Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no idea what to do anymore.


  • This topic is locked This topic is locked
48 replies to this topic

#1 leaftwisted

leaftwisted

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 02:32 AM

everywhere i look everythings telling me i have some crazy intense virus that can log info even when my router is unplugged.the more i look and read the more confused i get .aparently i have nothing. but aparently i have a RDP viruis or a logger.or a bitminer. idk everything i read is blowing my mind . even the files on my pc are acting weird ,some are missing files some are running weird things .some are logging info.which is normal for the most part but they are almost acting suspicious or outta context?and i cnat pin point it. pc has been degrading huge time over the last month due to this.this pc was able to insta load and do w.e i want it to. now i struggle with everything and have constant DC from net,and weir logs and files acting outta context

 



BC AdBot (Login to Remove)

 


#2 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 02:48 AM

LOL ya bin their before, my self i wouldn't even try and debug a system that badly messed up.

Id just Full purge with a department of defense approved hdd formatter and reinstall and watch out about usb keys and DVD that might have things on em too that start the party all over.

But if you want and this should be funny, theirs pros on BC that will try and clean things up for you and try and save the install, my self i wouldn't bother but that's just my stile.

 

Hope you have backups.



#3 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 02:10 PM

LOL ya bin their before, my self i wouldn't even try and debug a system that badly messed up.

Id just Full purge with a department of defense approved hdd formatter and reinstall and watch out about usb keys and DVD that might have things on em too that start the party all over.

But if you want and this should be funny, theirs pros on BC that will try and clean things up for you and try and save the install, my self i wouldn't bother but that's just my stile.

 

Hope you have backups.

backups were infected long ago. had to remove. havnt made a restore point since cuz of it. id just be reverting back to a corrupted system and starting from square one. 



#4 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 02:19 PM

:(

 

What anti-virus/malware/rootkit detectors have you tried to run and or are using.

 

Your windows version plz.

 

Bin a long time since iv seen a self replication EXE code injector virus, Most AV pick up on that kind of thing fast.

Sorry about first post, didn't mean to joke about your misfortune :/

 

Ps: This is probably best left to the BC malware pros.



#5 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 03:51 PM

no,no. i completely understand your humour. ive been thinking the same thing as i am a small time under-educated IT.even a few of my other friends were confused and said its odd the way things are acting and its been sometimes since they've seen this sorta activity. im hoping this isnt a new age virus with no definition built to it yet. that would be bad. as i am not like the IT's whom purposefully go outta their way to fix files and download things and run them in sandbox etc. im aware of most of things but also the gaps in between are causing a substantial problem for my level of understanding.



OS /W7 home premium x64 X86

AS/AV/RKcleaners/-  JRT,HJT,Hitmanpro,MSE, adwcleaner,cccleaner,frst64,autoruns,i was using ESET NOD 32 but didnt like it and opt for mse.
spyware blaster ,MRT, pcdecrapifier.Geek64,combofix.dds......i could go on forever.even wrote my own scripts and have a few from friends and a few other "programs i cant list" i know a decent amount. hence my obtuse amount of insecurity and confusing,im very irk'd/vexed.



#6 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 03:57 PM

after my scans and tech work are done and i get a conclusion i might just check and see if its a hardware problem and not a software issue. lol . not sure at this point. some real internal dmg coulda happened from so many things. moving,software degrading from overclock or gpu busting such as bitcoin miners etc.ughhhhh honestly might just get a new router,psu,gpu and cpu lol friggggggggggggg so stresseddddddd



#7 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 04:02 PM

K you've done the rounds it seems, and the problem is still thier.

 

im hoping this isnt a new age virus with no definition built to it yet

 

Seen that kind of thing before, sadly when that topic hits hard and the computer gos insane old stile quarantine procedures and data purges end up what happens next with full HDD wipes & reinstall, though the AV people will love to know whats going on at your end.

 

Some tools that you will find useful when rebuilding a computer.

 

http://www.hirensbootcd.org/

 

https://linuxmint.com/

 

http://www.ultimatebootcd.com/

 

Any way you can download Process Explorer and post screen shots of what running at you end program wise on the infected computer ?

 

https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

 

This is good too.

 

http://www.glarysoft.com/security-process-explorer/download/

 

after my scans and tech work are done and i get a conclusion i might just check and see if its a hardware problem and not a software issue. lol . not sure at this point. some real internal dmg coulda happened from so many things. moving,software degrading from overclock or gpu busting such as bitcoin miners etc.ughhhhh honestly might just get a new router,psu,gpu and cpu lol friggggggggggggg so stresseddddddd

 

hold off on that for a bit, lets see what we can see.


Edited by shadow_647, 17 December 2016 - 04:11 PM.


#8 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 04:19 PM

hmm,ya and even if it is something "new" i would LOVEEE to contribute my part and make as much of this information known as possible. seems like a RDP is running whilst injecting codes and edit binary in the registry and loading tasks and bats? very complex.it operates almost as if its a microsoft file thats whats mind blowing to me. or it could be a memory leak and im retarded. lol. computers are so interesting ,yet. so stressing. i feel like i know nothing. and all ive done is do schooling/reading/learning ,for just this sorta stuff. reading editing re/binary/files. creating programming data and exes and light work app development. 

in all honesty im just hoping to learn something out of this experince.even if it did cost me a two grand pc lol. i Love learning and would love to see this as an oppurtunity to build from rather then give up or look at it as a negative thing. im hoping my optimism holds out. LOL i feel i have to be optimistic with my pc or there will be no hope. lol xD



#9 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 04:28 PM

if u are interested in following the procedure and keeping updated as well, heres the link to the malware topic i started ,and we only just begun the "reading process thus far and haven't altered or ran anything other then viewers yet . https://forums.malwarebytes.com/topic/192155-possible-infection/ 



#10 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 04:34 PM

dude !

 

Any way you can download Process Explorer and post screen shots of what running at you end program wise on the infected computer ?

 

Can you ? O_o

 

 

in all honesty im just hoping to learn something out of this experience.even if it did cost me a two grand pc lol.

 

Whatever, full purge and rebuild would fix this topic as you know but i wouldn't mind seeing what we can see as to whats going on.



#11 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 04:36 PM

i was instructed to do nothing else other then instructed by the tech until its finished. i would have done so already sir. lol. take no offense to that .im sure u know the drill . i am un able to do anything other then what is stated by the "forum helper"  :P



#12 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 04:38 PM

dude !

 

Any way you can download Process Explorer and post screen shots of what running at you end program wise on the infected computer ?

 

Can you ? O_o

 

 

in all honesty im just hoping to learn something out of this experience.even if it did cost me a two grand pc lol.

 

Whatever, full purge and rebuild would fix this topic as you know but i wouldn't mind seeing what we can see as to whats going on.

i cant use my cd drives btw.my install disc wont work lol. drives mangled ,no idea why. 



#13 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 04:44 PM

Ya ok,guess we have to wait then.

Wouldn't mind having the pc under my nose though just to see what i can see, im a machine on this topic though i often don't try and save Os installs when all hell brakes lose, the Os often takes critical damage from the infection/repair processes in many cases, i do try and save the data though if theirs no backups and things worth trying to save but theirs all way a risk if dealing with pro virus code when doing this that the problem comes back when the files are used once more.

 

What a mess, best of luck.



#14 leaftwisted

leaftwisted
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 17 December 2016 - 05:43 PM

dude !

 

Any way you can download Process Explorer and post screen shots of what running at you end program wise on the infected computer ?

 

Can you ? O_o

YEssir,sorry for delay boss man lol this is  a simple task that requires no modification so it is permitted. as its just a viewer essentially  here ya gooo 

https://gyazo.com/d78b277d47811fae92e7b8a57df77c91

and picking up where the txts ended scrolling down. heres the rest. 

https://gyazo.com/5877ca4fd64f85333c36a4fb8b179be0

 

EDIT: also,the problem seems only to occur late at night early in the am. that seems to have been an important thing,as if its trying to ttrun whilst im sleeping or the pc has"downtime" or idletime so to speak, (me not using or being at the pc and it just running or being off)


Edited by leaftwisted, 17 December 2016 - 05:44 PM.


#15 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 December 2016 - 06:36 PM

First thing that poped out when looking at the pics is you have like 10+ or so chrome.exe running all at the same time with different pids (process ID), im not understanding what going on here and the total combined memory  use is huge like 2~3 gigs ram total.

 

You have more then one SCVhost.exe running, not uncommon but one of em by it self is using like 300megs ram, on my box total for all cases of that EXE its like not even 20megs atm.

 

My self when im running Firefox i have one PID going and only one EXE running regardless of how many windows or tabs i have open, sometimes when i surf i have like 20+ windows and tabs going at the same time.

 

You have a lot of junk runing too all at the same time, i have like 1/4 that runing on my setup.

 

Mind doing a start/run/cmd.exe open command line window and enter the command netstat -ano

post pic

 

just trying to see if your computer bin turned in to a zombie botnet computer.


Edited by shadow_647, 17 December 2016 - 06:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users