Solved Infected with Trojan, Brute force SSH

Jackknif3

Level 1
Thread author
Dec 5, 2018
12
Hello,
so about 3 weeks ago my computer got infected with several trojans from a fake server on Counter-Strike 1.6 from connecting directly through IP. Right after "connecting" to this server my antivirus (Microsoft Defender) announced my computer was infected with 2 trojans. After quarantining and deleting the discovered trojans with Defender, I ran Malwarebytes scan which discovered 2 additional trojans, which I also quarantined and deleted.
After doing this I tried running system reset through Windows 10 and then installing "clean" installation from a USB stick I had burned a system image before. During the installation I deleted all my partitions, installed Windows to the SSD and after getting to Windows, formatted both HDD partitions with Windows. After that I ran Kaspersky and Malwarebytes' scans which didn't find any problems so I thought I was in the clear.
In summary, my internet connection's been cut twice by the service provider for having a computer controlled by criminals in the network. After contacting the provider, my roommate (internet's under his name) was told the infected device was sending out brute force SSH attacks or something of that sort. Also I noticed that while playing online my internet would randomly cut out.
Microsoft Defender offline didn't find anything and trying to make changes in registry gave me errors that I didn't have permission.
At this point I'm unable to provide logs since after the second time my internet was cut, I ran Windows reset, disconnected my computer from LAN (desktop with no Wi-Fi adapter so it's offline) and disconnected both my hard drives from the computer.
My initial idea was to run DBAN on my HDD, install Windows from a clean image to the HDD, then install Samsung Magician and run the SSD wipe with it to clear both drives. I'm no professional and don't want to risk running an infected computer any more, so decided to ask for some advice on how to proceed. (Also haven't managed to get DBAN to the USB on my Mac to run it so far)
 
Last edited:

Jackknif3

Level 1
Thread author
Dec 5, 2018
12
Hello,

If you did a clean install of your system, then there is no infection. Try to reset your router to factory settings and to change its default password.
Alright, I'll get a clean Windows installation running and hopefully it'll resolve this issue.
EDIT: Just resetted my SSD with Magician and reinstalled Win10 and so far all seems good. Also switched connections (the previous, twice closed is pretty much just lying around atm, not even receiving connections from ISP) so should be good on that too. Just to be sure though, ran Malwarebytes and FRST, logs attached. I'd be very happy if someone could check the logs to be sure everything's in check.
Thanks for the help!
 

Attachments

  • Addition.txt
    20.9 KB · Views: 5
  • FRST.txt
    94.3 KB · Views: 3
Last edited:
  • Like
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top