I need help, I think my laptop is infected with Trojan:JS/Kavala.D

[Gengis Khan]

Dear colleagues, I have a problem with my notebook.
I take advantage and apologize if I'm using this tool incorrectly, but it's because it's my first time.


I can't use the bank application and the bank tech support says my pc is infected. I've done diagnostics with F-Secure Safe, with Eset OnLineScanner and Kaspersky tools and it doesn't show me anything. I wonder what can I do?
I uninstalled the Genie TimeLine backup software because I made a backup and it took 2 days to finish and F-Secure had some files created by it with malware named Troja:JS/Kavala.D.

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

@Gengis Khan

In order to give you sound advice I need more information.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "Upload file" button.
Do this for both files. Then press the "Post reply" button.
<<<>>>

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>

 

[Gengis Khan]

---

Good afternoon, following up on the conversation with him, he sent the respective files together.

 

[nasdaq]

Hi,

I don't understand why he sent you the files that you have attached.

If I suggest an answer I will expect an answer direct from him not by a proxy.

 

[Gengis Khan]

Did I do something wrong ?

 

[nasdaq]

Hi,

No! @Digmor Crusher is not authorised to post in this forum.

I'm reviewing your logs and will get back to you shortly.

 

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a Fixlog.txt.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the problem persists I need to see fresh FRST.TXT and Addition.txt all in English.

Before you execute the Farbar program FRST64.exe rename it to FRSTENGLISH.exe for an English report.....
Execute the rename file and attach fresh logs for my review.

 

[Gengis Khan]

Segue o arquivo pedido...

 

[nasdaq]

Hi,
Any remaining issues?

 

[Gengis Khan]

What the file showed you, there was something suspicious about it. The only thing I couldn't do was use the Bank application because it told me that my PC was infected. Now I haven't tried again because I'm waiting for your opinion. What was your conclusion?

 

[nasdaq]

Hi,

Try to connect to your bank and if you still have issues with it or any other problems please run the Farbar Program again and attach new logs for my review.

 

[Gengis Khan]

Okay, I'll talk to the bank support and then I'll tell you something.

 

[Gengis Khan]

Good afternoon, I would like to thank you for your collaboration. I send the files together to tell me if everything is in order.
I would like to take this opportunity to tell you that the support of the sales application called TOTVS had to reinstall the application and when installing the antivirus it shows files with suspicious behavior and eliminates them. They only managed to make it work by creating exceptions in the EmsiSoft antivirus for these files. They say they are false positives. I would appreciate you seeing me again if everything is all right.

 

[nasdaq]

Hi,

My applologies for this late reply.
I leave in the Westend of Montreal, Quebec Canada and I lost the power to my home due to an Ice Storm from Wendnesday night on the 5th of April . I stayed in a Hotel and got back when the power was restored late this Monday Afternoon.

I checked your latest logs and see nothing wrong with it.

Do you still have issues with this computer?
If so what is it?