Operating System
Windows 10
Steps taken in order to remove the infection
Zemana, MalwareBytes
System logs
Yes, I've uploaded the FRST.txt logs
Yes, I've uploaded both FRST.txt and Addition.txt logs

archellhen

New Member
Hello, I have recently got 2 hollow processes. Like the others mentioned, I ran zemana and it only detected it without fixing it. MalwareBytes helped removing it but when i restarted the pc it was back again. I ended task manually and ran scan to get rid of it. But I keep getting reports from malware bytes about blocking websites.
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

archellhen

New Member
Here.

Also I noticed whenever I restart my PC the default apps change back to the original as if I just reset the PC. Why is that happening?
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Not sure why is that happening.


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
 

Attachments

archellhen

New Member
Here is the fixlog
Also I got notified by malware bytes that it blocked another website
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    icon and select
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.


  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

archellhen

New Member
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/30/18
Protection Event Time: 2:51 AM
Log File: fc731428-dbdd-11e8-8dd3-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7599
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: laserveradedomaina.com
IP Address: 176.31.115.114
Port: [57609]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)