Solved Backdoor on my pc (Solved)
- Thread starter Ichigo
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Rerun rogue killer and delete/quarantine this. If you do not know of this program, if you installed it leave it be.
[PUP.HackTool (Potentially Malicious)] (folder) jjsploit -- C:\Users\PCGAMER\AppData\Local\Programs\jjsploit -> Found
Delete/quarantine, anything else you do not use/recognize.
I do not think wondershare is bad as for the others that’s up to you if you are unsure.
As far as me being sure, yes there is no more malware that I can see. If you would like to make a final check to make absolutely certain, then run a scan with kaspersky virus removal tool.
Make sure to quarantine/delete anything detected!!
This scan may take a while, do not let your computer sleep while the scan runs. This will check all Harddrives on the machine...
Save it to your desktop.
I suggest a full scan with Kaspersky.
Disable Defender .....
Download and run a full scan with the Kaspersky Virus Removal tool.
Accept the terms.
Click Change Parameters.
Select the System drive.
All volumes.
Click OK, start Scan.
Report any detections here.
[PUP.HackTool (Potentially Malicious)] (folder) jjsploit -- C:\Users\PCGAMER\AppData\Local\Programs\jjsploit -> Found
Delete/quarantine, anything else you do not use/recognize.
I do not think wondershare is bad as for the others that’s up to you if you are unsure.
As far as me being sure, yes there is no more malware that I can see. If you would like to make a final check to make absolutely certain, then run a scan with kaspersky virus removal tool.
Make sure to quarantine/delete anything detected!!
This scan may take a while, do not let your computer sleep while the scan runs. This will check all Harddrives on the machine...
Save it to your desktop.
I suggest a full scan with Kaspersky.
Disable Defender .....
Download and run a full scan with the Kaspersky Virus Removal tool.
Accept the terms.
Click Change Parameters.
Select the System drive.
All volumes.
Click OK, start Scan.
Report any detections here.
Press continue. Allow it to process, and reboot when you are sure it’s completed.
Scan again to make certain it is deleted, and you will be good to go.
Scan again to make certain it is deleted, and you will be good to go.
I believe it is just remnants of the back door. Scan again to be safe. Might not hurt to change passwords again from phone, just to be certain. Once you get a clean scan from kaspersky you are good to go.
Please post fresh Frst and addition.txt logs, just so I can go over them one last time. The security check log, you copy and paste it, and the items in red you will need to update. I’ll check the logs tonight.
Security Check Scan.
Security Check Scan.
- Download Security Check to your desktop.
- Right click it run as administrator.
- When the program completes, the tool will automatically open a log file.
- Please Copy and paste that log here in your next post
If you can, post the log from kaspersky, I can’t remember exactly how to grab them, since I am not at my computer. There should be an option in there to grab the logs....
@Malnutrition i only found the kaspersky logs in enc1 format (its kaspersky antivirus log format) and I don't know how to make them txt files
Do I send the enc1 files?
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 21.12.2022 20:34:40
Path starting: C:\Users\PCGAMER\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: PC GAMER
VersionXML: 10.32is-18.12.2022
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: French(040C)
Installation date OS: 07.12.2019 07:00:36
LicenseStatus: Windows(R), Professional edition Volume activation will expire : 233430 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [111.2 Gb] Used: [108 Gb] Free: [3.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 4)
Centre de sécurité (wscsvc) - The service is running
Registre à distance (RemoteRegistry) - The service has stopped
Découverte SSDP (SSDPSRV) - The service is running
Services Bureau à distance (TermService) - The service has stopped
Gestion à distance de Windows (Gestion WSM) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (disabled and up to date)
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Pare-feu Windows Defender (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.18.226 v.4.5.18.226 Warning! Download Update
-------------------------- [ SecurityUtilities ] --------------------------
RogueKiller version 15.6.4.0 v.15.6.4.0
Process Hacker 2.39 (r124) v.2.39.0.124
--------------------------- [ OtherUtilities ] ----------------------------
AMD Software v.19.10.16 Warning! Download Update
PuTTY release 0.74 (64-bit) v.0.74.0.0 Warning! Download Update
Python 2.7.15 (64-bit) v.2.7.15150 Warning! Download Update
Node.js v.16.15.1 Warning! Download Update
NVIDIA GeForce Experience 3.25.1.27 v.3.25.1.27 Warning! Download Update
Microsoft Visual Studio Code (User) v.1.61.0 Warning! Download Update
FileZilla 3.60.1 v.3.60.1 Warning! Download Update
Steam v.2.10.91.91
WinSCP 5.17.8 v.5.17.8 Warning! Download Update
Epic Games Launcher v.1.1.279.0
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.11 (64-bit) v.6.11.0
------------------------------- [ Imaging ] -------------------------------
paint.net v.4.2.13 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
WhatsApp v.2.2123.7 Warning! Download Update
Skype version 8.92 v.8.92
---------------------------- [ ProxyAndVPNs ] -----------------------------
SoftEther VPN Client v.4.34.9745 Warning! Download Update
NordVPN v.6.35.9.0
ProtonVPN v.1.17.5 Warning! Download Update
ExpressVPN v.10.28.0.7
--------------------------------- [ P2P ] ---------------------------------
uTorrent Web v.1.2.8 Warning! Ad-supported P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 333 (64-bit) v.8.0.3330.2 Warning! Download Update
Uninstall old version and install new one (jre-8u351-windows-x64.exe).
-------------------------------- [ Media ] --------------------------------
HandBrake 1.4.2 v.1.4.2 Warning! Download Update
VLC media player v.3.0.17.4 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Brave v.108.1.46.144
Microsoft Edge v.108.0.1462.54
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1386
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1159
C:\Program Files\RogueKiller\RogueKiller64.exe v.15.6.4.0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe v.4.18.2211.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe v.4.18.2211.5
Service antivirus Microsoft Defender (WinDefend) - The service is running
Service d’inspection réseau de l’antivirus Microsoft Defender (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.07 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
IObit Unlocker v.1.1.2.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 21.12.2022 20:34:40
Path starting: C:\Users\PCGAMER\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: PC GAMER
VersionXML: 10.32is-18.12.2022
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: French(040C)
Installation date OS: 07.12.2019 07:00:36
LicenseStatus: Windows(R), Professional edition Volume activation will expire : 233430 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [111.2 Gb] Used: [108 Gb] Free: [3.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 4)
Centre de sécurité (wscsvc) - The service is running
Registre à distance (RemoteRegistry) - The service has stopped
Découverte SSDP (SSDPSRV) - The service is running
Services Bureau à distance (TermService) - The service has stopped
Gestion à distance de Windows (Gestion WSM) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (disabled and up to date)
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Pare-feu Windows Defender (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.18.226 v.4.5.18.226 Warning! Download Update
-------------------------- [ SecurityUtilities ] --------------------------
RogueKiller version 15.6.4.0 v.15.6.4.0
Process Hacker 2.39 (r124) v.2.39.0.124
--------------------------- [ OtherUtilities ] ----------------------------
AMD Software v.19.10.16 Warning! Download Update
PuTTY release 0.74 (64-bit) v.0.74.0.0 Warning! Download Update
Python 2.7.15 (64-bit) v.2.7.15150 Warning! Download Update
Node.js v.16.15.1 Warning! Download Update
NVIDIA GeForce Experience 3.25.1.27 v.3.25.1.27 Warning! Download Update
Microsoft Visual Studio Code (User) v.1.61.0 Warning! Download Update
FileZilla 3.60.1 v.3.60.1 Warning! Download Update
Steam v.2.10.91.91
WinSCP 5.17.8 v.5.17.8 Warning! Download Update
Epic Games Launcher v.1.1.279.0
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.11 (64-bit) v.6.11.0
------------------------------- [ Imaging ] -------------------------------
paint.net v.4.2.13 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
WhatsApp v.2.2123.7 Warning! Download Update
Skype version 8.92 v.8.92
---------------------------- [ ProxyAndVPNs ] -----------------------------
SoftEther VPN Client v.4.34.9745 Warning! Download Update
NordVPN v.6.35.9.0
ProtonVPN v.1.17.5 Warning! Download Update
ExpressVPN v.10.28.0.7
--------------------------------- [ P2P ] ---------------------------------
uTorrent Web v.1.2.8 Warning! Ad-supported P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 333 (64-bit) v.8.0.3330.2 Warning! Download Update
Uninstall old version and install new one (jre-8u351-windows-x64.exe).
-------------------------------- [ Media ] --------------------------------
HandBrake 1.4.2 v.1.4.2 Warning! Download Update
VLC media player v.3.0.17.4 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Brave v.108.1.46.144
Microsoft Edge v.108.0.1462.54
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1386
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1159
C:\Program Files\RogueKiller\RogueKiller64.exe v.15.6.4.0
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe v.4.18.2211.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe v.4.18.2211.5
Service antivirus Microsoft Defender (WinDefend) - The service is running
Service d’inspection réseau de l’antivirus Microsoft Defender (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.07 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
IObit Unlocker v.1.1.2.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
Last edited by a moderator:
Send what you have, I’ll provide further instructions when I get off work.
Also, if you want....
This is up to you, only for your piece of mind there is eset online scanner.
Make sure and disable your antivirus/defender prior to the scan.
Also, if you want....
This is up to you, only for your piece of mind there is eset online scanner.
Make sure and disable your antivirus/defender prior to the scan.
- Download ESET Online Scanner from hereand save it to your Desktop.
- Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
- Click Get started.
- In the Terms of use screen, click Accept if you agree to the Terms of use.
- Click Get started in the welcome screen.
- Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
- Click Computer scan, in the Welcome back screen.
- Choose Full scan on the next screen.
- Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
- When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
- ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue
- You will now be offered a trial version of ESET Internet Security.Click continue
- On the next screen, you can leave feedback about the program if you wish.
- Select Delete application's data on closing, if you are short of disk space or do not wish to retain the program for future use.
- If you left feedback, click Submit and continue. If not, Close without feedback.
- Copy and paste the contents of the ESETScan.txt file in your next reply.
FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
You should move some files to your D: drive, you are running out of space and windows needs 25 percent free space to function correctly.
Drive c: () (Fixed) (Total:111.17 GB) (Free:3.18 GB) (Model: KINGSTON SA400S37120G) NTFS
Use O&O shutup ten with suggested and somewhat suggested settings enabled.
Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.
Uninstall Useless to you windows apps with O&O App buster.
I also suggest to replace adblock with Ublock Origin.
threats.kaspersky.com
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
You should move some files to your D: drive, you are running out of space and windows needs 25 percent free space to function correctly.
Drive c: () (Fixed) (Total:111.17 GB) (Free:3.18 GB) (Model: KINGSTON SA400S37120G) NTFS
Use O&O shutup ten with suggested and somewhat suggested settings enabled.
Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.
Uninstall Useless to you windows apps with O&O App buster.
I also suggest to replace adblock with Ublock Origin.
Kaspersky Threats — BroSubsc
Database of threats and vulnerabilities, containing data about vulnerabilities of software, a list and descriptions of threats
Last edited:
- Status