Jump to content

Still unsure about my PC got malware/viruses


Go to solution Solved by SQx,

Recommended Posts

  • Solution

Hello,

1) Please provide more details why you think that you still have a malware?
 

2) Please do the following to run a FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
    Start::
    CreateRestorePoint:
    CloseProcesses:
    ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
    ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
    ExportKey: HKLM\SOFTWARE\Policies\Google
    ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Edge
    Task: {EFECAB76-72D6-4297-8F8A-CBCC2473682C} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
    Task: {63D0877D-D6FA-4727-88B4-4A732E63C7BC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
    Task: {77EEE861-0DD1-4388-ACC1-C15813AA7B28} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
    Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
    File: C:\WINDOWS\392667600.dat
    CMD: type  C:\WINDOWS\392667600.dat
    FirewallRules: [UDP Query User{06562090-D703-4FED-B618-FEF8F727C69E}C:\program files\tiktok live studio\0.61.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.61.0\tiktok live studio.exe => No File
    FirewallRules: [TCP Query User{96B92F13-B3F8-4C3E-AD4B-C21A0FEE8860}C:\program files\tiktok live studio\0.61.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.61.0\tiktok live studio.exe => No File
    FirewallRules: [UDP Query User{FCF62306-71CA-40CC-8489-4C0A00D31F85}C:\users\khetr\appdata\local\discord\app-1.0.9152\discord.exe] => (Allow) C:\users\khetr\appdata\local\discord\app-1.0.9152\discord.exe => No File
    FirewallRules: [TCP Query User{BA459273-53C7-44DD-94FA-2F0E4E84CD2C}C:\users\khetr\appdata\local\discord\app-1.0.9152\discord.exe] => (Allow) C:\users\khetr\appdata\local\discord\app-1.0.9152\discord.exe => No File
    FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
    FirewallRules: [UDP Query User{9BD6D0E8-A4C4-4A57-B60A-7BCD74B6E487}C:\users\khetr\appdata\local\bravesoftware\brave-browser\user data\lnbclahgobmjphilkalbhebakmblnbij\1.0.35\go-ipfs_v0.27.0_windows-amd64] => (Allow) C:\users\khetr\appdata\local\bravesoftware\brave-browser\user data\lnbclahgobmjphilkalbhebakmblnbij\1.0.35\go-ipfs_v0.27.0_windows-amd64 => No File
    FirewallRules: [TCP Query User{0D9F4FBC-EAF0-4EE9-A20A-04000B4166FD}C:\users\khetr\appdata\local\bravesoftware\brave-browser\user data\lnbclahgobmjphilkalbhebakmblnbij\1.0.35\go-ipfs_v0.27.0_windows-amd64] => (Allow) C:\users\khetr\appdata\local\bravesoftware\brave-browser\user data\lnbclahgobmjphilkalbhebakmblnbij\1.0.35\go-ipfs_v0.27.0_windows-amd64 => No File
    FirewallRules: [UDP Query User{39288993-9177-4256-9131-FAFF36868EDA}C:\users\khetr\appdata\local\discord\app-1.0.9147\discord.exe] => (Allow) C:\users\khetr\appdata\local\discord\app-1.0.9147\discord.exe => No File
    FirewallRules: [TCP Query User{3323EDD2-3304-4BDC-A19E-EFBFDDD1633C}C:\users\khetr\appdata\local\discord\app-1.0.9147\discord.exe] => (Allow) C:\users\khetr\appdata\local\discord\app-1.0.9147\discord.exe => No File
    FirewallRules: [UDP Query User{140B72FD-82E2-471F-98AF-511C7B7EE841}C:\users\khetr\appdata\local\temp\mxt240\bin\xwin_mobax.exe] => (Allow) C:\users\khetr\appdata\local\temp\mxt240\bin\xwin_mobax.exe => No File
    FirewallRules: [TCP Query User{3B12A874-66CD-4668-A09C-86DCB2B4C7F1}C:\users\khetr\appdata\local\temp\mxt240\bin\xwin_mobax.exe] => (Allow) C:\users\khetr\appdata\local\temp\mxt240\bin\xwin_mobax.exe => No File
    FirewallRules: [UDP Query User{A6AABE12-20E2-48E3-9396-B9E53A5CE16D}C:\games\gang beasts\content\gang beasts.exe] => (Allow) C:\games\gang beasts\content\gang beasts.exe => No File
    FirewallRules: [TCP Query User{B2DE41EE-D6C8-4305-B700-1EF842E4A41A}C:\games\gang beasts\content\gang beasts.exe] => (Allow) C:\games\gang beasts\content\gang beasts.exe => No File
    FirewallRules: [UDP Query User{0BA60442-A08B-401A-BF22-9512AE668089}C:\nexon\library\vindictus\appdata\en-us\vindictus_x64.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus_x64.exe => No File
    FirewallRules: [TCP Query User{587DEB82-C4C0-4ECC-ABB1-CDE361CEFB39}C:\nexon\library\vindictus\appdata\en-us\vindictus_x64.exe] => (Allow) C:\nexon\library\vindictus\appdata\en-us\vindictus_x64.exe => No File
    End::
    
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fix
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
Link to post
Share on other sites

7 hours ago, AdvancedSetup said:

Are you still with us @koowtak

yes, i got game test scam on discord since january. but with zero day i reset my pc and get all my account safe. things was i reset it with keep my personal data and deleted the zip instantly. while running most of anti virus and malware check until now.

Fixlog.txt

Link to post
Share on other sites

Hello @koowtak

Please remove/uninstall the following unwanted software that may negatively affect to the registry :

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 4.1 - Safer-Networking Ltd.)

 

Link to post
Share on other sites

I did not find any malware in the provided logs, only mentioned programs that can affect to the registry and hosts file that contains 15k entries (probably Spybot added).

Link to post
Share on other sites

YW! Please scan first with SecurityCheck by glax24. it's a utility for quickly checking for the presence of possibly vulnerable applications and the status of other security settings
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

 

 

Link to post
Share on other sites

Thank you. Please Uninstall, Update, or otherwise address the following as appropriate for your computer

Malwarebytes version 5.1.5.116 v.5.1.5.116 Warning! Download Update
Git v.2.45.2 Warning! Download Update
Notepad++ (64-bit x64) v.8.6.7 Warning! Download Update
Microsoft OneDrive v.22.012.0117.0003 Warning! Download Update
WinRAR 6.24 (64-bit) v.6.24.0 Warning! Download Update

 

Then RESTART the computer and check for Windows Updates and install any found.

Edited by AdvancedSetup
Corrected font issue
  • Thanks 1
Link to post
Share on other sites

Hi @koowtak

Once you updated the mentioned programs above and all is well please follow the final steps:
 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt. You can close it.

 

We're glad that we were able to assist you.

 

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.