Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have a Kotver bug thats hard to squish


  • Please log in to reply
4 replies to this topic

#1 borhaaa

borhaaa

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 25 January 2018 - 05:17 PM

I'm running windows 10

 

I noticed something was odd when I tried downloading and installing some software but realized I couldn't get the program to load once downloaded.  During install either 1) the install would freeze or 2) the downloaded file would get an error that says missing or moved.  Then I would have a difficult time removing the file through the control panel.  I ask it to uninstall in nothing would happen.

 

If the install would freeze I would try and cancel through task manager and  see multiple instances running.  100% CPU usage.

 

I did the following first

 

1) ran complete window defenders scan (nothing found)

2) ran malware bytes (nothing found)

 

Then searched online and ran these in order.

1) ran rkill

2) downloaded and ran the fix tool Kotver by Symantic (when i click scan it takes probably 15 minutes, says "Kotver virus detected", then the window goes away) I never get a chance to say "remove from computer" before it closes.

 

its taunting me.

 

Any thoughts?

thanks in advance

 

-ryan

 

 

 

 



BC AdBot (Login to Remove)

 


#2 borhaaa

borhaaa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 25 January 2018 - 05:31 PM

Actually, after 10 minutes (i timed it this time)  the fix tool Kotver by Symantic puts up a window that says no Kotver virus was detected. This window blocks the window behind it.  When i close it, they both close down.  

 

So not sure if it is Kotver, or if it is and its messing up the Symantic tool. 

 

thoughts?

-ryan



#3 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:14 AM

Posted 26 January 2018 - 07:36 AM

Welcome to BC...

 

According to what I found on the web if it is Kotver it does this:

If your machine is infected with the Trojan Kotver you will see very high CPU usage, and multiple mshta.exe or powershell.exe process running in Windows Task Manager.
When Trojan Kotver has infected a computer, users will also see alerts stating that “Windows PowerShell has stopped working.

 

Is that what you see and experience?

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by buddy215, 26 January 2018 - 07:37 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 borhaaa

borhaaa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 26 January 2018 - 11:54 AM

Thanks Buddy215

 

So I ran all the malware programs.  Had to run some in safe mode because they wouldn't run normally. Nothing showed up.  A work meeting later today prompted me to hire a remote assistant from Boxaid.

 

After almost 3 hours of cleaning, debugging, and removing ridiculous amounts of startup programs, it seems to be working well again.  Apparently the new windows 10 update wasn't playing with with many other programs.  Some were consuming large amounts of resources as a result and causing bazaar issues when trying to run or load new programs. That and a new tablet driver.

 

Originally the software developers I was having a hard time getting to load had diagnosed a virus which is why I began there.  Oh well.

 

Anyway things are back to normal it seems.

 

Just wanted to say thanks for jumping in and providing some feedback.  Learned a lot trying to diagnose.

 

-ryan



#5 buddy215

buddy215

  • Moderator
  • 13,314 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:14 AM

Posted 26 January 2018 - 12:51 PM

Good...that you got the computer up to par. You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users