A virus disguising as RAR

**Malnutrition** · 12-16-2022, 11:57 PM

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.
[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]

**Malnutrition** · 12-17-2022, 12:49 AM

If you have trouble with running AVZ let me know, and we can use other tools.

**Berry_Marchs** · 12-17-2022, 12:50 AM

here it is, apologies for the delayed reply

.exe found in log
[ATTACH type=“full”]11027[/ATTACH]

**Malnutrition** · 12-17-2022, 12:57 AM

Ok, give me a few to look this over.

**Berry_Marchs** · 12-17-2022, 01:36 AM

Alrighty. Sorry for putting this thread on the wrong forum. Newbie here :cry:

**Malnutrition** · 12-17-2022, 01:49 AM

Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk

Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif

Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.
[ATTACH type=“full” alt=“1671241631764.png”]11029[/ATTACH]
Hit Run Fix.

The computer will reboot.

Then collect FRST logs for me and let me know if the issue is still present.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][li]Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.[/li][/ol]

Code:

    [IMG alt="2016-08-12_152002.jpg"]https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797/

Please Attach the contents of these logs in your next post for review by our Security Team

Code:

begin
 ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
 QuarantineFile('c:\programdata\msibooster\windowspaint-ver4.7.0.7.exe','');
 DeleteFile('c:\programdata\msibooster\windowspaint-ver4.7.0.7.exe','32');
 DeleteFileMask('C:\ProgramData\MsiBooster', '*', true);
 DeleteDirectory('C:\ProgramData\MsiBooster');
 CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
 ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.

[/IMG]

**Berry_Marchs** · 12-17-2022, 02:08 AM

Doing it now. Is this ok?

[ATTACH type=“full”]11031[/ATTACH]

**Malnutrition** · 12-17-2022, 02:09 AM

Perfect. This is going to reboot your computer, so save anything your are working on!

**Berry_Marchs** · 12-17-2022, 02:54 AM

[ATTACH type=“full”]11032[/ATTACH]
should i leave it be

**Malnutrition** · 12-17-2022, 03:00 AM

It takes a while, so let it run. Did the main issue disappear?

**Berry_Marchs** · 12-17-2022, 03:10 AM

It did! Wow, you are a life saver! Here are the 2 logs:

**Malnutrition** · 12-17-2022, 03:14 AM

OK, we will clean the remnants of the virus, give me a few to look this over.

**Malnutrition** · 12-17-2022, 03:31 AM

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

**Berry_Marchs** · 12-17-2022, 04:04 AM

scanning now. sorry that i am taking too long
[ATTACH type=“full”]11036[/ATTACH]

A virus disguising as RAR

A virus disguising as RAR

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment