Author Topic: I was dumb - got a virus  (Read 491 times)

0 Members and 1 Guest are viewing this topic.

July 29, 2020, 11:22:11 pm

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
I was dumb - got a virus
« on: July 29, 2020, 11:22:11 pm »
Last week I downloaded a program and ran it. It turned out to be a set of viruses. I went to MajorGeeks, downloaded RogueKiller et al, and RogueKiller found everything and got rid of it. I then rebooted and ran RogueKiller a second time. It found the virus again and killed them. Repeat a couple more times. So then I looked at MSCONFIG - nothing there. Then I used FileLocator and found one of the virus programs had a link (ScrSnap.lnk). I removed the files and folders in the temp/ directory. Rebooted. Ran RK. Found and removed viruses again. So, on a hunch, I ran MiniTools and found a 16MB partition on my hard drive. I ran DiskManager and - it did not see it. I tried to look at the partition but could not get to it. It was hidden and locked. So then I used MiniTool to reformat it and delete it. Currently I am running RK again to see if now the viruses show up. My main reason for posting is that this is the first time I have seen a virus create its own partition and just wanted you to know about this. If the viruses show up again I'll post about it.

Reply #1July 30, 2020, 07:24:06 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #1 on: July 30, 2020, 07:24:06 pm »
Hi markem,

Just to be sure, we will be doing a full system investigation.

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here using the "Attachments and other options > Attach" feature.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Reply #2July 31, 2020, 02:04:50 am

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #2 on: July 31, 2020, 02:04:50 am »
I have Avira running, have run HitManPro and RogueKiller again. I have no idea what may show up. One thing I do know now is - My Wndows 7 Pro now says I need to put in the activation key again. Ugh. :-(

Reply #3July 31, 2020, 02:24:44 am

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #3 on: July 31, 2020, 02:24:44 am »
Here are the files. :-)

Reply #4July 31, 2020, 04:28:05 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #4 on: July 31, 2020, 04:28:05 am »
Hi markem,

Your system is damaged.
Please make a backup of your personal data before proceeding any further.

Uninstall the following programs if you haven't installed them :
Quote
Advanced Port Scanner
FileZilla Server
Free ZIP Password Recovery
TightVNC
kernrate

Download and run kavremover to remove some residual drivers from Kaspersky.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Is your computer new (less than four months old) ?
Regards.

Reply #5July 31, 2020, 06:34:50 am

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #5 on: July 31, 2020, 06:34:50 am »
Ok. All of those I installed myself except  the last one. But - I will uninstall all of them for this. I'll let you know how it goes here in a bit (or maybe tomorrow since it is almost midnight here). By the way - I use Revo to do the uninstalls because it does get rid of registry entries and files which might have been left behind.

Question: Avira is still running. It is scanning all of the disk drives. Should I stop it? Or wait for it to complete? Waiting could take a week or more. I'm thinking "Stop it" - but want to be sure. Thanks ahead of time.

To tell you more - I have several computers and use TightVNC to talk to them and FileZilla to move files around. Since my computer got infected I have NOT used either to do anything. I will be changing the password to the router here in a few moments. Already changed bank's info, Paypal, eBay, Amazon, and several other accounts. I'm writing a PHP script to scan all drives to ensure nothing has been installed and then I'll be writing one to send me to all 500 some odd websites to change the passwords on those as well. (Viruses are always a pain in the rear.)
« Last Edit: July 31, 2020, 06:57:52 am by markem »

Reply #6July 31, 2020, 08:16:46 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #6 on: July 31, 2020, 08:16:46 pm »
Hi markem,

These software could have been installed by the attacker. If you are the one you did, you don't have to uninstall them.
Regarding your question about Avira, stop it. You can run it later again to be sure to get rid of all the leftovers.

It's a good thing you changed your passwords.
Could you please attach the fixlog.log file with your next reply ?

Regards.

Reply #7August 04, 2020, 03:07:09 am

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
System mucked
« Reply #7 on: August 04, 2020, 03:07:09 am »
Here is the output. After days of trying to back up my information I finally gave up. The virus has unactivated my system, deleted my AlcoholSoft 120% license, and several other licenses. I'm going to have to try to back everything up as best I can and wipe the hard drive, install Linux, install Oracle's Virtual Box, and run Windows software from there. Thanks for your help. Here is the log. I'll wait for your reply.

Reply #8August 04, 2020, 07:28:40 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #8 on: August 04, 2020, 07:28:40 pm »
Hi markem,

OK, I understand.
Good luck with your system reinstallation.

Regards.

Reply #9August 04, 2020, 09:50:23 pm

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #9 on: August 04, 2020, 09:50:23 pm »
Thanks and thanks for your help. System is really acting weird right now. :-/

Reply #10August 05, 2020, 03:43:29 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #10 on: August 05, 2020, 03:43:29 am »
Hi markem,

You are welcome.
Sorry I was not able to help you further.

Regards.

Reply #11August 05, 2020, 07:43:33 pm

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #11 on: August 05, 2020, 07:43:33 pm »
Let me  add a new twist to this problem. The virus has some kind of a part to it that kills USB devices. Ugh. Now on my laptop. Going to run the program again and upload the text file.

Running Avira PC Cleaner and ClamWin. Avira has found 6 viruses so far.
« Last Edit: August 05, 2020, 07:47:35 pm by markem »

Reply #12August 05, 2020, 08:06:04 pm

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #12 on: August 05, 2020, 08:06:04 pm »
Here are the laptop's files.

Reply #13August 05, 2020, 08:24:15 pm

markem

  • Newbie

  • Offline
  • *

  • 15
  • Reputation:
    0
    • View Profile
Re: I was dumb - got a virus
« Reply #13 on: August 05, 2020, 08:24:15 pm »
Found the problem with USB. Uploading info. need to know how to fix if possible. It is beiginning to muck with laptop;s keypad.

Reply #14August 06, 2020, 12:11:31 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: I was dumb - got a virus
« Reply #14 on: August 06, 2020, 12:11:31 am »
Hi markem,

If you do a full system reinstall, all these problems will be gone.
Regards.