Solved Backdoor

[Dante]

Hello,
I've pretty much descibed problem in boxes above. I hope that you can check for malware. If there is any tool that I can use extra, just tell me which one

Best wishes,
Dante

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[Dante]

Hello Argus,
Thank you for your time and help.

Anti-Malware hasn't found any malware, but I will post log anyway. I'm thinking if malware could also attack PenDrivers I'm using, should I use extra software for them?

 

[argus]

I'm thinking if malware could also attack PenDrivers I'm using, should I use extra software for them?

Scan with McSield

Please download McShield by dr_bora and save it to your desktop.

• Install it on your machine.
• It will initially run a scan and show the result as a toaster by the system clock.
• Start the Control Centre by clicking on the
  
  icon in your system tray.
• Go to the Scanner tab and tick unhide items on flash drives.
• Plug in the drive and McShield will start a scan.
• A logfile of this scan may be found in the Logs tab of the main screen.

Please include that log in your next reply.

 

[argus]

The second computer is clean.

if i understand you, you are formatted another computer?

 

[Dante]

Nope, not really :> Let me make this clear!

I have 3 computers + notebook.

My main computer was under attack, and I think that other two were under attack also, because they used same infected APP (atleast the one I think was infected). On my main computer I have formated system disc and then I ve reinstalled windows, after system was reinstalled I posted logs to check other discs that werent formated. On 2 other computers I have formated all data and reinstalled windows (so I think that there shouldn't be any possibility of them being infected now). When computers were infected I moved to notebook and used there two of my pendrivers to check some data. I started to think that I should also check if notebook is infected, however I ran McShield you gave me on all pendrivers and it didn't find anything (I will post logs anyway). Tell me if you are able to check also notebook, if yeah then let me know what programs I should use.

Cheers

 

[argus]

Do you have a specific problem? If you have formatted the three computers, why do you think you are infected
The external drive is clean 100%.

 

[Dante]

Scanned also another pendrivers, however all were marked as clean. Wanted to check notebook that wasn't formatted. However the only chance it was infected was by homegroup or pendrive.

 

[argus]

Scanned also another pendrivers, however all were marked as clean. Wanted to check notebook that wasn't formatted. However the only chance it was infected was by homegroup or pendrive.

No, only if the is worm on your pendrive.

 

[Dante]

Alright, so one more question. Should I hold those all programs? Cause atm I have:
Kaspersky PURE 3.0
Malwarebytes Anti-Malware
MCShield

 

[argus]

Yes.

 

[Dante]

Alright, thank you for your help. I really do appreciate what you guys are doing here
Sent you also small donation for your work.

Best wishes

 

[argus]

Thank you so much.



Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[Dante]

Downloaded it and ran with your settings. It removed only FRST. McShield and Malwarebytes are still installed and running. Added log

 

[argus]

So and should. This are programs, FRST is tool.

 

[Dante]

I see, so should I hold all those programs installed? Cause atm I have 3 anti-viruses installed, I don't know if it should stay like this.

 

[argus]

Always have one (and no more than one!) AntiVirus program!
One computer one antivirus.

 

[Dante]

Yeah, that's why I was worried about this. One more time, thank you for your work.

Have a nice day