Rat infection

Ok,thank you.

@puki any update?

Maybe you can help me with Russian language?

I posted there,here is the link :



You may correct me if i written something wrong

I have been following the thread over there, and it seems that the helper is also not finding any malware. Only some redundant files fixed with Hijack this and a few items detected with Malwarebytes. I am unable to view attachments there, could you post the malwarebytes log from the thread over there.

This guy is one of the best out there. Also, a malware teacher at Bleeping computer declared you malware free. I am interested in where this winds up .

Im really infected with malware.
Don’t really know where and how it hides,but i’m not paranoid or something.
I just don’t how to proove it.
Here’s the log :

All good, didn’t say you were paranoid. Just interested in how it turns out. ???

I have been following the other thread, and it seem the helper there has also came to the same conclusion. We can disable anything to do with remote desktop, since we know that there is no other service or process controlling your machine. Plus we can check with rogue killer.

@puki

---

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

---

Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin.

Note: This batch will reboot your machine so close anything you are working on and save it.

[ICODE] @echo off WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BatchRestorePoint", 100, 10 sc stop RasAuto sc stop RasMan sc stop SessionEnv sc stop TermService sc stop UmRdpService sc stop RemoteAccess sc config RasAuto start= disabled sc config RasMan start= disabled sc config SessionEnv start= disabled sc config TermService start= disabled sc config UmRdpService start= disabled sc config RemoteAccess start= disabled pause shutdown -r Exit /B[/ICODE]

This will disable all microsoft related remote services.

Here’s the log and about stopping Microsoft related remote services is useless in this case in my opinion.
Program : RogueKiller Anti-Malware
Version : 15.6.2.0
x64 : Yes
Program Date : Oct 10 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : TeaTang
User is Admin : Yes
Date : 2022/10/26 13:47:21
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 1129
Found items : 1
Total scanned : 49754
Signatures Version : 20221024_084649
Truesight Driver : Yes
Updates Count : 0

************************* Warnings *************************

************************* Updates *************************

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************
************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

Run the batch file, if indeed it’s being controlled, that is the only avenue. Otherwise we would have seen it.

Done

@puki what is the status of your issue?

Thread closed, no malware found on 4 different forums. Good luck with your issue.