Hi all, new here, and pretty sure I'm hacked

[CoderGopher14]

So, I have an HP Pavilion running Windows 10. I use it for a bunch of stuff, but it's all offline since I removed the WIFI card to remove any distractions while writing, etc. Whenever I need a new app or want sme sort of file, I usually use the Mac (what I'm using now) to find it online and download it. I do this with everything from apps to ebooks to music, which I've since learned is REALLY STUPID but I didn't really think it was a big deal until now.

Well, my PC has always been a great computer, really fast and just an all around great laptop. Recently, I noticed the speed was dramatically reduced. A quick google search revealed the possibility of a virus of some sort, so I downloaded ClamWin and started a scan. It's still running, so it's possible there's more that I just haven't seen yet, but so far there's an alert that says:

C;\Program Files\Cyberlink\PhotoDirector\MFC71u. dll: Win. Trojan.Ramnit-9863294-0

I'm not sure what that all means, but I know Trojan Horse and Ramnit. So I assume this means I'm attacked?? I really have no idea. Anyway, any help is appreciated.

Just keep in mind when offering suggestions that any antivirus software has to be able to work offline, since I don't have the internet on there.

Thanks!

 

[CoderGopher14]

Update: The ClamWin antivirus finished its scan and found at least four of those Trojan.Ramnit stuff it various places on my PC. What do I do?

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Ramnit family of harmful programs has numerous variants, which may individually be categorized as trojans, viruses or worms.
Let see what we can find.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer[\b]


Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "Upload file" button.
Do this for both files. Then press the "Post reply" button.
<<<>>>

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>

 

[CoderGopher14]

Hi,

I tried following the instructions, but the MBAM tool wouldn't work because my PC is not connected to the internet. What should I do to fix it offline?

 

[CoderGopher14]

Okay I got it to work and got this:

 

[nasdaq]

Hi,

Questions

Is this computer a Mac?
Ran by Josiah (administrator) on THISPCCONTAINSS (HP HP Pavilion Notebook) (14-01-2023 12:13:09)

Do you have any problem booting this computer?

 

[CoderGopher14]

The computer I have issues with is not a Mac, although I have been using a Mac for internet access.

I have occasionally had issues booting it up, an error message flashes across the screen and says something about an internal battery, and sometimes there’s something about diagnosing and repairing the internal hard drive.

 

[nasdaq]

Hi,

I have occasionally had issues booting it up, an error message flashes across the screen and says something about an internal battery, and sometimes there’s something about diagnosing and repairing the internal hard drive.

Your internal BIOS battery may be dying. When your computer is not powered the battery on the BIOS is not being charged.
Boot you PC and make sure the DATE and TIME are correct.

If the time and date are not correct boot to a DOS prompt and execute these command one at a time.

DATE hit the enter key. Enter the exact date.

Next:

TIME hit the enter key. Enter the exact time.

Do not restart the computer just yet.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Some of the command (CMD MAY NOT BE EXECUTED. Will see what we can do later.

Please post the Fixlog.txt and let me know what problem persists.

p.s.
After the reboot check you time and date. Make sure are it's still good.

Then

Download Malwarebytes Free Offline Installer (64-bit, 32-bit)

https://www.askvg.com/download-malwarebytes-free-offline-installer-64-bit-32-bit/

The download link is in the Right Pane.
You can use you Phone to download the file and copy it to your PC.
Execute it and delete everything that will be identified.
Post the MBAM log is you have one.

p.s.
Is there any way you can connect this PC to your Router if one is used?

 

[nasdaq]

Are you still with me?