-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Rat infection
- Thread starter puki
- Start date
- Status
I think the hacker is back ....Someone is controlling my pc :
-closing apps
-hide tray icons
-change my passwords
-delete files
-my internet is so slow at moments (i never shared my Wifi password with anyone)
Also i have already tried to reset the router to default settings. (i'm sure i don't have malware in the router).
I also tryed to flash my BIOS (without success of course).
And have have checked my HDD firmware for viruses(none there).
I even paid for virus removal and when back at home the virus just wasn't removed.
I have read a lot about those viruses,but don't know how it's remain.
What information maybe useful for you?
I will post fresh FRST log in the next post.
Everything is described above just happen again and again.
What new connection did you allow? I have tested that glasswire with live malware samples and if there is a connection attempt it has detected it 100 percent of the time.
Also, install and run CatchPulse it can be run along side defender and glasswire. If you have anything else installed besides defender and Glasswire remove it then reboot and install.
Upload fresh FRST and Addition.txt logs, I will have one last look, as I am not seeing any malware on your machine.
Also, install and run CatchPulse it can be run along side defender and glasswire. If you have anything else installed besides defender and Glasswire remove it then reboot and install.
Upload fresh FRST and Addition.txt logs, I will have one last look, as I am not seeing any malware on your machine.
Last edited:
I don't allowed any connection from Glasswire.
I installed an trial version on CatchPulse and i don't have any antivirus software except Windows defender.
And i think there's no point to post logs from FRST.
It's no problem for me,but i don't want to waste your time.
By the way for first time i'm facing virus,who is not detectable by the antivirus software and even remain after Windows re-installation.
I installed an trial version on CatchPulse and i don't have any antivirus software except Windows defender.
And i think there's no point to post logs from FRST.
It's no problem for me,but i don't want to waste your time.
By the way for first time i'm facing virus,who is not detectable by the antivirus software and even remain after Windows re-installation.
I have seen a couple of your other threads in other malware removal forums, and they also came to the same conclusion I did. All of your files are digitally signed by their perspective companies, you have a firewall that will tell you if there is an outside connection...
There is no malware on your machine only way it could be there is if you copy of windows was torrented and they had a built in backdoor....
Several malware helpers including myself have declared you malware free. There is nothing more that I can do.
I can direct you to another forum, but you must use translation software to post there.
forum.kasperskyclub.ru
www.safezone.cc
Post a link to that thread here, as I am interested whether they are able to find anything wrong with your machine.
There is no malware on your machine only way it could be there is if you copy of windows was torrented and they had a built in backdoor....
Several malware helpers including myself have declared you malware free. There is nothing more that I can do.
I can direct you to another forum, but you must use translation software to post there.
Порядок оформления запроса о помощи
В А Ж Н О ! Ознакомьтесь внимательно с нижеизложенной инструкцией и выполните все её пункты. 1. Проведите проверку ПК, воспользовавшись одним из следующих продуктов: Kaspersky Virus Removal Tool; Dr.Web CureIt!. 2. Скачайте актуальную версию автоматического сборщика логов, необходимого для анализ...
forum.kasperskyclub.ru
Правила оформления запроса о помощи
FAQ Как оформить запрос о помощи в разделе лечения? Внимание! Инструкции, подготовленные нашими специалистами, пишутся (составляются) индивидуально для каждого пользователя. Не производите самостоятельного лечения на основании инструкций, которые подготовлены для другого пользователя, так как...
Post a link to that thread here, as I am interested whether they are able to find anything wrong with your machine.
Add a Google Translation Bar to Your Favorite Browser
Does the idea of a “click on – click off” translation bar sound useful? Then you will definitely want to take a look at the Google Translation Bar Bookmarklet.
www.howtogeek.com
I posted there,here is the link :
forum.kasperskyclub.ru
You may correct me if i written something wrong
Заражение Rat
Здравствуйте, мой компьютер заражен rat(remote access trojan). Который выживает после переустановки операционной системы. Я думаю, что вирус активен перед загрузкой Windows. Симптомы: -закрытие процессов - скрыть иконки в трее - смена паролей -установка программ, даже не заметив -медленный интерн...
forum.kasperskyclub.ru
You may correct me if i written something wrong
I have been following the thread over there, and it seems that the helper is also not finding any malware. Only some redundant files fixed with Hijack this and a few items detected with Malwarebytes. I am unable to view attachments there, could you post the malwarebytes log from the thread over there.
This guy is one of the best out there. Also, a malware teacher at Bleeping computer declared you malware free. I am interested in where this winds up .
This guy is one of the best out there. Also, a malware teacher at Bleeping computer declared you malware free. I am interested in where this winds up .
I have been following the other thread, and it seem the helper there has also came to the same conclusion. We can disable anything to do with remote desktop, since we know that there is no other service or process controlling your machine. Plus we can check with rogue killer.
@puki
Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.
Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin.
Note: This batch will reboot your machine so close anything you are working on and save it.
This will disable all microsoft related remote services.
www.ryadel.com
@puki
Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.
Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin.
Note: This batch will reboot your machine so close anything you are working on and save it.
Code:
@echo off
WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BatchRestorePoint", 100, 10
sc stop RasAuto
sc stop RasMan
sc stop SessionEnv
sc stop TermService
sc stop UmRdpService
sc stop RemoteAccess
sc config RasAuto start= disabled
sc config RasMan start= disabled
sc config SessionEnv start= disabled
sc config TermService start= disabled
sc config UmRdpService start= disabled
sc config RemoteAccess start= disabled
pause
shutdown -r
Exit /BThis will disable all microsoft related remote services.
Windows Services complete list with Short Name and Display Name
Here's a comprehensive list of most - if not all - Windows Service available nowadays on the major Windows operating systems - Windows 10, Windows Server 2016
www.ryadel.com
Run the batch file, if indeed it’s being controlled, that is the only avenue. Otherwise we would have seen it.
- Status