Jump to content

malware "TorrentProPro"

Yulduz
 Share

Recommended Posts

Yulduz

Yulduz

Posted
Posted

Hello, I am having trouble with my computer. It seems i have a malware that says "torrentProPro" when i erase it it comes back. I am not able to download and scan my computer with malwarebytes since its banned in my country and i am also not able to use VPN, it doesn't work either. Please help me!

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

@Yulduz

First, you have installed two antivirus programs with realtime protection. This may result in a conflict during our work here:

Quote

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 11.0.0.1127 - 360 Security Center)
AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 24.7.9311.1966 - Gen Digital Inc.)

Choose one you want to keep and uninstall the other one via Start > Settings > Apps.

 

 

Second, there are these two programs installed on your system:

Quote

SteamUpdate 5.3.9 (HKLM\...\11443c5e-ea59-5185-860b-52f995c2b40e) (Version: 5.3.9 - )
TorrentPro 8.2.8 (HKLM\...\732669f2-41f3-509e-ab20-966735fc2cd7) (Version: 8.2.8 - )

Have you intentionally installed this software? Please let me know.

I suggest to uninstall them as well via Start > Settings > Apps.

 

 

Third, I think that you have installed illegal pirated software (games) on your system:

Quote

Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version:  - torrent-igruha.org)
Call of Duty World at War (HKLM-x32\...\Call of Duty World at War_is1) (Version:  - torrent-igruha.org)
Grand Theft Auto San Andreas (HKLM-x32\...\Grand Theft Auto San Andreas_is1) (Version:  - torrent-igruha.org)

Please uninstall all of them. Malwarebytes does not support pirated games in any kind.. please see the link below:

 

 

After all of these uninstalls, reboot your system and run a fresh scan with FRST.

 

Thank you.

Edited by MKDB
Link to post
Share on other sites
Yulduz

Yulduz

Posted
  • Author
Posted

Thank you for reply. 

I didn't intentionally install torrent pro 8.2.8 and steam update 5.3.9. Torrent 8.2.8 is the malware itself. If you don't mind, the user name Alkan has the exactly same virus as I do 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Yulduz

Thanks for the update.

Please read through all of my instructios and uninstall all of these crappy software.

 

If you are not able to uninstall one of them, just let me know.

Reboot your system anyway in the end and run a fresh scan with FRST.

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Yulduz

I've noticed some malicious browser extensions as well... what a nasty crap. We will take care of these as well.

 

We will run a first fix with FRST.

 

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\79224\Desktop\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

fixlist.txt

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

@Yulduz

Good job, thanks for the logfile. We were able to remove a lot of unwanted objects.

 

First, regarding those games that you want to remove... try to run the following uninstallers:

Quote

C:\Program Files (x86)\Age of Empires II Definitive Edition\unins000.exe
C:\Program Files (x86)\Call of Duty World at War\unins000.exe
C:\Program Files (x86)\Grand Theft Auto San Andreas\unins000.exe

If that does work due to an error message, you can manually remove these three folders instead:

C:\Program Files (x86)\Age of Empires II Definitive Edition
C:\Program Files (x86)\Call of Duty World at War
C:\Program Files (x86)\Grand Theft Auto San Andreas

 

After that is done, reboot your system.

Let me know how things are going on your machine regarding TorrentPro and other unwanted software... what is left and needs to be done from your point of view?

 

 

Second, I would like you to run a fresh FRST scan to check the results from our first FRST fix. We need to run another fix.

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Edited by MKDB
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

@Yulduz

Thanks for your detailed feedback and the logfiles.

 

We will run another fix with FRST to remove the last leftovers (Step 1). This fix will also check windows system files. It may take some minutes.

As you have already deleted the folders of the games, nothing to do here anymore regarding the folders. We will remove another regkey from another game so that it won't be listed under Settings > Apps anylonger.

Moreover, I would like you to run SecurityCheck as well (Step 2).

 

 

1️⃣

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\79224\Desktop\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

2️⃣

Follow these instructions for running SecurityCheck:

 

 

 

fixlist.txt

Edited by MKDB
Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Yulduz

Thanks again!

No problem with russian here... I do use translators if needed.

 

 

You should update some programs (if your still need them) or uninstall them (if you don't need them anymore) or otherwise address these:

AVG AntiVirus Free v.24.7.9311.1966 Внимание! Скачать обновления
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 v.14.34.31931.0 Внимание! Скачать обновления
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 v.14.34.31931.0 Внимание! Скачать обновления
Discord v.1.0.9006 Внимание! Скачать обновления
Viber v.17.7.0.0 Внимание! Скачать обновления
µTorrent v.3.6.0.47134 Внимание! Клиент сети P2P с рекламным модулем!.
Java 8 Update 51 (64-bit) v.8.0.510 Внимание! Скачать обновления
^Удалите старую версию и установите новую (jre-8u421-windows-x64.exe - Windows Offline (64-bit))^

McAfee Security Scan Plus v.4.0.135.1 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.

 

 

 

Thank you for your cooperation. You can use KpRm to remove FRST and other tools.

 

Please download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, select Delete Tools under Actions.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

 

A few final recommendations can be found here:

 

 

 

Further reading if you like to keep up on the malware threat scene:

Malwarebytes Blog  https://blog.malwarebytes.com/

 

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well.

We're glad that we were able to assist you.

 

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.