Hidden Virus/Malware

Started by jupiterian, April 17, 2021, 11:45:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

jupiterian

Hi, I'm really struggling with a virus of some kind. Or multiple viruses. None of the antivirus have been able to locate it yet I can see it plainly in system files and registry keys. I'm not very techy so not good with this at all. Tried a couple of clean installs of windows. Still there. Wiped the hard drive. Still there. Not causing big issues but I don't feel safe. Luckily didn't have anything worth knowing available on it, have changed passwords and tightened up router as they are getting through that too. They've actually got a hidden network they automatically connect my laptop to when I try to go online. So I've managed to change that. For now. Not using laptop for anything, but wanted to be online to get help. Downloaded avast and they took over that app too. Any ideas on what I can do other than a whole new laptop?

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

QuoteI'm really struggling with a virus of some kind.
What makes you think this? What are the symptoms?

QuoteNone of the antivirus have been able to locate it yet I can see it plainly in system files and registry keys.
What is it you're seeing?

QuoteI'm not very techy so not good with this at all.
Anyone that can get into the registry knows his/her way around a computer. Are you joking?

Quotehave changed passwords and tightened up router as they are getting through that too.
How do you know?

QuoteThey've actually got a hidden network they automatically connect my laptop to when I try to go online
What proof do you have that this is happening?
QuoteDownloaded avast and they took over that app too.
What do you mean with this statement?
Windows 8 and Windows 10 dual boot with two SSD's

jupiterian

Hi!

There wasn't really any other than high CPU usage which made me start to look. I decided to check my ports and saw that most were open with established connections. Shut them down through the firewall. Noticed there was two devices connected to network. Removed them. Checked router and connections were made when no devices of mine were connected. One drive wanted me to log in although I am normally always logged in. Many established TCP connections, with quite a few listening ports.

File pathway for onedrive seems abnormal c:\user\di\AppData\local\Microsoft\onedrive\21.052.0314. 001\OneDriveSetup.exe /uninstall /permachine /childprocess /silent /rename Replace Onedrive.exe /renameReplaceODSUExe

Firewall also listed lots of programs I have never downloaded or ran (nor can find on system) as being allowed through.

Tried to update Edge, came up asking did I want device Microsoft Edge located on hard drive to make changes with Clsid 4D111E08-CBF7-4F12-A926-2C790AF52FC.

I've got two files for Edge. One with msedge.exe and the other MicrosoftEdge.exe. Whatever is happening files are being replicated, avast was one and I couldn't uninstall it, it didn't appear in my apps, couldn't find it in programs.

As for the registry i don't know enough to change anything in it but I saw that there is a lot more keys than normal.

SuperDave

I still haven't seen any evidence of malware but please run these scans and I will take a look.
*************************************************************************
Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)
*************************************************
Download Security Check by screen317 from the following link and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
Windows 8 and Windows 10 dual boot with two SSD's

jupiterian

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-19-2021
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  31968
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1632 octets] - [19/04/2021 16:01:12]
AdwCleaner[C00].txt - [1846 octets] - [19/04/2021 16:02:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 19/04/2021
Scan Time: 16:35
Log File: d4cc7126-a124-11eb-b870-000000000000.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39579
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-FTLDQSB\ffs

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274381
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Windows Defender   
McAfee VirusScan   
Malwarebytes       
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpyHunter 5   
````````Process Check: objlist.exe by Laurent````````[/u] 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamtray.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

SuperDave

I see you have two AV's active on your computer: Windows Defender (which is the resident AV that comes with Windows 10) and McAfee VirusScan. One of these should be disabled. If you paid for McAfee you should keep this one until your perscription runs out. Windows Defender is capable of keeping your computer safe. I see nothing that tells me your computer is infected.
Windows 8 and Windows 10 dual boot with two SSD's