Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot or trojan took over my pc. installs multiple programs and eat cpu


  • This topic is locked This topic is locked
4 replies to this topic

#1 helloineedyourhelp

helloineedyourhelp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 27 April 2017 - 12:42 PM

Hello

 

I noticed problem first around end of February. PC became very slow and constantly new programs installed(usually with the same name as existing). Anti virus programs were outdated at the time of infection. Now that Malwerebytes is up to date &avast but they cant find the virus. I also noticed in Router config IPv4 is enabled while IPv6 is disabled.

everytime I reinstall windows I first have another user "defaultuser0"(heard its a bug but i suspect it makes changes in PC) at some point user names Guest is added.

Not sure if my flashkey and external hard disk are compromised. At some point I asked IT guy to preform reset to bios and he did. said virus cant survive such precigure,yet it returned.

Multiple services with same name,strange files in User/Appdata Locallow/Microsoft/Cryptneturlcache, Windows installed with programs I never used such as VulkanRT,files named firefox are added,skype services running while i dont have skype and finnaly i suspect it redirects and fools the system to install fake updates.

I lost my final project where i was studying and now Im trying to save my PC.(email was hacked,later on steam account. restored both of them but I understand im not safe)

 

I opened topics on Malwarebytes forum but did not recieve response. I dont follow that topic anymore and will seek help here.

Windows currently installed isnt genuine since i cant risk installing  real licence in case it will steal it. After I figure virus problem out I will install Genuine version.(mentioned it because i read you dont support piracy)

 

Here are Farbar files.

 

Thanks ahead, If I missed any step please let me know.

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:56 PM

Posted 28 April 2017 - 08:36 AM

helloineedyourhelp:
 
:welcome: to the Bleeping Computer Virus, Trojan, Spyware and Malware Removal Forum.
 

Windows currently installed isnt genuine since i cant risk installing  real licence in case it will steal it. After I figure virus problem out I will install Genuine version.(mentioned it because i read you dont support piracy)

 
Windows 10 is licensed to a specific computer; therefore, no one can "steal" your licence.  You are correct.  Bleeping Computer does not support software piracy.
 
If you wish receive assistance here, please purchase a legal copy of Windows 10; or, purchase/install a legal copy of another version of Windows.
 
You should backup all of your files before modifying the operating system!
 
If that is agreeable to you, then after you have uninstalled any illicit software, please run the following scan for me.

:step1: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step2: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply.

.


If you do not wish to receive assistance here, under these conditions, then please let me know and I will conclude your topic.

Thank you and have a great day.

Regards,
-Phil
 


Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:56 PM

Posted 29 April 2017 - 11:31 AM

helloineedyourhelp:
 
I received your private email.  You stated that sometimes you have observed some members of the Bleeping Computer Malware Response Team (MRT) assist others who have pirated software.  It is true that MRT members do have some discretion in that regard, BUT it should exercised judiciously because, by official policy, Bleeping Computer does not support software piracy.  There can always be exceptions made under very extenuating circumstances.  I do not believe that your situation is one that would justify such an exemption since you knowingly installed a "cracked" version of Windows.
 
You state that you believe that by admitting that your copy of Windows 10 x64 Home is illicit that you have been denied assistance.  The FRST logs would have revealed the "crack" files used to circumvent Windows licensing requirements, so I would have informed you of that finding after reviewing your logs.  Honesty is always the best policy.  Using "cracked" software and "keygens" is a major attack vector for malware.
 
I did look for your posting over at the Malwarebytes Forum, because you stated that you had posted there, but there is no record there of the name: "helloineedyourhelp" and nor did I succeed in locating your posts there.  The policy against pirated software is very strictly enforced in the Malwarebytes Forums, where I am a "Trusted Advisor".
 
It is pretty much futile to try to clean up a computer that is using illicit software, since the malware will often simply return.  Personally, I am not inclined to pursue that probably futile course of action with you.
 
If you wish to receive assistance, then please remove the illegal copy of  Windows and replace it with a legitimate copy.  I will then want you to run CKScanner and to provide me with a fresh set of FRST logs.  Please copy and paste the contents of all three logs into your next reply or replies.
 
If you wish to cancel your request for assistance, then please let me know, and I will conclude your topic.
 
Thank you and have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:56 PM

Posted 02 May 2017 - 05:27 AM

helloineedyourhelp:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:07:56 PM

Posted 04 May 2017 - 12:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users