• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Backdoor on my pc (Solved)

Status
Not open for further replies.
#63
The fix was just me being thorough, there were remnants of the infection ....

But as I suspected, there is a bit of another piece of malware, that has been detected. I had FRST check it at virus total.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com


We will need to remove it with FRST. It is this file, the last thing I suspected from your logs.

c:\users\pcgamer\appdata\roaming\modestmenu\secretscan.exe

Here is your fixlist. Run this when Eset is done, Eset is a bit aggresive, so it may detect minor things, no need to be alarmed if the detection level is high.
 

Attachments

  • fixlist.txt
    443 bytes · Views: 4
#66
What you already know, they had access to your accounts of social media, possibly your banking information what ever pictures files etc you had on your machine, a fresh format is not going to change that, the malware is gone now. It is up to you to change all your passwords and notify your bank that your computer was infected. From this point on I'd stay away from torrents.
 
#68
If you are asking about the latest detection from VirusTotal. I am not sure it is the last file I thought might be a problem, there is not much information about it. It may well be safe, but if two or more engines detect something, then I remove it. Unless it is known to be safe to the user.
 
#74
Screenshot_133.png

I used to use the clipboard, but now I can't activate it
 
#76
Post the latest fixlog from FRST as well.

Open elevated command prompt and copy and paste each command below, hitting enter after each.

RD /S /Q "%WinDir%\System32\GroupPolicyUsers" && RD /S /Q "%WinDir%\System32\GroupPolicy"
Click to expand...
gpupdate /force
Click to expand...

Download KPRM then save to desktop.
Right click run as admin.
Check mark, restore system settings.
Click the run button.


Then reboot your computer. Check that the issue is gone with the clipboard.
 
#77
Last edited:
#78
If the above does not help, then create and run a batch file.

Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin. It is very important to run the batch file as admin!!

Note: You should allow the n batch file to complete, Once it reboots your machine that is when it is done.


Do not copy the word Code:

Code: 
wmic /Namespace:\\root\default Path SystemRestore Call Enable "%SystemDrive%"
WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BatchRestorePoint", 100, 10
SC config trustedinstaller start=auto
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKCU\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKCU\Software\Policies" /f
reg delete "HKLM\Software\Microsoft\Policies" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKLM\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKLM\Software\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f
gpuрdаte /force      
shutdown -r
Exit /B

If you are unable to copy and paste, I have uploaded the batch file for you. Unzip it to your desktop, right click run as admin. Must be ran from the desktop
 

Attachments

  • clean.zip
    508 bytes · Views: 1
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu