Solved Backdoor on my pc (Solved)

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
I

Ichigo

PCHF Member
Dec 19, 2022
61
2
25
Hello,

Not long ago I downloaded a program on my computer which was probably a backdoor because it infiltrated my youtube account and posted videos there (which also encouraged downloading a virus, but not the same as the one I downloaded), he also infiltrated my instagram account where he published in story another scam related to elon musk and bitcoins and in the end he stole the $20 that I had on my steam account. So I decided to reset my PC (I haven't done it yet), but I would like to know if the reset should delete ALL my files from both drives or only the windows drive knowing that originally I downloaded the file to my D:/ hard drive (not the windows drive)
I just performed a scan using "FARBAR RECOVERY SCAN TOOL" and here are the results, if anyone can confirm that I do have a backdoor



also, is reseting my pc the best option or there's a different way (it needs to be 100% sure)
Thanks in advance !
 
I did the scan on a french software and posted it on a french website, if you need me to use a different software, let me know.
 
@veeg move to malware area

Attach the autlogger, and Frst and addition.txt I’ll have a look when I get home.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.
  • Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
  • Right click Autologger and run as admin. (Xp user double click)
  • AVZ4 will open and scan your machine, allow this to complete.
  • Upload Collectionlog.zip to your next reply.

OK, I apologize but I need these logs in english please. You can do that for me by renaming FRST

Sorry for the inconvenience.

I'd like to have these logs in English please.
Right Click on FRST64 and rename the FRST file to FRST64english.exe
Please then re-run the scan and post the FRSTand Addition.txt logs.
Make sure and still run the program as Administrator.

Attach them here, I will not visit sites I’m unfamiliar with.

Attach here or at pastebin.com
Then send me the link.

pastebin.com

Pastebin.com - #1 paste tool since 2002!

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com pastebin.com
 
I will be home in a couple hours. To check this over.
 
Alright thank you so much for your help, I will probably be asleep when you will be back which means I will reply tomorrow.
 
Change all passwords to your youtube/social media if you have not done so already from a known clean machine or your phone!
Running from D:\=======> Make sure you save the fixlist to the D: drive, and run it from there, the fixlist and FRST need to be in the same location in order for the fix to work.
Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk
Click to expand...
Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
move.gif
Run HijackThis! as admin! (located in the folder ...Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.

O4 - HKCU\..\StartupApproved\Run: [Firefox Browser] = C:\Firefox\X-Firefox.exe (file missing) (2021/03/31)
O4 - HKCU\..\StartupApproved\Run: [Windscribe] = C:\Program Files (x86)\Windscribe\Windscribe.exe -os_restart (file missing) (2021/03/31)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2021/02/06)
O4 - HKLM\..\StartupApproved\Run32: [NAT Subsystem] = C:\Program Files (x86)\NAT Subsystem\natss.exe (file missing) (2021/02/06)
O22 - Tasks: NAT Subsystem - C:\Users\PCGAME~1\AppData\Local\Temp\Rar$EXb11152.43368\Vape V4 cracked.exe $(Arg0) (file missing)
O22 - Tasks: OneDrive Standalone Update Task-S-1-5-21-13960046-46231223-1468497707-1001 - C:\Users\PCGAMER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Tasks: OneDrive Standalone Update Task-S-1-5-21-13960046-46231223-1468497707-1002 - C:\Users\PCGAMER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Tasks: Opera scheduled Autoupdate 1616069614 - C:\Users\PCGAMER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks: Red Giant Link - C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (file missing)
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.133\elevation_service.exe (file missing)
Click to expand...
Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder ...Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.
1671501413627.png

Hit Run Fix.

The computer will reboot.
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Uninstall with Geek Uninstaller.
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.9.7.2 - Reimage) <==== ATTENTION
 

Attachments

Hello, thanks for your help but I got some questions:
Running from D:\=======> Make sure you save the fixlist to the D: drive, and run it from there, the fixlist and FRST need to be in the same location in order for the fix to work.
Click to expand...
The fixlist and FRST are the only programs that needs to be in D:/ drive?
Do a system scan, then check each item below, make sure and only check the items listed.
Click to expand...
Which items?
 
@Malnutrition doing this is 100% going to remove the backdoor on my computer and we will be able to check whether its still here or not?
Thanks again for the help.
 
Question one.

Preferably Frst should be ran from your desktop, but in order for the fix to work Frst and the fix list need to be in the same location. Best, if you can to place them both on the desktop.

Question two. [which items]

You answered your own question, it’s the items listed in the quote box.

Question three. [what do I do with this]

Download the Clearlnk utility to your desktop. And then drag the check browser text file onto it. As per animation.

And as far as removing the malware on your machine, yes we can be certain that it will be gone 100 percent when we are done here and Will check with a couple tools to make sure.
 
Leave it in the folder or it will not run correctly.

Run the fix with it as instructed.


Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder ...Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.
1671501413627.png


Hit Run Fix.
 
Status
Not open for further replies.
Top Bottom