Probably infected with trojan or some remote access malware

Status
Not open for further replies.
Gludek

Gludek

New Member
Thread author
Dec 16, 2017
7
Hi.
I noticed langugae is adding (re-enabling since it's ENG, i'm using polish keyboard) and i read it can be caused by some remote access malware and software. When i tried to open firewall and windows defender settings i noticed that (WD) was just empty card in settings and firewall was freezing window when clicked. I run windows defender offline, malwarebytes and online eset scan, none have found any results*. I'm using windows 10 insider program

Eset found problems once but i needed to restart pc soon after and idk where results were.
 

Attachments

  • FRST.txt
    101.8 KB · Views: 3
  • Addition.txt
    93.7 KB · Views: 3
  • Like
Reactions: [correlate]
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
www.tenforums.com

Turn On or Off System Protection for Drives in Windows 10

How to Turn On or Off System Protection for Drives in Windows 10
www.tenforums.com www.tenforums.com
<<<>>>

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller[/*]
  • Quit all programs that you may have started.[/*]
  • Please disconnect any USB or external drives from the computer before you run this scan![/*]
  • For Vista or above, right-click the program file and select "Run as Administrator"[/*]
  • Accept the user agreements.[/*]
  • Execute the scan and wait until it has finished.[/*]
  • If a Windows opens to explain what [PUM's] are, read about it.[/*]
  • Click the RoguKiller icon on your taksbar to return to the report.[/*]
  • Click open the Report[/*]
  • Click Export TXT button[/*]
  • Save the file as ReportRogue.txt[/*]
  • Click the Remove button to delete the items in RED[/*]
  • Click Finish and close the program.[/*]
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.[/*]
=======

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • fixlist.txt
    17.1 KB · Views: 4
  • +Reputation
  • Like
Reactions: oldschool and [correlate]
Gludek

Gludek

New Member
Thread author
Dec 16, 2017
7
Hi, thanks for the reply. Here're logs
 

Attachments

  • Rougekiller report.txt
    3.6 KB · Views: 3
  • Fixlog.txt
    37.2 KB · Views: 2
  • Like
Reactions: [correlate]
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

This is an error found in the Fixlog.txt
Windows Defender Antivirus detected an error while trying to update security intelligence

Lets check these services.

Download Farbar's Service Scanner utility

Downloading Farbar Service Scanner

Downloading Farbar Service Scanner. Farbar Service Scanner allows you to diagnose network connectivity issues due to corrupted or missing Windows services.
www.bleepingcomputer.com www.bleepingcomputer.com
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===
 
  • +Reputation
  • Like
Reactions: oldschool and [correlate]
Status
Not open for further replies.

Similar threads

RogueResearch
  • Locked
Random Cloaked virus spreader in memory without knowing (Python , impossible to remove )
Replies
7
Views
763
Windows Malware Removal Help & Support
nasdaq
nasdaq
tracker
  • Locked
I am infected with a hijack loader that has never been detected by any antivirus software, and I cannot remove it.
Replies
7
Views
832
Windows Malware Removal Help & Support
nasdaq
nasdaq
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
1,183
Windows Malware Removal Help & Support
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top