined, and there was nothing out of the ordinary to be seen. I ended up deleting the folder which Malwarebytes said it was in, deleting the trojan through Malwarebytes, running multiple scans, and them all comimg back with 0 detections - whether I scanned with Malwarebytes or Windows. From that point everything seemed fine for about two weeks, until last week the same trojan was detected called, 'Trojan.PyengyLoader', and was detected in 'C:\Users\(name)\AppData\Roaming\menu\WBXTRACE.DLL'. Malwarebytes had said I deleted it previously, which makes me think it must be a new version of the trojan, or some sort? Unless they keep returning after deletion. I then deleted it, ran scans, and they all came back with 0 detections on Windows and Malwarebytes again. Everything seemed fine again, until yesterday evening, when a completely new trojan was detected on Malwarebytes, called, 'Trojan.Meterpreter', and located in 'C:\Users\(name)\Downloads\SDL\Project\TEMPCODERUNNERFILE.exe', which had me very confused, as that's apart of my university coursework (the folder). This had me thinking that the trojans must have been scattered around my computer, if that's even possible, and Malwarebytes not detecting them all at once. Or, new ones are being injected into my computer randomly. I have lots of university work on my computer, set for deadlines, and I hope this can be resolved calmly. My laptops performance has stayed the same over the entirety of the time which these virus' have been being detected. I hope someone can help resolve this problem. Thanks! 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @rkzco and :welcome:

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the logs. Please run the following

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool 

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the log. That scan found no issues.

Please run the following scan

 

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

[ 1 ]

Please make the following system changes.

  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

[ 2 ]

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

Thank you

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the logs. Please do the following. I'll check back on you again tomorrow. It's past midnight for me.

 

Please update the following as appropriate for your computer

 


Please uninstall the following

---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.22  (computer experts no longer recommend this program)
Bonjour v.3.1.0.1 (this program is rarely needed on Windows but often causes networking issues)


Then RESTART the computer and check for Windows Updates and install any updates found.

 

Then restart again and let me know if there are still any signs of infection or not or any other unresolved issues.

Thank you

 

 

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.