Solved HackTool:Win32/Keygen

TimK

New Member
Thread author
Apr 20, 2018
9
Hi there, I'm having a lot of trouble ridding my system of this apparent infection.

Here's my history / symptoms:

- installed bitdefender free on my system
- used computer more or less OK a few months
- frequent notifications regarding on-access scan, item blocked, deleted etc
- "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
- Occasional computer restarts, blue screen, "your system restarted unexpectedly" etc
- Computer working very hard (CPU fan etc) with google chrome running, basically not doing much - suspicious

I then read some of the assisstance articles on this site.

Following advice I downloaded Rkill, Malwarebytes, Hitmanpro, Wemana and Emisoft onto a USB key.

- restart computer in safemode with networking
- run Rkill - all ok
- install and run malwarebytes, Hitmanpro - detection of about 26000 threats - quaranteened
- restart in normal mode, instalation and run of wemana & emisoft - a few more detections and quaranteens.
- Hoping all is well, back to using my computer for a few weeks
- Intermittent notifictations from bitdefender as before - "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
- Otherwise running reasonably
- repeated advise and programs listed above - deleted a few thousand threats, but less than last time

Did some more research on this site

- Ran the same programs as above, plus Malwarebytes ADWCleaner, plus CCleaner, plus uninstalled Chrome........
- Cleaned a few of the same files as before - a few thousand.
- Restarted computer.........
- frequent notifications regarding on-access scan, item blocked, deleted etc
- "Gen:Variant.application.hackTool.38" from the C:\Windows\Temp folder
-AAAAARRRRGGGGhhhhh!!!!!!! - I'm getting nowhere!!

Any helpful advice will be very gratefully received!! thanks in advance
 

Attachments

  • Addition.txt
    60.8 KB · Views: 1
  • FRST.txt
    100.2 KB · Views: 1
  • Malwarebytes.txt
    2.2 KB · Views: 4
  • Rkill.txt
    2.2 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

TimK

New Member
Thread author
Apr 20, 2018
9
Here you go.......

Thanks again
 

Attachments

  • Addition.txt
    64.6 KB · Views: 1
  • FRST.txt
    104.8 KB · Views: 1

TimK

New Member
Thread author
Apr 20, 2018
9
Thanks for your efforts, I'll check again tonight.

Usually I will run a series of scans, elements will be found and removed by each of the tools until by the end nothing is coming up and all appears clean. Then a day or 2 later I will start seeing the same "HackTool:Win32/Keygen" type detections, deletions etc by bitdefender. When I then get around to re running scans by other tools a few days later, a few hundred or thousand elements are found/quaranteed etc usually from the windows/temp folder. - ie, I seem to be going around in circles - something appears to remain and let stuff through.

Again, maybe with the tools and latest scans I've done, something may have changed. So I'll run tests again and get back.

Cheers
 

TimK

New Member
Thread author
Apr 20, 2018
9
I just did a boot in safemode with networking and ran Malwarebytes..... 2 results
 

Attachments

  • Capture.JPG
    Capture.JPG
    349.7 KB · Views: 10
  • malewarebytes.txt
    1.4 KB · Views: 2

TimK

New Member
Thread author
Apr 20, 2018
9
some further results.......
 

Attachments

  • Capture 2.JPG
    Capture 2.JPG
    32.2 KB · Views: 12
  • Capture 3.JPG
    Capture 3.JPG
    43.8 KB · Views: 8
  • Capture 4.JPG
    Capture 4.JPG
    33.7 KB · Views: 8

TimK

New Member
Thread author
Apr 20, 2018
9
Hi there,
Sorry for the slow reply.
No nothing appears to be working in the background.
Otherwise - good news - nothing has turned up for nearly a week now! Perhaps one of your last suggestions nailed it.
I'll keep you posted if (hopefully not) anything shows up again.
Once more - thanks very much for your help, a lifesaver.

cheers
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top