Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Etash and ctfhost.exe


  • Please log in to reply
15 replies to this topic

#1 NotJay

NotJay

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 12 February 2018 - 10:26 AM

Greetings, I am Todd, and I am actually new to the forums, and might just stay around a bit since my lappy's not doing so well

In recent events, I've come across to this folder Etash, of which had been in my lappy for years without my knowledge, until I roam about in the directories. I've come across through the folder, and it held over 37GB in its course of a year. Now, I've tried searching about this in the past, but came out short. I deleted the excess files, but one file, that one file that can't be removed due to some reason.
It was rather careless of me, I know, and until I knew that the folder was a cesspool (Well, according to some sources) for mining coins in my device, I knew that the thing or guy behind it won't get any cent from my device soon, as soon as I could confirm if

 

ctfhost.exe is a trojan, and how could it be removed before I do something stupid, and should if I should leave it be? Like I get that it's a part (Maybe??) of the operating system but, with the date being created not at the year of which I got this device (With the ctf being at 2015, but I got this lappy at 2013) , it makes me wonder about it being the main source of this trouble.

 

I would wish for a quick response about this. I feel a bit anxious about this.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 12 February 2018 - 12:28 PM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.


1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Things to include in your next reply::

AdwCleaner txt

FRST.txt

Addition.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 14 February 2018 - 03:04 PM

Hello,

Do you still need help? If I haven't received a reply I will close this topic in 3-5 days.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 15 February 2018 - 05:09 AM

Not at the moment, thanks for the response by the way.
I was on work, haven't touched my laptop since I posted this.
I just wanted a conformation pertaining to this matter, and I think I'd be handling it by my own.
And it was, in fact, a kind of virus, yes?



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 15 February 2018 - 07:42 AM

I didn't see any true tell signs of a virus that's why I was asking for more detailed logs to take a deeper look. If you don't need any further assistance in this matter I will close this Topic.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 16 February 2018 - 09:42 AM

I would need to backup some of my files to another drive in case of a "brick" scenario, may I request an extension for this?
 



#7 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2018 - 06:29 AM

Update on the scenario:
So far, I got rid of the pest, also known as that 'Etash' sort'a file
Though the scan did wipe out some of my programs(Because I'm that clumsy, without knowing which is which, and prolly should've unchecked the box before doing so, haha, my bad), it's possible to re-install those back and run my lappy once more in one peace.

I would report once more tomorrow if the files from Etash comes back, I would appreciate to keep this open 'til tomorrow if the folder comes back and would still generate any files from it.

(Also, the key registry will follow up at any moment)



#8 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2018 - 06:30 AM

Didn't attach the AdwCleaner too, sorry

Attached Files



#9 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2018 - 06:36 AM

Though my accusations for that suspicious ctfhost still lingers, but I dunno, I would just update about this issue tomorrow.
Once more, I am thankful for the help so far



#10 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 20 February 2018 - 03:09 AM

Update, it's still there (Tho some adwares are gone)
Anything else that you might recommend on the complete removal of this pest?

Attached Files



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 20 February 2018 - 02:55 PM

Hello,

I can see you have some programs that are known malware installed. Please uninstall the following programs:

 

youtubeadblocker

iBoost

BorderlineEdit

 

Next please run the following:

 

favicon-32x32.png Please download Malwarebytes to your desktop.
 
Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
 
Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
 
The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
 
10a.png
 
After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.
 
13a.png
 
Put a checkmark on all detected and click on "Quarantine Selected"
 
18a.png
 
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
 
19a.png
 
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 

Please include the following in your next reply::

MBAM log

A new FRST.txt

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 NotJay

NotJay
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 27 February 2018 - 03:58 PM

It was a long week having to resort to another device for work (I'm sorry, it's a really tight schedule, didn't expect to be that long), but it all comes down to this: (The txt file below)

Although, I am satisfied with the work of removing several spyware and miners, there's but one left. Any more you could help me with, sir?


Edit: There's no log provided nor a restart, just a full scan happened and nothing to that extent had happened.
 

Attached Files


Edited by NotJay, 27 February 2018 - 04:02 PM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 28 February 2018 - 02:38 PM

Hello,

Can you please run FRST again and post the new FRST.txt it creates. Are you having any problems at this time with the computer?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 PM

Posted 05 March 2018 - 11:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:22 PM

Posted 06 March 2018 - 01:39 PM

Topic reopened upon request from original poster, who apologizes for his lack of response earlier.  As so often happens, other life issues took precedence for a while.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users