Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Rootkit


  • This topic is locked This topic is locked
3 replies to this topic

#1 IMWraith

IMWraith

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 January 2017 - 06:04 AM

So, it was quite a ride with this one.
 
For a reference and running it into a virtual PC or something, this is the link to the suspected link that I may have stupidly enough clicked and exited from in less than 2 seconds
hxxp://www.gwentdb.com/forums/off-topic/general-chat/347-tessssss
Please, handle the link with care, and only through a VPC setup.
 
I was first alarmed when my PC text-to-speeched me something about "anus" whilst I was watching a video, which got me to the next immediate steps.
 
I immediately system restored to a previous date and ever since I did there wasn't anything indicative of malware on my system. RKill, TRSS, MWAR, Malwarebytes etc don't find anything even remotely suspicious.
 
Ever since I cannot find anything, other than this CMD running at start up (check screenshot) which could be connected to a bumpy system restore. I need to know that my PC is safe though, I'd rather go through the trouble to format everything (though I'd desire not to, since I wouldn't know how to reupgrade to W 10).

If any of you guys can assist me with this, I'd be eternally grateful.

Attached Files


Edited by Jo*, 22 January 2017 - 07:51 AM.


BC AdBot (Login to Remove)

 


#2 IMWraith

IMWraith
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 January 2017 - 08:59 AM

Add Eset One-Time Scan to the list returning negative and bitdefender free finding 3 positives buy highly doubtable. I have however cleaned them and if needed will repair the programs I deemed it found false positive (like steamservice.dll or something which was were it was supposed to be, couldn't be a rootkit in that place, etc)



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:10 AM

Posted 23 January 2017 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

Wait for further instructions.

#4 IMWraith

IMWraith
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 24 January 2017 - 05:23 AM

Honestly, thank you for replying to me, but I am pretty certain everything is under control. The text to speech I heard was literally a discord plaything and I was told of it after I made the post. Also the CMD prompt started coming up after the system restore which could have resulted in some files being invalidated, since it stopped after I repaired the installation and then deleted the program from my computer.

It is fair to say that my computer is virus free. I am sorry for making a fuss over it, I really didn't expect something that simple. I wish you the best. Happy hunting <3






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users