Virus Total Detects Zegost Trojan in One Drive

Status
Not open for further replies.

Zemana

New Member
Thread author
Dec 31, 2019
7
I need help from experts in this site, MalwareTips, because 1 month ago Spy Hunter told me I am okay from a possible high CPU monero mining incident. Then here I am with Virus Total detecting a Trojan from One Drive that I never use and is even disabled. It goes by the name Zegost Trojan, and its usual files according to Symantec in Common Files folder came back negative as well as its registry keys. I have Norton, and they or even its support remote staff was unable to detect this issue as does many antivirus scans. Folks like you might just be able to detect this issue. This is the Virus total hash - 08dd848ee20d671560f0db814368322387b2739be3b428484dd6a429338a9191
 

Attachments

  • Addition.txt
    20.1 KB · Views: 2
  • FRST.txt
    49.4 KB · Views: 2

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Was the information given to you by the Expert David H. Lipman valid?

I have reviewed your logs and confirm that there are no malware on this computer.

Keep me posted.
 

Zemana

New Member
Thread author
Dec 31, 2019
7
That was valid. It seems to be a false positive. I contacted Antiy Labs. However, if you guys can tell me a good zegost trojan detector, or antivirus that would be great.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

You are well protected with Norton. Keep it up to date.

As an added security I suggest you install Malwarebytes.
Please download Malwarebytes Anti-Malware from here

  • Right-click on the MBAM icon and select Run as administrator to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.[/*]
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.[/*]
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.[/*]
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button[/*]
  • Note: The scan may take some time to finish, so please be patient.[/*]
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.[/*]
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.[/*]
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.[/*]
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

If your system slows down after installing Malwarebytes follow the directives on this page.
 

Zemana

New Member
Thread author
Dec 31, 2019
7
I just saw in System Information that my Desktop Laptop Platform Role is Mobile. To confirm my suspicions, in autoruns I get multiple drivers some Intel, Realtek and a majority of Samsung Android USB port, Samsung Android Device, Samsung USB Mobile Logging Device Driver etc. even though my HP laptop is not connected in any way with Samsung.To be Mobile, Transient Multi Monitor(TMM) must be enabled, thereby increasing the likelihood of a remote trojan monitoring my device.
Is this a possible Android phone malware in the likes of BlueBorne that has taken control of the laptop via those drivers via vulnerable android devices near me. Why would a Windows 10 laptop have mobile as its platform? Are there any tips on how to protect a PC from bluetooth completely, like configurations wise? Any idea on how to change the platform back to desktop?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,
Are any of your devices (phone, tablet etc.) Synced with this computer?
 

Zemana

New Member
Thread author
Dec 31, 2019
7
I have no synced accounts now. Actually, last March 2019, I did set up my laptop with Samsung SideSync. Could that installation be the reason why I have with the
With powershell command Get-WIndowsDriver -Online around 60 Samsung Electronics Co. Ltd. drivers with command line like -
C:\Windows\System32\DriverStore\FileRepository\via_usb_modem.inf_amd64_2358dcbee0e9f747\via_usb_modem.inf?
. Suspicious drivers also include Mobile Top- C:\Windows\System32\DriverStore\FileRepository\ssaebus.inf_amd64_52d5c961892b3d6b\ssaebus.inf and
Android USBdeviceClass - C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_8934a46ee8218e5f\android_win\usb.inf. However, this is a completely 100% reset computer and I remember uninstalling SideSync. So I would assume they would be gone.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Unable to find is there is a reset or how to disable Samsung sync.

If you go to the page above you will be able to talk to one of their employees.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top