Jump to content

Trojan.Malpack.RND keeps repeating itself and i cant remove it


Recommended Posts

Hey everyone, i have a problem

after much time, i decided to run a virus scan on a software that wasnt windows defender (i ran the scan on malwarebytes) and found something like 136 viruses, after deleting all of them successfully i noticed that there was one of them that kept repeating itself, its name is "Trojan.Malpack.rnd" and after googling for hours how to delete it i came to the conclusion that the only way to remove this kind of malware is by having someone to help me directly.

Please, can somebody help me?

Malwarebytes 09_06_2024 20_09_50.png

Link to post
Share on other sites

2 minutes ago, vqmxza said:

Hey everyone, i have a problem

after much time, i decided to run a virus scan on a software that wasnt windows defender (i ran the scan on malwarebytes) and found something like 136 viruses, after deleting all of them successfully i noticed that there was one of them that kept repeating itself, its name is "Trojan.Malpack.rnd" and after googling for hours how to delete it i came to the conclusion that the only way to remove this kind of malware is by having someone to help me directly.

Please, can somebody help me?

Malwarebytes 09_06_2024 20_09_50.pngmbst-grab-results.zip

 

  • Thanks 1
Link to post
Share on other sites

Hello  @vqmxza  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

 

Please give me some time to review what you have posted!

Thank you!

Edited by MKDB
Link to post
Share on other sites

4 minutes ago, MKDB said:

Hello  @vqmxza  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

 

Please give me some time to review what you have posted!

Thank you!

Hi MKDB! Thank you for answering, i have attached the mbst-grab-results.zip in the quote of the post, but here it is again in case you missed it. Do you need any other files?

mbst-grab-results.zip

Link to post
Share on other sites

@vqmxza

There is a lot of stuff to do on your system.

 

First, we will use Farbar Recovery Scan Tool (FRST) to run a fix. FRST was downloaded together with MBST and should be located in your download folder.

The fix may take some time, please be very patient and do not interfere.

More steps will follow later.

 

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\emmam\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

 

fixlist.txt

  • Thanks 1
Link to post
Share on other sites

 

1 hour ago, MKDB said:

@vqmxza

There is a lot of stuff to do on your system.

 

First, we will use Farbar Recovery Scan Tool (FRST) to run a fix. FRST was downloaded together with MBST and should be located in your download folder.

The fix may take some time, please be very patient and do not interfere.

More steps will follow later.

 

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\emmam\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

 

fixlist.txt 55.06 kB · 1 download

Thanks for the answer MKDB,

i did what you told me to do and the program told me to restart the computer, i restarted the pc and when i did it i got a notification from Malwarebytes saying that it blocked a website because of a trojan, does that mean it worked? Do i have to ignore it? I'll send a screen, sorry if it's in italian. The fixlog file was created aswell, i'll send you it too.

Malwarebytes Tray Notification 09_06_2024 22_35_35.png

Fixlog.txt

Link to post
Share on other sites

@vqmxza

Well done. We were able to repair some things.

But as I've already said, more steps will follow as the malware has the ability to restore itself.

 

Next, please run AdwCleaner.

Moreover, I do need new logfiles from FRST and FSS.

 

 

1️⃣

Please follow these instructions and run AdwCleaner. Finally, attach the logfile from AdwCleaner:

 

 

2️⃣

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

3️⃣

Please follow these instructions and attach the logfile from FarbarServiceScanner (FSS):

 

 

Edited by MKDB
Link to post
Share on other sites

4 minutes ago, MKDB said:

@vqmxza

Did you let AdwCleaner remove all of these craps?

what do you mean? what i did with adwcleaner was: putting all of the settings as it said on the link and scan, after it just opened a windows with some viruses it found but i didn't uncheck them because it only said to uncheck files marked as preinstalled software, and i did that on the second page it opened after the viruses page.

Link to post
Share on other sites

@vqmxza

Probably, the last fix with FRST took too much time to finish, so the malware re-created itself.

We will run a much quicker fix now in order to get this solved. Make sure to let FRST reboot your system once you get the message.

Thanks again for your cooperation!

 

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\emmam\Dropbox\PC\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

fixlist.txt

Link to post
Share on other sites

3 minutes ago, MKDB said:

reboot your system once you get the message

what message do i have to get? i'm asking before just in case i miss something while the fix procedure.. sorry if i seem a bit stupid 😅

Link to post
Share on other sites

@vqmxza

Great job! 😃

 

Now, let's run new scans with FRST and FSS again in order to check the results.

 

 

1️⃣

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

2️⃣

Please follow these instructions and attach the logfile from FarbarServiceScanner (FSS):

 

Link to post
Share on other sites

@vqmxza

I suggest to run ESET and KVRT for a second opinion now. We are not fully done.

Regarding Windows Defender repair, let's ask @AdvancedSetup.

 

 

1️⃣

Download Kaspersky Virus Removal Tool (KVRT) and save it to your Desktop.

  • Select the Windows Key and R Key together, the Run box should open.
  • Copy and paste the following string into the line:

C:\Users\emmam\Desktop\KVRT.exe -dontencrypt

  • Select „Ok“ in the Run box.
  • If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
  • An EULA window from KVRT will open, tick all confirmation boxes then select "Accept".
  • A window from KVRT will open, select "Change Parameters".
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.
  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report_<data>_<time>.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply.

 

 

2️⃣

Let me have you run a different scanner to double-check.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe".
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes.
  • When prompted for scan type, Click on Full scan
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.  (e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  (in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

 

 

Edited by MKDB
Link to post
Share on other sites

13 hours ago, MKDB said:

@vqmxza

I suggest to run ESET and KVRT for a second opinion now. We are not fully done.

Regarding Windows Defender repair, let's ask @AdvancedSetup.

 

 

1️⃣

Download Kaspersky Virus Removal Tool (KVRT) and save it to your Desktop.

  • Select the Windows Key and R Key together, the Run box should open.
  • Copy and paste the following string into the line:

C:\Users\emmam\Desktop\KVRT.exe -dontencrypt

  • Select „Ok“ in the Run box.
  • If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
  • An EULA window from KVRT will open, tick all confirmation boxes then select "Accept".
  • A window from KVRT will open, select "Change Parameters".
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.
  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report_<data>_<time>.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply.

 

 

2️⃣

Let me have you run a different scanner to double-check.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe".
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes.
  • When prompted for scan type, Click on Full scan
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.  (e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  (in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

 

 

Here are the logs from the KVRT and ESET scan, some files found from ESET are actually programs I use for game modding, but I would still like to delete them because right now I really prefer to be more careful with what I have on my pc. I haven't found a way to delete quarantined files in the ESET program, do you know how? Or do I just leave them there?

log.txt report_2024.06.10_21.50.09.klr.txt

Link to post
Share on other sites

@vqmxza

Thanks for your logfiles and the detailed feedback.

Those quarantined files in ESET will be deleted at the end of the cleaning process anyway... no need to do that manually now.

 

Let's run another short fix as well as fresh scans from FRST and FSS.

Thanks again!

 

 

1️⃣

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\emmam\Dropbox\PC\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

2️⃣

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

3️⃣

Please follow these instructions and attach the logfile from FarbarServiceScanner (FSS):

 

 

 

fixlist.txt

Link to post
Share on other sites

@vqmxza

Great! No malware visible in the logfiles. 😃

Do you still have problems with Windows Defender? If so, you could try these methods:

https://www.lifewire.com/reinstall-windows-defender-in-windows-11-5546960

 

@AdvancedSetup Do you have more options on how to repair Windows Defender?

 

@vqmxza

Please follow these instructions and run SecurityCheck:

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.