Theres a Cryptomining that takes over your pc using the dev services to exploit the DCOM and it hides under the name of svchost.exe

Status
Not open for further replies.
Hectorhiram65

Hectorhiram65

New Member
Thread author
Jul 22, 2021
1
Hey guys...
So theres this crypto-mining trojan that installs programs and features and even erase the original ones. And they also will install on boot, and denies any access once u try to control over it. Whenever i was disabling services, my firewall suddenly blocked a program called “smartass.exe”, so then I disabled one of its services that copy and replaced original certificates for the new infected original programs and even dism.exe is infected, and controlled even if u run a /online restore image, it will restore it from a local folder and if u mess with it, rundll32.exe will take over any windows programs and run a fake “access denied” or it will delete the settingcontrolleruser, for no access, and make trusted installer, and the network administrators the only rights having users. Making your PC their new CryptoPC making, and even use your own wifi to run for cryptomining and send your data to someone from Uganda in the background. The same trojan infected itself into my usb, and install itself,and also into my gaming pc i tried doing a fresh .iso fresh copy. I format the hard drives completely, but it still manage to copy itself, and run their infected operated system. I even tried tron and my paid antivirus on safe mode with network, and it still ran it like it was windows but they exploiting DCOM and taking over the system32 in the background so if u run any antivirus it will not let it access or recognize it as authentic programs from windows. I literally tried everything, and found a way to reset the pc and run CMD before the services, or any program execute. I found that it has original programs with fake certificates that are from microsoft and they will stop the original microsoft program and run their own infected programs, and even media, and recovery programs they clone. They install it all over again. Even if u corrupt their file extension, they will always force their way into system to boot their repair and installation infected programs that will install the trojan, into the hard drive, all over again. Once you run windows it will act like nothing happen, but in the background it will install everything, to make your pc, a crypto-minerpc all over again. Note this trojan been in my computer for a very while and the strangest of all is that it learns like a A.I when u tried to delete it making this virus my worst nightmare.



PS: I been tryng to get help on it. I can send the scan logs of tronscript and u will see that its not doing any harm but, once u tried to mess with it. It will make your PC a slave machine that it will be as silent as a ninja and as deadly as one when u tried to erase it from the root. Thanks in advance to anyone that tries to help me out delete this nasty trojan, worm, virus.
 
nasdaq

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.


If you do not have Malwarebytes installed just run it as suggested, If not:

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Click the LogFile button and the report will open in Notepad.[/*]
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.[/*]
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.[/*]
  • Double click on AdwCleaner.exe to run the tool.[/*]
  • Click the Scan button and wait for the process to complete.[/*]
  • Check off the element(s) you wish to keep.[/*]
  • Click on the Clean button follow the prompts.[/*]
  • A log file will automatically open after the scan has finished.[/*]
  • Please post the content of that log file with your next answer.[/*]
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).[/*]
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 
  • Like
Reactions: upnorth
Status
Not open for further replies.

Similar threads

tracker
  • Locked
I am infected with a hijack loader that has never been detected by any antivirus software, and I cannot remove it.
Replies
7
Views
825
Windows Malware Removal Help & Support
nasdaq
nasdaq
lokamoka820
    • Like
Serious Discussion What is the Best Alternative to Patch My Pc?
Replies
16
Views
668
System utilities
roger_m
R
Gandalf_The_Grey
    • +Reputation
    • Like
Technology EU adds Temu to its VLOP list under the Digital Services Act (DSA)
Replies
0
Views
458
Technology News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top