Jump to content
Posted 26 November 2016 - 03:54 AM
Posted 26 November 2016 - 10:56 AM
Posted 26 November 2016 - 12:04 PM
Hey! Long story short: My friend told me to never bring my computer at his home, cause he was apparently hacked and all his android devices too for now 5-6 years ago and it followed him to his new house ( he paranoid really fast sometimes...not me) I still took my computer at his house to see...as I thought, nothing wrong at the beginning.... And now it's been about 4 months I check my computer's habbits, go see on this forum or internet to get to know more about all those malware.. for the lasts weeks, it appears to us that we had every little malware you helped people with...At the begging it was svchost.exe, then it would be anything else... I found also that it was maybe the fault of windows defender and his anti-malware, always running my cpu at 50% (even in safe mode) But when I began to check for Behaviors malware, and more specific, for registery keys that would be infected, my browser shut down, the screen flashes black like 3-4 times in a row to receive a windows message that my settings changed and it would be effective at restart....I went to check the registery and OMG, I never saw that....it has built an empire of new keys. I just need to wipe my hd and its ok...for the next hour though...running Hirens boot cd, Clamwin detected in scan memory torjan crypt 426, and when I did a full scan, he came with d:\HBCD\programs\forcerestart.cmd: trojan.bat.shutdown-7 ...with rhis, I'm done fighting, it's over my skills. *It all began with system volume information appearing on all our devices*.
Definitely follow Boopme instructions. But HBCD\Programs\forcestart.cmd seems to be a false positive. I have it on my Hirens Disc/USB as well. It's just a generic detection for the CMD file.
Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
Posted 26 November 2016 - 02:05 PM
Posted 28 November 2016 - 12:50 PM
0 members, 0 guests, 0 anonymous users