Jump to content

Redline malware on computer

oxy324
 Share

Recommended Posts

oxy324

oxy324

Posted
Posted

So I had a topic opened before about possible malware on my pc when my cousin downloaded malware and now both me and my brother got NJ documents saying our passwords were compromised as well as the name of the malware and the file caught named redline malware or something any scanners or help knowing how to get rid of it

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted (edited)
6 hours ago, oxy324 said:

It was part of like a cybersecurity website owned by the government 

Could you please elaborate.  Attaching any documents would be helpful.

I ask as there are entities masquerading as the Gov't including that of the NJ Gov't.

Example alert from the NJCCIC

https://www.cyber.nj.gov/threat-landscape/phishing-online-scams/impersonation-scams/trust-in-government-online

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Like 1
Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted (edited)

@oxy324

Please check your email address(s) on https://haveibeenpwned.com/

Your Forum email address was was shown on a 2020 Breach and it may be the same or different than the email address associated with the RedLine Stealer dump notification.

It does mean that passwords need to be changed, using a new Strong Password, ASAP on any/all accounts that may be be associated with them.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

RedLine Stealer is a apassword and data stealing trojan, it not a virus.

According to the NJCCIC the Email and Address and Password were harvested by this trojan and placed on a dump site which was recovered.  You were found in the dump, thus the notification.

The Breaches is another data point to be aware of to help you protect yourself.

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted (edited)

No.  I'm sorry if the information I provided gave you that impression.

They are completely different events.  they have have no association with each other than than your Email and Password are associated with both.

1.  The Trojan.

As a Trojan and not a virus it does not spread from file to file or PC to PC.  To get installed on a PC it needs assistance.  The most common method is Social Engineering.  That is the Human Exploitation of emotions, desires, fears, wants, loneliness, and other aspects of being Human.  For example the desire of Gaming. Many like to play computer Games,  A Social Engineering ploy would be toe exploit that gaming desire and send spam, SMS messages or have a web site that purports to be a NEW Game !  It is in Beta and they want people to try it.  You do and BINGO - you are infected with a trojan such as the RedLine Stealer (a password and data stealing trojan).

2.  Breaches

There are services and web sites or third parties to the services and web sites we use as consumers.  During our journey through life, we are told to create accounts for these services or web sites or we use services that we just provide our Personal Identifiable Information (PII) to.  Such as a Doctors office or Insurer.  Malicious actors probe these services for vulnerabilities and attempt to exploit them for their political or monetary gain.  When these malicious actors are successful, the intended objects are "breached" of their defenses.  They have broken in.  Just like a Medieval Knight Breaches a Castle.  When a web site or service is thusly affected they are deemed to be "Breached."  If you were a party to a web site or service that had data exfiltrated, specifically including YOUR data, you become a part of that Breach.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Let's go ahead and do some scans to make sure there is nothing currently wrong with the system.

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool 

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.