computer seems infected with trojans

Rozesky2

Rozesky2

Level 3
Thread author
Verified
Oct 12, 2014
221
I am not sure if I removed all of the infections. Here are the logs after running first and mbytes anti-root
 

Attachments

  • FRST.txt
    58.3 KB · Views: 39
  • Addition.txt
    36.2 KB · Views: 35
  • system-log.txt
    24.2 KB · Views: 33
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



51a5bf3d99e8a-ComboFixlogo16.png
Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a5bf3d99e8a-ComboFixlogo16.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
 
Rozesky2

Rozesky2

Level 3
Thread author
Verified
Oct 12, 2014
221
ok that is crazy I did the upload but here it is again
 

Attachments

  • ComboFix.txt
    112 KB · Views: 46
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5225:TCP"=-
"5222:TCP"=-
"2382:TCP"=-
"32768:TCP"=-
"36864:TCP"=-
"61440:TCP"=-
"53248:TCP"=-
"57344:TCP"=-
"45056:TCP"=-
"49152:TCP"=-
"40960:TCP"=-

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Rozesky2

Rozesky2

Level 3
Thread author
Verified
Oct 12, 2014
221
ok combofix ran and here is the log.
it said that norton antivirus scan was running but I could not find evidence of it anywhere. I noticed in the combofix log that there are registry files for it
 

Attachments

  • ComboFix.txt
    101.9 KB · Views: 40
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Rozesky2 said:
I noticed in the combofix log that there are registry files for it
Click to expand...

I am closed ports.


1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Code: 
NoMBR::

Driver::
EraserUtilRebootDrv

File::
c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
{7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
{E10A9785-9598-4754-B552-92431C1C35F8}

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Rozesky2

Rozesky2

Level 3
Thread author
Verified
Oct 12, 2014
221
ok here is the fix text file...the computer is running alot faster now
 

Attachments

  • ComboFix.txt
    97.4 KB · Views: 34
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Excellent, system is clean.
We will delete all used tools.


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

Similar threads

dg614
  • Locked
Help removing ChrysanthemumLeucanthemum browser extension.
Replies
3
Views
186
Windows Malware Removal Help & Support
nasdaq
nasdaq
Xeno1234
  • Locked
Was infected, want to reverse damage caused.
Replies
1
Views
408
Windows Malware Removal Help & Support
nasdaq
nasdaq
tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
490
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top