Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Detected Nyetya Trojan in CCleaner


  • This topic is locked This topic is locked
11 replies to this topic

#1 MrC0f33

MrC0f33

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 18 September 2017 - 12:37 PM

Greetings,

 

Just a few moments ago, when MWB was undergoing its scheduled scan, CCleaner.exe was detected as a Nyetya Trojan. Immediately, I did as MWB advised and restarted my PC, which then moved the Trojan to the Quarantine of MWB.

Just to be extra sure, I uninstalled CCleaner with GeekUninstaller. Attached with this thread are logs of various AV programe used. I ran RKill and found nothing, but I will upload my FRST LOGS, RKill LOGS, MTB LOGS (To check for DNS poisoning), and finally my MWB removal logs.

Note: I am using MWB Premium

I hope experts in the forum can kindly provide me with a complete diagnostic from my logs as to whether any traces of the trojan is still in my system.

I am looking forward to your reply

Thank-you

Regards   



BC AdBot (Login to Remove)

 


#2 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 18 September 2017 - 12:46 PM

What does all this mean?

https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

Do I need to reinstall windows?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 19 September 2017 - 07:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

This is an additional topic for your information.
https://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

Get the latest version of the tool from the site suggested.

====

#4 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 19 September 2017 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

This is an additional topic for your information.
https://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

Get the latest version of the tool from the site suggested.

====

Dear Nasdaq,

Thank-you for the informative reply. 
So I assume that my PC has a clean bill of health AND that all is normal with my Internet connection (i.e. my DNS)?

Thank-you for the reply.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 19 September 2017 - 12:02 PM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 20 September 2017 - 09:46 AM

Dear Nasdaq,

So I take it that everything is fine with my computer including my DNS?

Thank-you



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 20 September 2017 - 01:10 PM

Do you have any problems when you are using the Internet?

If not then all is good.

#8 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 20 September 2017 - 01:34 PM

Dear Nasdaq,

I have no problems with using my Internet. But I just wanted to make sure.  :orange: 

Thank-you.



#9 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 21 September 2017 - 12:13 AM

Sorry for being a wee bit paranoid, but can you kindly ensure that my DNS is from Malaysia and TM?

Please and thank you

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 21 September 2017 - 06:05 AM

Hi,

How to reset your DSN

https://www.whatsmydns.net/flush-dns.html

#11 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 AM

Posted 21 September 2017 - 06:31 AM

Alright, thanks for the info.

You may kindly close this thread as no problem is to be found.

 

Thank-you once again for your help.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 21 September 2017 - 01:24 PM

Hi,

I do not want to scare you but this has just been published.

http://www.spywareinfoforum.com/topic/118846-spam-frauds-fakes-and-other-malware-deliveries/page-40#entry800746

For your reading.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users