How to get rid of a (suspected BIOS Virus) hidden Trojan and a hacker situa

[Vincgmr495]

So... a couple of weeks ago, i recently I recently noticed that my CPU usage was really high, but when i open task manager, it automatically goes back down. I've already had this problem a while ago but that wasd my GPU that was consumming a lot of ressources from what i saw in my HWiNFO software. Since then i use this tool and the Malwarebytes standard version regularly cause i'm really scared of being hacked cause it happened quite a few times.. or there was just this thing that users tryna login to my accounts and i have alerts on my email then i change the passwords !

And so the story begins yesterday when I saw that I've received a spam mail and i just go clean those from all my email accounts and everything seemed fine, until i saw a notification in my send mails tab, there was an email send from my Outlook account destinated to me that said that the hacker in question got access to my email by installing a Trojan in my computer and at this moment got access to everything, showing one of my previous passwords and commenting about my recent web activities such as adults sites precisely and said he recorded me and also got all my data. it says that 48h hours after i open that mail, if i've not already given this guy a certain amount of money on his bitcoin wallet everything will be exposed and i've opened it today in around the time of 7h AM in the morning (i'm in Canada).


I would like to mention that i regularly use security programs such as Malwarebytes and HWiNFO as mentionned previously, and others such as CMD disk checking and reparing commands, Windows Defender/Security and Offline Utilities and tried many more programs that didn't do anything such as ADWCleaner iExplore.exe, RKill.exe, Hitman Pro (not the premium version), Eset Online Scanner and Iobit Malware fighter that i personnally don't recommand using unless you are willing paying a couple bucks for the pro version like any other antivirus. I also do not wanna pay for any antivirus program and using a backup recovery tool since I have a backup HDD plugged into my pc case.

So that's about my current situation and so i actually don't know what to do right now...


I don't know either if is this thing is just a scam spam email or is this a real thing cause if yes i really don't want all of my informations and the videos that the guy would've recorded to be exposed on the internet but one thing i know for sure is if the better solution is just to transfer all my accounts to brand new email, i am gonna do it ! But what about my pc ??? What about everything ???

Also if this can help i've read a part of this thread post where the user got a similar situation to my current one and the support tech was trying to help.

i've done the steps from the three firsts messages and got those files from running the program that you mentioned and followed the tech supports instructions.
mbst-grab-results.zipFRST.txtAddition.txt


So now i'm hoping for someone to help me soon cause i think i really need some at the moment.. 😅

Thank you all for reading this post and for your comprehension and I'm waiting for your answer with impatience !

[JSntgRvr]

Welcome 
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

• Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
• First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
• Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
• Please read ALL instructions carefully and perform the steps fully and in the order they are written.
• If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
• Continue to read and follow my instructions until I tell you that your machine is clean.
• If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
• Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. 

Let's begin... 

There is no evident malware in your logs.

Let run a script to review some of the settings:

The following Fix will empty these folders:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin
• Hosts file will be reset

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix.

The system will be rebooted after the fix has run.

FRST64 was saved as C:\Users\Utilisateur\Downloads\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

• The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
• Close all open applications and locate the downloaded file and double-click to run it
• The program will take a moment to launch and bring up the License and Update screen
• Place a check mark to agree to the terms and then click on the Continue button
• Click the underlined link Select objects for scanning
• On the top left click the Scanning objects that should automatically check all objects
• Click the small wrench and make sure there is a check on Automatically apply actions to threats
• Then click the large button on bottom right Start scanning
• Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
• The log is saved in the folder named Doctor Web in the top of your user profile folders
• Please attach that log on your next reply

Make sure you perform a custom scan that include rootkits.

Fixlist.txt

Edited Saturday at 10:26 PM by JSntgRvr
typo

[Vincgmr495]

Okay so after running the Fix command in FRST in administrator mode and then restarting my pc i got these two files
DiskCheckLog.txtFixlog.txt
And after that, i downloaded Dr Web and followed all your instructions and there's the file that it gave me
cureit.log

I'm ready to continue !

What should i do next ?

[Vincgmr495]

3 minutes ago, Vincgmr495 said:

Okay so after running the Fix command in FRST in administrator mode and then restarting my pc i got these two files
DiskCheckLog.txtFixlog.txt
And after that, i downloaded Dr Web and followed all your instructions and there's the file that it gave me
cureit.log

I'm ready to continue !

What should i do next ?

Also if you read the log file that i've sent you, i just wanna clarify that all the elements that Dr Web have detected are not viruses or dangerous files on my computer

- Driver Booster is my software that i use to update all my pc drivers except for the NVidia and AMD ones
- Iobit Malware.exe is just another antivirus that i've kept uninstalled from my computer since i'm not using it but don't know if maybe someday i'll need it again
- And Snickerstream is just a software that allows me to stream my jailbroken 3DS's screens on my pc

[JSntgRvr]

A command did not run as the computer needed a restart. Lets try this:

FRST64 was saved as C:\Users\Utilisateur\Downloads\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Also attach the DiskCheckLog.txt report.

Lets try another scanner:
Please run the following ESET Online Scanner and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started.
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.
  

 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

[Vincgmr495]

thank you very much for this i've just finished doing of report of my situation and the bitcoin adress and i hope this will be helpful ! 🙏

Edited Monday at 06:54 AM by AdvancedSetup
Removed quote from unwante web link

[JSntgRvr]

14 hours ago, JSntgRvr said:

A command did not run as the computer needed a restart. Lets try this:

FRST64 was saved as C:\Users\Utilisateur\Downloads\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Also attach the DiskCheckLog.txt report.

Lets try another scanner:
Please run the following ESET Online Scanner and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

• It will start a download of "esetonlinescanner.exe"
• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get started.
• When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
• On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
• When prompted for scan type, Click on the Full Scan button
• Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
• Have patience.  The entire process may take a few hours or more.
• When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log and give it a name and location you remember.
• If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
• Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
• Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

 

 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

 

[Vincgmr495]

Okay so hi hello again, 

sorry for the delay i was pretty busy the entire day.. 😅

So last night i was doing the Eset scan that you told me to do and i was up until 2 AM but unfortunately i've decided to interrupt the scan cause i wanted to turn off my pc cause i was really tired and wanted to sleep and did not wanted anything to happen during the night while i was not watching. So this morning i restarted the complete Eset scan and so it putted in quarantine and deleted a few items that it detected as unnecessary that were not really necessary to me x)

and so here's the log
EsetCompSan.txt

[Vincgmr495]

1 minute ago, Vincgmr495 said:

Okay so hi hello again, 

sorry for the delay i was pretty busy the entire day.. 😅

So last night i was doing the Eset scan that you told me to do and i was up until 2 AM but unfortunately i've decided to interrupt the scan cause i wanted to turn off my pc cause i was really tired and wanted to sleep and did not wanted anything to happen during the night while i was not watching. So this morning i restarted the complete Eset scan and so it putted in quarantine and deleted a few items that it detected as unnecessary that were not really necessary to me x)

and so here's the log
EsetCompSan.txt

oops did  typo on the name of the file lol

[Vincgmr495]

Hey and just a quick question ! 

Is there a support member from the website that is supposed to contact me after that i reported the Bitcoin adress ?

Like i'm just wondering cause i wanna know what will happen next like if this was a fake scam or a real thing...

Edited Monday at 06:54 AM by AdvancedSetup
Removed quote from unwante web link

[JSntgRvr]

I would like to see also the Fixlog.txt.

[Vincgmr495]

is it this one from the FRST fix ?
Fixlog.txt
Or another one related to Eset Online Scan ?

[Porthos]

1 hour ago, Vincgmr495 said:

Hey and just a quick question ! 

Is there a support member from the website that is supposed to contact me after that i reported the Bitcoin adress ?

Like i'm just wondering cause i wanna know what will happen next like if this was a fake scam or a real thing...

Please ignore member Clang. They should have never posted in this topic as it is against the forum rules.

[Vincgmr495]

10 minutes ago, Porthos said:

Please ignore member Clang. They should have never posted in this topic as it is against the forum rules.

oh ok thanks i guess

[JSntgRvr]

17 hours ago, Vincgmr495 said:

is it this one from the FRST fix ?
Fixlog.txt
Or another one related to Eset Online Scan ?

FRST64 was saved as C:\Users\Utilisateur\Downloads\FRSTEnglish.exe

• Download the enclosed file  Fixlist.txt
• Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
• Start FRST (FRST64) with Administrator privileges
• This time around Press the Fix button and wait
• When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Also attach the DiskCheckLog.txt report.

[Vincgmr495]

DiskCheckLog.txtFixlog.txt

[JSntgRvr]

There was no integrity violation on your files.

How is the computer doing?

[Vincgmr495]

Still using a lot of CPU (and RAM idk) ressources until i open up the task manager 

like at this point it's always open

when it's open everything seems fine like ram is at 30% and cpu is at 8 to 10% but when it's closed the CPU goes over 50% even up to 100% sometimes

like i've just checked and the cpu was at 62% and the ram was still at 30% (im on win11 btw)