Proxy Virus - need help eliminating - page 2 - Malware removal help

General Category > Malware removal help

Proxy Virus - need help eliminating

<< < (2/8) > >>

Curson:
Hi themetallikid,

Let's try another way.
Please follow the following process :

1) Download TCPView (CLI version) and save it to your desktop.
2) Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :

--- Code: ---"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
--- End code ---
Do not close the command prompt !
2) A new file named netstat.txt should has been created on your desktop. Please attach it with your next reply.

Regards.

themetallikid:
I clicked your link, a program downloaded/installed/ran....to my untrained eyes, it looked like it was scanning ports/processes?? no?

after it finished, I closed/opened (as admin) cmd.exe....again copied/pasted the command you gave using both methods (select link and copy/paste with mouse)...

here is what I get....I dont see a file on the desktop like you suggest....

Microsoft Windows [Version 10.0.18362.267]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>"%USERPROFILE%\Desktop\tcpvcon.exe" -a > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>

Curson:
Hi themetallikid,

There seems to be something wrong with your system.
Could you please copy/paste the following command in the admin command prompt ?

--- Code: ---echo %SYSTEMDRIVE% %SYSTEMROOT% %USERPROFILE% > C:\varpath.txt
--- End code ---

This time a file named varpath.txt should have been created at the root of your system drive (C:\).
Please attach it with your next reply.

Yes, TCPView is able to list opened ports / established connections on the local machine. It should help us understand which process is listening on the proxy port detected by RogueKiller.

Regards.

themetallikid:
yes, this worked. YAY!! lol.....

just in case it didnt attach right, here is what is listed

C: C:\WINDOWS C:\Users\theme

Curson:
Hi themetallikid,

This is quite strange.
Could you please copy/paste the following command in the admin command prompt and check if a netstat.txt file is now located on your C:\ drive as well ?

--- Code: ---netstat -abn > C:\netstat.txt
--- End code ---

If that's the case, please attach it with your next reply.

Regards.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version