Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I must admit it...I need help :/


  • This topic is locked This topic is locked
4 replies to this topic

#1 masterjulzz

masterjulzz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:47 AM

Posted 26 November 2016 - 03:54 AM

Hey! Long story short: My friend told me to never bring my computer at his home, cause he was apparently hacked and all his android devices too for now 5-6 years ago and it followed him to his new house ( he paranoid really fast sometimes...not me) I still took my computer at his house to see...as I thought, nothing wrong at the beginning.... And now it's been about 4 months I check my computer's habbits, go see on this forum or internet to get to know more about all those malware.. for the lasts weeks, it appears to us that we had every little malware you helped people with...At the begging it was svchost.exe, then it would be anything else... I found also that it was maybe the fault of windows defender and his anti-malware, always running my cpu at 50% (even in safe mode) But when I began to check for Behaviors malware, and more specific, for registery keys that would be infected, my browser shut down, the screen flashes black like 3-4 times in a row to receive a windows message that my settings changed and it would be effective at restart....I went to check the registery and OMG, I never saw that....it has built an empire of new keys. I just need to wipe my hd and its ok...for the next hour though...running Hirens boot cd, Clamwin detected in scan memory torjan crypt 426, and when I did a full scan, he came with d:\HBCD\programs\forcerestart.cmd: trojan.bat.shutdown-7 ...with rhis, I'm done fighting, it's over my skills. *It all began with system volume information appearing on all our devices*.
Thank you
masterjulzz

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 26 November 2016 - 10:56 AM

Hello this is a serious malware and we should get a deeper look to see what specific tools may need be run.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:47 AM

Posted 26 November 2016 - 12:04 PM

Hey! Long story short: My friend told me to never bring my computer at his home, cause he was apparently hacked and all his android devices too for now 5-6 years ago and it followed him to his new house ( he paranoid really fast sometimes...not me) I still took my computer at his house to see...as I thought, nothing wrong at the beginning.... And now it's been about 4 months I check my computer's habbits, go see on this forum or internet to get to know more about all those malware.. for the lasts weeks, it appears to us that we had every little malware you helped people with...At the begging it was svchost.exe, then it would be anything else... I found also that it was maybe the fault of windows defender and his anti-malware, always running my cpu at 50% (even in safe mode) But when I began to check for Behaviors malware, and more specific, for registery keys that would be infected, my browser shut down, the screen flashes black like 3-4 times in a row to receive a windows message that my settings changed and it would be effective at restart....I went to check the registery and OMG, I never saw that....it has built an empire of new keys. I just need to wipe my hd and its ok...for the next hour though...running Hirens boot cd, Clamwin detected in scan memory torjan crypt 426, and when I did a full scan, he came with d:\HBCD\programs\forcerestart.cmd: trojan.bat.shutdown-7 ...with rhis, I'm done fighting, it's over my skills. *It all began with system volume information appearing on all our devices*.
Thank you
masterjulzz

 

Definitely follow Boopme instructions. But HBCD\Programs\forcestart.cmd seems to be a false positive. I have it on my Hirens Disc/USB as well. It's just a generic detection for the CMD file.



#4 masterjulzz

masterjulzz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:47 AM

Posted 26 November 2016 - 02:05 PM

No problem, I'll act as quickly then. And for my friend's computer, I guess he has to create his own account and post his own scan to not interfer with mine?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:47 AM

Posted 28 November 2016 - 12:50 PM

Yes, there own topic is best.

Your new topic.

http://www.bleepingcomputer.com/forums/t/633194/infected-with-a-serious-malware-behavior-backdoor/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users