Trojan:Win32/PSWStealer.FV!MTB Caught by Windows Defender

Status
Not open for further replies.

Bukain

New Member
Thread author
May 16, 2022
5
Today, upon clicking this file called TRXWallet-qt.zip, Windows Defender pops up come up with a warning about a threat. It says Trojab:Win32/PSEStealer.FV!MTB, which seems like password stealing malware judging by the designation, but i have no idea what the words pass fullstop supposed to mean and I'm worry hell right now. With no knowledge of experiencing severe status virus, and didn't know what to do, i ordered Defender to removed the already quarantined threat out of worries. I just want to know did i done it right? Should still have to be worry? I'm using my laptop as a way to cryptocurrency wallets on Browsers, Brave and Chrome. But after the incident, i never got into one becuz i'm scared that my wallets would compromised now. Or did they already compromised upon clicking the thing/zip file thing?! I'm worried. I wish some of you can educated me of what this thing can does and what it doesn't.
Now with Defender already removed the file which had quarantined beforehand upon the click, does it means my laptop is safe now? I'm currently running a full scan with Windows Defenders as thats what they suggest to do on most of the sites that come up by Google search. One thing that is making me more worry is that i can't find any malware that ends with ".FV!MTB" in their last name. So i can't find what this thing exactly does to my system. I'm scared.
I think it got here via download/forced download(without me actually clicking any "download" button) while browsing unpopular p2p crypto exchanges. For clicking it, I'm now very sorry and sad and regret. I hope some of you here can help me and show me a way forward what to do.
Do i need to delete the windows and reinstall it from scratch? I can give a time and do it if it helps. Thank you all very much in advance I will be hoping for replies with helps

Defender shows two entries in "Protection history" for the incident. One is Threat blocked, and another is Threat removed or restored. In both shows same item for "Detected", same for "Affected items: ", but only "Threat blocked" entry has Status: Quarantined. Date and time that exact same(i think it's becuz i remove it within 1 min after catching it)
Tbh i don't really know what it all supposed to mean. I'm just scared and worried.

P.S. please ask me any information that might be needed for helping me assure my machine is safe and sound. Also mind my English too not a native speaker and i tried my best as much as i could try to explain the situation so that you guys could help by it Thanks in advance
 

Attachments

  • IMG_20220516_224430.jpg
    IMG_20220516_224430.jpg
    9.9 MB · Views: 17
  • IMG_20220516_231453.jpg
    IMG_20220516_231453.jpg
    5.9 MB · Views: 16
  • Like
Reactions: micasayyo

Bukain

New Member
Thread author
May 16, 2022
5
Hi guys, last night i scanned the system with all kinds of anti malware i can get. I started with Windows Defender full scan, malware bytes system scan, hitman pro, spybot search& destroy, malwarebytes antirootkit and EEK scan(which took very long). Found nothing so far. The password stealer is gone i suppose.
I want to know is it recommended to keep using the system for my online savings or do should i clean install the Windows altogether for that? Would you be keep using this Windows system for online saving?
Does non of the anti malware services find the threat anymore really means it is really gone or is there a possibility the threat got deep into the system and stay hidden upon activating it? Truth be told the name of the virus scare me I need you guys help.

I restored the firewall to default to if that might helps in anyway.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
903
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attache it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]
<<<>>>

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
 

Bukain

New Member
Thread author
May 16, 2022
5
Thank you for the reply nasdaq. It sure relief me abit to know an expert will check up on my system soon. I will sure to proceed with the Farbar program asap when i get back home. Won't be taking very long
 

Bukain

New Member
Thread author
May 16, 2022
5
I had scanned the system with Fabar program provided. As for any problems or signs, there aren't anything suspicious as of im using right now, apart from many Service Host Windows process in Task Manager which i suppose is normal i think. I havn't had used that much since Defender caught the thing last night out of scare. So far ive only used it for Bitdefender free installation, scanning, and creation of a bootable Windows iso usb for if things get unusable. I did uninstalled Bitdefender too. I'm in my utmost honest wish that someone could assure me of the absence of malware running in my system. So thanks in adv guys. Here are the results from Fabar:
 

Attachments

  • FRST.txt
    36.3 KB · Views: 22
  • Addition.txt
    26.1 KB · Views: 21

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
903
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Windows Defender was reporting a file that was quarantined,

Clean the Windows Defender Quarantine folder.

Comment: Delete/Restore quarantined files.

How to: Delete/Restore quarantined files.

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>


Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    3.5 KB · Views: 24
  • Like
Reactions: Bukain

Bukain

New Member
Thread author
May 16, 2022
5
Thank you very much for the attentive helps so far nasdaq. I think my case can be close. I went on to do the hard way. The Windows has been reinstalled from scratch via bootable usb with iso only after deleting all the partitions and wiping the drive twice straight. I believe that is the only possible way to fixed up my scares or paranoia. I know myself really well Thanks again for the replies


I just finished the process. It took the whole night time tho Plus now i have to update the Windows first, then reinstall all the softwares and tools i need +2-3 hours i guess. But I'd say better than sorry ☺️
Albeit only small amounts, i have to have crypto wallets as browser extensions on my laptop, specially to interact with DeFi and whatnot. So a malware with PSWStealer(it is not "PSE", i typed it wrong) in namesake seriously triggered me, and will not ease me well unless i do what i just did.
Again thank you. I couldn't believe i would get that much quick response from you guys. Very mature community it seem after browsing around. I will sure to recommend my family and friends if they ever need assistance with their security.
Here i just done it:
 

Attachments

  • IMG_20220518_041704.jpg
    IMG_20220518_041704.jpg
    4 MB · Views: 9
Status
Not open for further replies.
Top