Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan detected by Malwarebytes - Please help


  • This topic is locked This topic is locked
36 replies to this topic

#1 Nancy9108

Nancy9108

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 03:02 PM

Malwarebytes appears to caught a threat (I think)  It said the threat was detected and it says C:\Windows\Windows update.log. No Action by User, (24) (206868), 1.0.2285

 

The other areas say no malicious items detected.  I copied the Trojan Agent.Test into a notepad.  I am trying to figure out if I have a Trojan or not.  I reran Malwarebytes.com and it did not detect anything.  The thing is that nothing was quarantined so I don't know if I have a Trojan or not.   

 

There appeared a Windows/Minidump/070317-138653-01.dmp message and I don't know if I should click on it to get more information.

 

Can anyone help?

 

I had to use this forum years ago and it helped me eliminate  a Trojan off my computer before and I am hoping I will be helped again.

 

Thank you again in advance.  I have a quadriplegic son on life support and this computer is extremely important to helping him.

 

Thank you.

 

Nancy

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 03 July 2017 - 06:24 PM

Hi Nancy9108 :)

This looks like a false positive from Malwarebytes. Can you .zip the C:\Windows\WindowsUpdate.log file, and upload it to the link below?

https://www.bleepingcomputer.com/submit-malware.php?channel=194

There appeared a Windows/Minidump/070317-138653-01.dmp message and I don't know if I should click on it to get more information.


This means that your Windows encountered a BSOD and a minidump (.dmp) file was created in the process. If you go in the C:\Windows\Minidump folder, you should see a file called 070317-138653-01.dmp.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:00 PM

Yikes I will try to figure out how to do that.  I really am a novice at the computer.     First I will have to figure out how to find the file and then try to figure out how to .zip(?) it?

 

Will do my best.  I do know how to copy and paste things.  Would that be ok?

 

thank you for your help.

 

Nancy



#4 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:10 PM

I tried to zip it and it would not zip.  I included the text in my previous entry.  Is that not the file you need?



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 03 July 2017 - 07:12 PM

Here, this should do it for you. After running the FRST fix below, a file called "DATE-TIME.zip" should be located on your desktop. DATE and TIME being the date and time on which the fix was ran. Simply upload that .zip file to the link below.

https://www.bleepingcomputer.com/submit-malware.php?channel=194

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


Edited by Aura, 03 July 2017 - 07:12 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:15 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/3/17
Scan Time: 1:02 PM
Log File: Trojan agent.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2285
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371893
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 39 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent, C:\WINDOWS\WindowsUpdate.log, No Action By User, [24], [206868],1.0.2285

Physical Sector: 0
(No malicious items detected)


(end)



#7 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:17 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/3/17
Scan Time: 1:02 PM
Log File: Trojan agent.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2285
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371893
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 39 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent, C:\WINDOWS\WindowsUpdate.log, No Action By User, [24], [206868],1.0.2285

Physical Sector: 0
(No malicious items detected)


(end)

 

HERE IS WHAT THE TROJAN AGENT.TEXT SAID IN THE C:\Windows\WindowsUpdate.log file  SAID.  HOPE THIS WORKS SO YOU CAN SEE IT.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 03 July 2017 - 07:18 PM

This is the Malwarebytes scan log. Follow the instructions in this post please:

https://www.bleepingcomputer.com/forums/t/650686/trojan-detected-by-malwarebytes-please-help/#entry4275543

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:26 PM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/3/17
Scan Time: 1:02 PM
Log File: Trojan agent.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2285
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371893
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 39 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent, C:\WINDOWS\WindowsUpdate.log, No Action By User, [24], [206868],1.0.2285

Physical Sector: 0
(No malicious items detected)


(end)

 

HERE IS WHAT THE TROJAN AGENT.TEXT SAID IN THE C:\Windows\WindowsUpdate.log file  SAID.  HOPE THIS WORKS SO YOU CAN SEE IT.



#10 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:40 PM

I got the 2 FRST 32 bit and FRST64-bit downloaded but I don't know what to do next.  How do I move them?



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 03 July 2017 - 07:41 PM

Right-click on each of them and select Cut. Then right-click anywhere on your desktop and select Paste.

Edited by Aura, 03 July 2017 - 07:41 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:51 PM

I am stuck.  I downloaded both and when I click on the download arrow it shows both files.  When I click on one of the files it asks if I want things changed on my computer.  Do I go ahead and say Yes?  I am terribly sorry I don't know what to do.



#13 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 07:53 PM

I am stuck.  I downloaded both and when I click on the download arrow it shows both files.  When I click on one of the files it asks if I want things changed on my computer.  Do I go ahead and say Yes?  I am terribly sorry I don't know what to do.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 03 July 2017 - 08:06 PM

Click on "Yes", then follow the instructions in the post I linked previously.

Edited by Aura, 03 July 2017 - 08:06 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Nancy9108

Nancy9108
  • Topic Starter

  • Members
  • 147 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:06:56 AM

Posted 03 July 2017 - 08:06 PM

I am stuck.  I downloaded both and when I click on the download arrow it shows both files.  When I click on one of the files it asks if I want things changed on my computer.  Do I go ahead and say Yes?  I am terribly sorry I don't know what to do.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users