Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidentally ran a trojan, scans not detecting anything


  • Please log in to reply
2 replies to this topic

#1 emilyelizabeth

emilyelizabeth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 05 March 2016 - 02:12 PM

OS: Win7 x64 SP1
 
I believe I infected my PC with a trojan/MSIL/injector/rootkit earlier, and so far all of the scans and apps I've run have found nothing (TDSSKiller, Malware Bytes, Kaspersky Virus Removal Tool 2015, HitmanPro, Microsoft Security Essentials).
 
I really find it hard to believe that my system is actually clean since I saw a suspicious popup when I made the mistake of dragging a malware exe from a compressed file on top of a malware exe in a Windows folder, which launched the underlying exe (or did it launch the one I was dragging?)--I was trying to unzip the file and missed my drag-and-drop target.
 
I quickly closed the popup and disconnected from the internet. I didn't get a chance to register what it was that I was seeing on the popup, but it may have been a fake antivirus type window.
 
These are the two files that were involved in this screw up:
 
 
 
I've also uploaded them for behavior analysis, available here:
 
The analysis shows creation of "File.exe" and "Sysstem.exe" in a temp folder, yet a full system search for those file names turned up no results. And when I ran the viruses in a virtual machine, there was no popup, but I did see those file names appear briefly in the running processes.
 
Any suggestions for next steps? I'd like to get any possible infection removed without putting the system back online for fear that a bunch of malware will be downloaded as soon as the trojan/dropper has a connection. I can provide copies of the virus files, if that's helpful.
 
Thanks!
 
P.S. Yes, I realize this was very stupid of me. I'll be 1,000% more careful next time I have to deal with potential virus files at work.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,425 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:14 PM

Posted 05 March 2016 - 03:02 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,425 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:14 PM

Posted 10 March 2016 - 03:33 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.[/tt]

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users