Assigned Check for malware remnants?

This thread is being handled by a member of the staff.
Status
Not open for further replies.

JiSingh12

Level 3
Thread author
Verified
Sep 1, 2018
136
Hi guys,

I had a virus last week, totally fresh installed Windows on my SSD through a USB.

How can i check for any remaining dormant malware files, rootkits etc. that my AV and second opinion scanners may be missing?

Thanks
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check it.

If you do not have Malwarebytes installed just run it as suggested, If not:

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

JiSingh12

Level 3
Thread author
Verified
Sep 1, 2018
136
Hi,

please see attached files.

All clear, apart from MBAM picking up 1 file, on itself? I file i can NOT locate myself.

Thanks
 

Attachments

  • MBAM.txt
    1.3 KB · Views: 50
  • AdwCleaner.txt
    2.2 KB · Views: 47
  • FRST.txt
    70.4 KB · Views: 48
  • Addition.txt
    28.6 KB · Views: 46

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

Your logs are clean of malware.


There is nothing to worry about this Malwarebytes entry.
PUP.Optional.Slimware, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\EVENT_ROUTING.DLL-K.MBAM, No Action By User, 15362, 770236, 1.0.45300, , ame, , ,

Refer to this article.

Follow the suggestion to creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues.

Stay safe.
 
  • Like
Reactions: JiSingh12

JiSingh12

Level 3
Thread author
Verified
Sep 1, 2018
136
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

Your logs are clean of malware.
Hi,

Thank you.

How may I check for infections in my network, do you know how to do that or should that be for a different forum?

Just want to make sure all is clean as the virus last week got into my discord & gmail etc.

Thanks
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Click the Next button.[/*]
  • Select 'I accept the terms in the license agreement', then click Next twice.[/*]
  • Click the Install button and wait until the installation is complete.[/*]
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.[/*]
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.[/*]
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.[/*]
    • Temporarily disable your anti-virus and real-time anti-spyware protection.[/*]
    [/*]
  • Click the "Start Scanning" button in the lower right to start the scan.[/*]
  • After starting the scan, do not use the computer until the scan has completed.[/*]
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.[/*]
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.[/*]
  • If any threats are found click Details, then View Log file (bottom left-hand corner).[/*]
  • Copy and paste its contents in your next reply and note any errors encountered.[/*]
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.[/*]
  • Click Exit to close the program.[/*]
  • If no threats were found, please confirm that result.[/*]
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

Please post the contents of the log in your next reply and note any errors encountered.
===
 

JiSingh12

Level 3
Thread author
Verified
Sep 1, 2018
136
Hi,

I think all is ok.
My AV did come on twice during the test, but I did disable it again.

Only thing open was Chrome (This tab), and the program.

It came back as clean, then i re enabled my AV and connected my Ethernet.
 

Attachments

  • SophosVirusRemovalTool.log
    73.5 KB · Views: 44
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top