Game ran something in cmd snd i found maleware

[mob122443]

maleware or game ran something in cmd

 

So i was running a game called darkstone cracked and a command promote opened up and ran some code and enabled or disabled something through  cmd on my laptop ive used malewbytes to quartine the maleware its called Floxif.Virus.Fileinfector.DDS](http://floxif.virus.fileinfector.dds/) how do i see what was run in the cmd and and whar should i do to make sure it didnt leave aby backdoors or more maleware on my system please help ive run bitdefender lite and it detected nothing currently letting windows defender do a scan but i havent found anything else suspicious 

[Porthos]

@mob122443

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
• Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes
      RESTART the computer <<<<< Important.
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

[mob122443]

So these are 2 logs i have 1 is from earlier one i ran that quarantined the maleware reran the malewarbytes and no detections

AdwCleaner[S00].txt Malwarebytes Scan Report 2024-08-31 165436.txt

[JSntgRvr]

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

• The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
• Close all open applications and locate the downloaded file and double-click to run it
• The program will take a moment to launch and bring up the License and Update screen
• Place a check mark to agree to the terms and then click on the Continue button
• Click the underlined link Select objects for scanning
• On the top left click the Scanning objects that should automatically check all objects
• Click the small wrench and make sure there is a check on Automatically apply actions to threats
• Then click the large button on bottom right Start scanning
• Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
• The log is saved in the folder named Doctor Web in the top of your user profile folders
• Please attach that log on your next reply

[mob122443]

Hi emailed them at bienvenue@drweb.com il update you as soon i get a reply

 

[JSntgRvr]

Very well. I am concerned about the infection with Floxif.Virus.FileInfector.DDS. A file infector will spread quickly. So, we need to confirm.

[mob122443]

Ya me to ive done several scans with malebytes should i delete it out of the quartine? 

[JSntgRvr]

Yes. It is a download file. Have you ran Dr. Cureit?

[mob122443]

No reply from with scanner code is there no other ones we Can try meantime

 

[JSntgRvr]

Lets try another scanner:
Please run the following ESET Online Scanner and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started.
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.
  

 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

[mob122443]

Hi so heres the log  it found 4 stuff i also ran windows scanner earlier that had just one thing called Hacktool:Win32/Autokms.B which it deleted pleasw let me know what to do next also thank you so much for your help i really appreciate never got maleware before especially such a scary one

esey.txt

[JSntgRvr]

How is the computer doing?

[mob122443]

The computer is fine also how i delete the files quarantined in eset it only shows a restore button to the files and i dont want to restore and what should do next? Thank you for your help once again

[JSntgRvr]

I don't believe you have to. Were they deleted from your desktop?

Lets cleanup. This utility will remove ESET.

Please download KpRm by Kernel-panik and save to your Desktop.

• Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10/11 users right-click and select Run As Administrator.

• Put a check mark next to these items:

- Delete tools

- Delete Restore Points

- Create Restore Point

- Delete now

• Click the "Run" button.

• When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

• Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
  https://www.howtogeek.com/780233/best-password-manager/
• Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
• Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
• Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
• Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
• Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

•   Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

• Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
• Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
• Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Regards.

[mob122443]

Yes they were quarantined from my laptop some of them were in folder on my desktop and it shows them in quarantine if i delete eset will they become unqurantined?? Thank you ill follow those instructions for the other stuff and let you know how it goes

[JSntgRvr]

I f you no longer see them, they must be gone.

[mob122443]

I clicked  that delete eset on close thing and removed which should remove the quartine items too?

[JSntgRvr]

I guess so.

[mob122443]

Also that cleaning  thing u told me  do i have to do immediately now or i can just leave the stuff so i can run scans for next few days incase it pops up and if doesnr show up in a few days il remove it?

[JSntgRvr]

Those tools are updated on a daily basis. You can download these whenever you need them.