Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Boaxxe keeps coming back after removal. Please Help!


  • Please log in to reply
6 replies to this topic

#1 jimsta0

jimsta0

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 27 April 2017 - 11:53 PM

I basically, foolishly downloaded something online and it gave me malware. I've tried removing them with Malwarebytes many times. I would scan, it would tell me what is infected, i quarantine them and restart my computer. I have also tried booting up in Safe Mode and scanning with Malwarebytes but none of the viruses would show up in the scan which is weird.

I have a windows 7 x64. Here is a recent Log scan. Help would be appreciated thank you!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/27/2017
Scan Time: 9:38 PM
Logfile: MALWARE LOG3.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.28.01
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303549
Time Elapsed: 5 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 2
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [afc2867001a7ff3727d7af020df4bf41],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [afc2867001a7ff3727d7af020df4bf41],

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.Boaxxe, HKU\S-1-5-21-4010394213-735003750-830377677-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|YQPack, C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Idssoft\Ww_x86.dll, , [b0c14aac54547eb8ed0a1ee56f91ea16]

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack, , [afc2867001a7ff3727d7af020df4bf41],

Files: 2
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.0, , [afc2867001a7ff3727d7af020df4bf41],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [afc2867001a7ff3727d7af020df4bf41],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Moved from Windows 7

NickAu


Edited by NickAu, 27 April 2017 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 jimsta0

jimsta0
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 28 April 2017 - 12:11 AM

update: looks like its spreading :(

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/27/2017
Scan Time: 10:04 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.28.01
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303844
Time Elapsed: 6 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 13
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack, , [bfb23db97335181e5ea0c4edf60b8878],

Files: 1
Trojan.Boaxxe, C:\Users\User\AppData\Local\YdPack\dHelpengine.dll, , [bfb23db97335181e5ea0c4edf60b8878],

Physical Sectors: 0
(No malicious items detected)


(end)



#3 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,106 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:48 PM

Posted 28 April 2017 - 08:34 AM

Once you quarantine them, go to the Quarantine icon and select all the files and click delete.


Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda


#4 achzone

achzone

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:01:48 PM

Posted 28 April 2017 - 01:08 PM

There is likely to be a rootkit hidden on your machine that is causing a re-infection of Trojan.Boaxxe at startup or after a set period of time. Malwarebytes is identifying the infection itself, but not the rootkit that is causing the re-infection to occur.  Have you tried a Custom Scan of your system drive with Malwarebytes?

 

Example: In Malwarebytes, click Scan > Custom Scan > Configure Scan - Select your System Drive and ensure the "Scan for rootkits" box is ticked. Now scan again and allow Malwarebytes to quarantine everything it finds.  It's best to do this after booting Windows is into Safe Mode.  Once done, reboot and see if the problem is resolved.

 

Still no joy?

 

Download a copy of SuperAntiSpyware (it doesn't just deal with spyware and will happily run alongside Malwarebytes Premium)  Scan with that after cleaning with Malwarebytes and see if that picks up anything that Malwarebytes may be missing. I've had at least one instance of dealing with a clients machine where an up to date Malwarebytes Premium install didn't find a rootkit where SuperAntiSpyware did and resolved the problem.

 

Good luck and please let us know how you went.

 

Best..



#5 achzone

achzone

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:01:48 PM

Posted 28 April 2017 - 01:12 PM

Just found this..

 

http://smallbusiness.chron.com/remove-trojanboaxxe-59757.html

 

If the above fails to resolve the problem, try a Manual Removal of Trojan.Boaxxe as per the link above. It's quite an exhausting procedure, but worth a try.

 

Good luck..



#6 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:02:48 AM

Posted 28 April 2017 - 06:54 PM

By the looks of that you shouldn't do anything further to the machine until a Bleeping computer malware response team member has helped you,one

should be along in a bit,be patient,there usually very busy..

 

Am i Infected guidelines

 

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/



#7 iMacg3

iMacg3

    Bleepin' PowerPC G3


  • Malware Study Hall Senior
  • 2,106 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:09:48 PM

Posted 29 April 2017 - 10:40 AM

You might try Malwarebytes Anti-Rootkit to remove the rootkit.

Download MBAR from here.

  1. Run the file and click OK to the extracting prompt.
  2. MBAR will open.
  3. Click Update on the next screen.
  4. Once the update is done click Next, then Scan. 
  5. If the scan finished and no malware was found click Exit.
  6. If malware was found, make sure to check all the items and click Cleanup. Please restart your computer. Open the "MBAR" folder located on the desktop and paste the contents of the below files in a post:

mbar-log-{date here} (xx-xx-xx).txt

system-log.txt


Regards, iMacg3

 

If I do not reply to your malware removal topic in 48 hours, please send me a PM. 

"Do, or do not. There is no try." - Yoda





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users