Solved Backdoor on my pc (Solved)
- Thread starter Ichigo
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
The fix was just me being thorough, there were remnants of the infection ....
But as I suspected, there is a bit of another piece of malware, that has been detected. I had FRST check it at virus total.
We will need to remove it with FRST. It is this file, the last thing I suspected from your logs.
c:\users\pcgamer\appdata\roaming\modestmenu\secretscan.exe
Here is your fixlist. Run this when Eset is done, Eset is a bit aggresive, so it may detect minor things, no need to be alarmed if the detection level is high.
But as I suspected, there is a bit of another piece of malware, that has been detected. I had FRST check it at virus total.
We will need to remove it with FRST. It is this file, the last thing I suspected from your logs.
c:\users\pcgamer\appdata\roaming\modestmenu\secretscan.exe
Here is your fixlist. Run this when Eset is done, Eset is a bit aggresive, so it may detect minor things, no need to be alarmed if the detection level is high.
What you already know, they had access to your accounts of social media, possibly your banking information what ever pictures files etc you had on your machine, a fresh format is not going to change that, the malware is gone now. It is up to you to change all your passwords and notify your bank that your computer was infected. From this point on I'd stay away from torrents.
If you are asking about the latest detection from VirusTotal. I am not sure it is the last file I thought might be a problem, there is not much information about it. It may well be safe, but if two or more engines detect something, then I remove it. Unless it is known to be safe to the user.
I don't have any question if you are 100% sure the backdoor isnt on my computer anymore, thank you so much for the help! Have a good day.
Post the latest fixlog from FRST as well.
Open elevated command prompt and copy and paste each command below, hitting enter after each.
Download KPRM then save to desktop.
Right click run as admin.
Check mark, restore system settings.
Click the run button.
Then reboot your computer. Check that the issue is gone with the clipboard.
Open elevated command prompt and copy and paste each command below, hitting enter after each.
Download KPRM then save to desktop.
Right click run as admin.
Check mark, restore system settings.
Click the run button.
Then reboot your computer. Check that the issue is gone with the clipboard.
May need to use these commands and do them one at a time hitting enter after each. Then reboot the computer after.
Last edited:
If the above does not help, then create and run a batch file.
Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin. It is very important to run the batch file as admin!!
Note: You should allow the n batch file to complete, Once it reboots your machine that is when it is done.
Do not copy the word Code:
If you are unable to copy and paste, I have uploaded the batch file for you. Unzip it to your desktop, right click run as admin. Must be ran from the desktop
Open a notepad and copy the content of the code box below, paste into open notepad and save it to your desktop as clean.bat then right click on clean.bat and run as admin. It is very important to run the batch file as admin!!
Note: You should allow the n batch file to complete, Once it reboots your machine that is when it is done.
Do not copy the word Code:
Code:
wmic /Namespace:\\root\default Path SystemRestore Call Enable "%SystemDrive%"
WMIC /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "BatchRestorePoint", 100, 10
SC config trustedinstaller start=auto
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKCU\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKCU\Software\Policies" /f
reg delete "HKLM\Software\Microsoft\Policies" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies" /f
reg delete "HKLM\Software\Microsoft\WindowsSelfHost" /f
reg delete "HKLM\Software\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Policies" /f
reg delete "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies" /f
gpuрdаte /force
shutdown -r
Exit /BIf you are unable to copy and paste, I have uploaded the batch file for you. Unzip it to your desktop, right click run as admin. Must be ran from the desktop
- Status