Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After-Infection Advise - Untraceable KeyLoggers and Backdoors


  • Please log in to reply
1 reply to this topic

#1 LucasAlmeida

LucasAlmeida

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 01 June 2016 - 07:49 AM

EDIT: Short Version

----------------------------------------------------------------------------------------------------------------------------------------

Hello, Bleeping Computer community

As I wrote a gigantic post that probably prevents reading, this is the short version:

 

I  have Windows 10 Pro, and my PC have been infected by malware via installation of software. I applied a large number of measures to clean the infection (see below).

 

Now my PC demonstrates no more visible traces of the infection and behaves normally, so my questions is if you (who might read) think that I may now resume usage of the PC or should still worry, as I heard multiple threats can go on untraceable through all means of scanning, like keyloggers and binnary backdoors.

Best regards to all,

----------------------------------------------------------------------------------------------------------------------------------------

Hello, Bleeping Computer community

 

As this is my first post, and I couldn't find a more fit category for this kind of question, I hope this is not the wrong place for doing so, and if it is not, I thank in advance for advise on where I could be posting this kind of questio, if it is, indeed, permitted. 

I'm using Windows 10 Pro (maybe that's where the issue starts) OS on my desktop PC. I was installing software and fell to the old "next-next-next" trap and ended up getting infected by malware.

 

*** In my defense, there were check boxes for installing the contamined software, and I unchecked them. It even went on prompting "yes or no" box stating that it would "compromise the system" if I would not install that software (yeah, sure).  However, the boxes weren't uncheked after the prompt box, and I just assumed it was some kind of lag on the installer. Bummer...

 

When the anti-virus (I use Avast Premier) started warning, I looked for solutions, and these are the measures I took:

 

* Ran Avast Boot-time scan and prompted for every found issue to be sent to quarentine, and after logging in, ran another complete system scan;

 

*Ran Malwarebytes and Spybot - Search & Destroy scans and corrected all issues found, sending everything I could to quarentines, and when unable to, deleting the malignant files;

 

*Ran Kaspersky TDSSKiller and RKill;

 

* Verified manually the Running Processes, Registry, Hosts file, Services, Group Policies and Installed Programs and removes or deactivated or stopped anything suspicious (almost anything that had unknown sources and left only those with sources that I was ABSOLUTE certain of safe procedence and existence);

 

*Used CCleaner to deactivate any process that started with the system that seemed suspicious (same criteria as above);

 

*Did this all on normal mode (not safe mode);

 

*Verified manually all my browsers and corrected all settings and homepages and I even wanted to remove any suspicious add-ons and extensions, but there weren't any. (Obs.: Edge can't open any web page, but it already couldn't previously to the infection, and I cannot find why, even though no proxy are set).

 

*Ran again all scans I could.

 

Well, manually verifying, I couldn't find any more traces of the infection, and the PC is not behaving anormally (except for an exceptionally long time to boot up and shut down, but normal performance after logging in).

 

Of course, even running all scanners in the world, I know a PC may never be really safe, and there are always something nasty that can stay there hidden.

 

I think I tried anything the average user could (but I would gladly accept any more sugestions for more measures I could take to assure safety).

 

I read about decade lasting backdoors and absolutely untraceable keyloggers and was really worried about it, although I suspect this may be exageratting, like some "searched for flu symptoms on internet and found out I have cancer" sort of effect.

 

I just want some advice about, after all this measures and now finding nothing traceable about the infection, being able to assume that I can resume normal usage of the PC (of course critical websites, like online banking, will be done inside Avast SafeZone, that doesn't even allow me print files because it generates temporary files), or should I still be scared.

 

I really, really don't want to reinstall the OS or format the PC, as I have more than 600GB of data, and most of it is software, which would had to be installed all again...

 

With this ammount of data, I couldn't search for corrupting or locking ransomware, as it would require trying to open every single app and document, and that's a lot...

 

I thank you very, very much for your attention if you read until here and thank even more if you could advice if I'm safe or sould do something else.

 

Best regards to you all.


Edited by LucasAlmeida, 01 June 2016 - 11:32 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 PM

Posted 02 June 2016 - 06:03 PM


We can only go by what the actual scan logs show ...

I can only go by what the actual scan logs show (what was detected, removed) and your description of whatever signs or symptoms of infection you are experiencing. Usually when a computer is infected with malware there most likely will be other obvious indications (signs of infection and malware symptoms) that something is wrong.

If you want a more comprehensive look at your system for possible malware by experts, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log, please reply back in this thread with a link to the new topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users