Author Topic: Tough simplitec  (Read 14938 times)

0 Members and 1 Guest are viewing this topic.

Reply #30May 04, 2017, 04:58:41 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2571
  • Reputation:
    97
    • View Profile
Re: Tough simplitec
« Reply #30 on: May 04, 2017, 04:58:41 pm »
Hi Johyn,

We are going to check for rootkits.
  • Please download TDSSKiller and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



  • Check Loaded Modules and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.



  • Click Start Scan and allow the scan process to run.
    If threats are detected select Skip for all of them unless I instruct you otherwise.
  • Click Continue



  • Click Reboot computer
Please attach the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\)in your next reply.

Regards.

Reply #31May 04, 2017, 07:41:41 pm

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Re: Tough simplitec
« Reply #31 on: May 04, 2017, 07:41:41 pm »
Ok, nothin found..

Reply #32May 04, 2017, 08:00:03 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2571
  • Reputation:
    97
    • View Profile
Re: Tough simplitec
« Reply #32 on: May 04, 2017, 08:00:03 pm »
Hi Johyn,

Let's try another scanner.

 - Please download Kaspersky Virus Removal Tool and save it on your desktop..
 - Right click on KVRT.exe and select Run as Administrator.
 - Read the EULA, then select Accept.
 - Wait for Kaspersky Virus Removal Tool to initialize.
 - In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
 - Click Start scan.
 - Wait for Kaspersky Virus Removal Tool to complete scanning.
 - When the scan is finished, select Neutralize all for all detected objects.
 - Close Kaspersky Virus Removal Tool when done.

Please then informe me if something is detected.

Regards.

Reply #33May 05, 2017, 11:51:24 am

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Re: Tough simplitec
« Reply #33 on: May 05, 2017, 11:51:24 am »
Yes, one threat detected and eliminated, but simplitecs are still there...

Reply #34May 05, 2017, 03:19:41 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2571
  • Reputation:
    97
    • View Profile
Re: Tough simplitec
« Reply #34 on: May 05, 2017, 03:19:41 pm »
Hi Johyn,

I'm sorry but I'm out of ideas.
I will ask my others security colleagues about this specific malware.
Thanks for your patience and understanding.

Regards.

Reply #35May 05, 2017, 04:02:03 pm

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Re: Tough simplitec
« Reply #35 on: May 05, 2017, 04:02:03 pm »
Thanks for YOUR patience and understandin, cheers!

Reply #36May 11, 2017, 04:43:52 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2571
  • Reputation:
    97
    • View Profile
Re: Tough simplitec
« Reply #36 on: May 11, 2017, 04:43:52 pm »
Hi Johyn,

Sorry for the delay.
These folders may be created by a legitimate software.

Please download SystemLook (x64) and save it to your desktop.
  • Double-click SystemLook_X64.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: [Select]
    :dir
    C:\ProgramData\simplitec /s /md5
    C:\Users\All Users\simplitec /s /md5
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please attach this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Regards.

    Reply #37May 13, 2017, 10:04:34 pm

    Johyn

    • Newbie

    • Offline
    • *

    • 34
    • Reputation:
      0
      • View Profile
    Re: Tough simplitec
    « Reply #37 on: May 13, 2017, 10:04:34 pm »
    Here, but nothin found i'm afraid...

    Reply #38May 14, 2017, 01:03:54 pm

    Curson

    • Global Moderator
    • Hero Member

    • Offline
    • *****

    • 2571
    • Reputation:
      97
      • View Profile
    Re: Tough simplitec
    « Reply #38 on: May 14, 2017, 01:03:54 pm »
    Hi Johyn,

    The simplitec folders are empty, that's why SystemLook didn't find anything.

    The good new is this is nothing malicious, since they don't contain anything.
    The bad new, however, is we still don't know why the are recreated at system startup.

    Would you like to continue the investigation, knowning your computer is not at risk ?

    Regards.

    Reply #39May 14, 2017, 02:09:31 pm

    Johyn

    • Newbie

    • Offline
    • *

    • 34
    • Reputation:
      0
      • View Profile
    Re: Tough simplitec
    « Reply #39 on: May 14, 2017, 02:09:31 pm »
    As I told you, t'was mostly to get it clean, but I could live with it, sure. You surely have a beter use for time, and I should thank you for all that you've done already.
    Many thanks! :)

    Reply #40May 14, 2017, 06:38:09 pm

    Curson

    • Global Moderator
    • Hero Member

    • Offline
    • *****

    • 2571
    • Reputation:
      97
      • View Profile
    Re: Tough simplitec
    « Reply #40 on: May 14, 2017, 06:38:09 pm »
    Hi Johyn,

    You are very welcome. :)
    If I ever find the cause of these folders recreation, I will let you know for sure.

    Regards.