Need to check network and computer for malware.

Status
Not open for further replies.

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
I ran malware on a VM for testing purposes, and I want to ensure that it hasnt infected the network, or my host (I'm 99.99% sure the host is clean, but I might aswell double check).
Could you all help me in checking these areas?
Thank you!
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
Whenever I get home I will scan, thank you!

Does this scan network aswell?

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

Attachments

  • FRST.txt
    163.5 KB · Views: 8

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hi,,

Microsoft Safety Scanner - MSERT.exe

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones.
Please use this Guide for Windows 10 or 11. https://support.microsoft.com/en-us...d-folders-in-windows-97fbc472-c603-9d90-91d0-
Follow the instructions.

Then Download the Microsoft Scanner for this site:

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

p.s.
There are more information for you to read in the download link.

<<<>>>

Then, please run the Farbar program outside of the VM so that I can get a new picture of what is running in that mode.
Post the FRST.txt and Addition.txt logs for my review.
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
Hi,,

Microsoft Safety Scanner - MSERT.exe

Please set File Explorer to SHOW ALL folders, all files, including Hidden ones.
Please use this Guide for Windows 10 or 11. https://support.microsoft.com/en-us...d-folders-in-windows-97fbc472-c603-9d90-91d0-
Follow the instructions.

Then Download the Microsoft Scanner for this site:

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

p.s.
There are more information for you to read in the download link.

<<<>>>

Then, please run the Farbar program outside of the VM so that I can get a new picture of what is running in that mode.
Post the FRST.txt and Addition.txt logs for my review.
Farbar was ram outside of the VM. I deleted the VM. I will run this later today.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hi,

I'm concerned about all the Group Policy restriction on software: found pn the FRST.TXT log.
Do you have problems running some programs?
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
Hi,

I'm concerned about all the Group Policy restriction on software: found pn the FRST.TXT log.
Do you have problems running some programs?
Sort of - I use Kaspersky with a default deny setup with host intrusion prevention. Anything not proven trusted isn’t allowed to run. That could explain the restriction.

It appears a large amount of applications started by FRST were blocked by Kaspersky (Default Deny). Let me run another scan and provide updated results.

Updated Scan Logs
 

Attachments

  • FRST.txt
    187.1 KB · Views: 6
Last edited:

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hi,

No malicious files found in your FRST.TXT. Since you did not provide a copy of the addition.txt log it may be a good idea to attach it to your next reply.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know of any problems with this computer.

Note that your .Hosts file will be restored to it's default value.
 

Attachments

  • Fixlist.txt
    2 KB · Views: 2

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
Hi,

No malicious files found in your FRST.TXT. Since you did not provide a copy of the addition.txt log it may be a good idea to attach it to your next reply.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know of any problems with this computer.

Note that your .Hosts file will be restored to it's default value.
What will the affect of having my .host's being reset do?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hi,

You are concerned that your hosts file could have been compromised..

In my fix you will find these 2 lines.
Comment: The Hosts file will be reset to it's default value.
Hosts:



What you can do is rename you current Hosts file to Hosts.old
The file is located in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder
This will give you a chance to get your old Hosts file back to the system you want.

Then run the fix as suggested to reset the default value.

Or, delete the 2 lines in bold above from the Fixlist.txt and save the file before executing the Fix.
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
626
Hi,

You are concerned that your hosts file could have been compromised..

In my fix you will find these 2 lines.
Comment: The Hosts file will be reset to it's default value.
Hosts:



What you can do is rename you current Hosts file to Hosts.old
The file is located in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder
This will give you a chance to get your old Hosts file back to the system you want.

Then run the fix as suggested to reset the default value.

Or, delete the 2 lines in bold above from the Fixlist.txt and save the file before executing the Fix.
Will resetting it harm the system in any way?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,412
Hi,

I have not seen your Hosts file content so I cannot comment on it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top