trojan virus

[JSntgRvr]

FRST64 was saved as C:\Users\user\Desktop\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. There will be a zipped folder created on your desktop. Please attach the latest of those folders also.

[Alkan]

Here is the new zip and the fixlog folders. A personal request, the account Yulduz has the same problem with me as well, if you would help them as well if they arent being helped yet, i would appreciate it so much.

thank you so much

 

Fixlog.txt 31.08.2024_19.23.05.zip

[JSntgRvr]

Please remove these programs:

TorrentPro 8.2.8 (HKLM\...\732669f2-41f3-509e-ab20-966735fc2cd7) (Version: 8.2.8 - )
Warcraft 3 (HKLM-x32\...\Warcraft 3_is1) (Version:  - torrent-igruha.org)
 

FRST64 was saved as C:\Users\user\Desktop\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. 

[Alkan]

Here is the fix. How can i erase those two files? i don't know where they are located. Can you help?

 

Fixlog.txt

[JSntgRvr]

Check again.

[Alkan]

it says this when i am trying to erase. and torrent pro 8.2.8 doesnt come out as well.

[JSntgRvr]

FRST64 was saved as C:\Users\user\Desktop\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. 

[Alkan]

here is the latest fixlog. I don't know where else this malware could go i only found the ones that i sent you on my screenshots. 

Fixlog.txt

[JSntgRvr]

I believe it was previously removed. Check your computer.

[Alkan]

I think i remember removing it by hand 1 or 2 days ago. I cant find it in any directories. 

[JSntgRvr]

Stay away from torrents, P2P networks and Registry cleaners.
 
Many peer-to-peer networks are under constant attack by people with a  variety of motives.
 
Examples include:

• poisoning attacks (e.g. providing files whose contents are different than the description)
• denial of service attacks (attacks that may make the network run very slowly or break completely)
• defection attacks (users or software that make use of the network without contributing resources to it)
• insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
• malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
• filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
• identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
• spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Check your computer for any remnant and let me know to Clean-up.

[Alkan]

Would a restart bring those files back right now?

[JSntgRvr]

Give it a try.

[Alkan]

You are a legend! They arent back at all! I dont know where else i can have because these were the only ones i could spot with my eyes. Can we further check? Or do you think its sufficient sir

[JSntgRvr]

I believe we have searched every corner of the computer, so lets cleanup.

Please download KpRm by Kernel-panik and save to your Desktop.

• Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10/11 users right-click and select Run As Administrator.

• Put a check mark next to these items:

- Delete tools

- Delete Restore Points

- Create Restore Point

- Delete now

• Click the "Run" button.

• When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

• Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  https://www.howtogeek.com/780233/best-password-manager/
• Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
• Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
• Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
• Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
• Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection

Remove the zipped folder from your computer. You can always contact me if remnants appear.
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Regards.

[Alkan]

As for my final request can you please check the forum of Yulduz as well? they have the same problem as i do exactly the same malware and in need of help. Or if someone is working on their project maybe they can use this thread to get information about the said malware. 

 

Thank you so much for the time you spent on me. I will appreciate it for a lifetime.

[JSntgRvr]

An expert is already on it. I will just keep an eye on it in case he needs help.

 

Be safe.

[Alkan]

Thank you so much. Have an excellent day!