General Category > Malware removal help
Proxy Virus - need help eliminating
Curson:
Hi themetallikid,
Let's try another way.
Please follow the following process :
1) Download TCPView (CLI version) and save it to your desktop.
2) Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
--- Code: ---"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
--- End code ---
Do not close the command prompt !
2) A new file named netstat.txt should has been created on your desktop. Please attach it with your next reply.
Regards.
themetallikid:
I clicked your link, a program downloaded/installed/ran....to my untrained eyes, it looked like it was scanning ports/processes?? no?
after it finished, I closed/opened (as admin) cmd.exe....again copied/pasted the command you gave using both methods (select link and copy/paste with mouse)...
here is what I get....I dont see a file on the desktop like you suggest....
Microsoft Windows [Version 10.0.18362.267]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.
C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.
C:\WINDOWS\system32>
Curson:
Hi themetallikid,
There seems to be something wrong with your system.
Could you please copy/paste the following command in the admin command prompt ?
--- Code: ---echo %SYSTEMDRIVE% %SYSTEMROOT% %USERPROFILE% > C:\varpath.txt
--- End code ---
This time a file named varpath.txt should have been created at the root of your system drive (C:\).
Please attach it with your next reply.
Yes, TCPView is able to list opened ports / established connections on the local machine. It should help us understand which process is listening on the proxy port detected by RogueKiller.
Regards.
themetallikid:
yes, this worked. YAY!! lol.....
just in case it didnt attach right, here is what is listed
C: C:\WINDOWS C:\Users\theme
Curson:
Hi themetallikid,
This is quite strange.
Could you please copy/paste the following command in the admin command prompt and check if a netstat.txt file is now located on your C:\ drive as well ?
--- Code: ---netstat -abn > C:\netstat.txt
--- End code ---
If that's the case, please attach it with your next reply.
Regards.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version