Random Cloaked virus spreader in memory without knowing (Python , impossible to remove )

Status
Not open for further replies.

RogueResearch

Level 1
Thread author
Nov 12, 2017
15
Hello people from malware tips. Today i had the worst explain to say that i got a following file from discord and a lot of people encourage me to open then spread lies that is not a virus , but anyways once i runned this program it start display this :
image.jpg
Im start to get confused but this thing when i clicked okay it start to crash chrome , random browsers , deploy the exe in the startup folder : like "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ABECavemod.exe" the worse problem is that even deleting the files i got a lot of accounts hacked , random type on my friends and fans , doxxed and even worse, i already formatted a pc because of that and still got access idk what they use . Another thing is that in my personal phone that is not rooted someone gathered illegal access to gallery and documents vault, just to get me straight accused and whatever things. The worse part that now someone or random person impersonate me , pretend to be me , and diss a lot of stuff behind my back.
The worse payload is also cloack itself , hack random accounts and drop txt of password and bunch of history traces to the attacker who send the file on discord.


It started to be a pain in my brain and heart , i tried doing all the things :
Reinstalling the windows
Scanned with malwarebytes and windows defender (No result)
Changing hard drives
Format the android phone and its data
Connect to another network.

I'm just afraid that if i dont know if they infected my home network or whatever , i am afraid to allow my friends and guests to connect to my wifi or network since they can be hacked , doxxed or illegal access to any account too.

I also tried analyze online but no result , no any reverse engineer or malware tracker tried to decompile the source code or track down the persons who sent this to law enforcement , the attacker had like VPN when i contact the attacker. Its unfortunate no result from the file while running.

But i want to sent the file here for analysis and results purposes but i dont have any access to sent here so the file was designed to run only on 64 bits platform , have an icon from an random angry bird pork side icon and a fake angry bird game , once you runned the file , there is no escape , its a trap.

If you have anything to say , please let me now , i'm tired of my online discord hatebase who is toxic and throwed the file , the file maybe (spreader) and i tried sent this file to many platform but no success. I'm extremly concerned by this now.

P.S. I will talk also in private message for explaining about this situation
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Microsoft Safety Scanner - MSERT.exe

Please make sure you have the latest Windows 10 updates before proceeding.


Please set File Explorer to SHOW ALL folders, all files, including Hidden ones.
Please use this Guide for Windows 10 or 11. https://support.microsoft.com/en-us...d-folders-in-windows-97fbc472-c603-9d90-91d0-
Follow the instructions.

Then Download the Microsoft Scanner for this site:

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

p.s.
There are more information for you to read in the download link.

<<<>>>

Before you post the MSERT log please execute this.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the 3 logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

RogueResearch

Level 1
Thread author
Nov 12, 2017
15
Here is , but the issue is that my gaming computer was used for chilling with my friends by playing angry birds and sekiro , but i also spent my time playing on virtual machine , and the problem is I DONT KNOW WHICH REGISTRY KEY leaved that exe file that someone sent to me in discord dms
I already delete the exe already but i am still spied on pc or even worse in my phone , i am afraid to add another account because of maybe possible hacking by token api steal or doxx.

Is take for a while for the log
 

Attachments

  • FRST.txt
    46.3 KB · Views: 3

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know what problem persists.

If Any issues remaining please run the Farbar program exe and post a fresh FRST.txt log. I will also need to see the Additional.TXt log that was created byn the program.
 

Attachments

  • Fixlist.txt
    7.6 KB · Views: 2

RogueResearch

Level 1
Thread author
Nov 12, 2017
15
There , there is the fixlog , i booted in safe mode because the files leaved by python or registry maybe spread and reinstall the infection again. There is this. Also if this program is controlled by the people from discord who start this , how it can be reversed engineered , i see that the source code is scrambled.
 

Attachments

  • Fixlog.txt
    18.7 KB · Views: 0

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,505
Hi,
Quote:
how it can be reversed engineered?

This is not my forte. I suggest you check in the Chat forum at MalwareTips Forums . An other member can possibly help you.

How is the computer running? Any malware reported.?

Good luck.
 

RogueResearch

Level 1
Thread author
Nov 12, 2017
15
Hi,
Quote:
how it can be reversed engineered?

This is not my forte. I suggest you check in the Chat forum at MalwareTips Forums . An other member can possibly help you.

How is the computer running? Any malware reported.?

Good luck.
Only suspicious activity that some attackers use discord to receive my private data , but i will sent a fsrt scan to double check.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top