VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojan:BAT/Malgent!MSR

https://forum.viry.cz:443/viewtopic.php?t=158670

Stránka 1 z 1

Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 08:52
od veny
Zdravím
chtěl bych požádat o kontrolu logu po opětovném nalézání škodlivého souboru viz. předmět.
Soubor je detekován ve složce temp a s příponou *.ps1
Pročištěno MalwareBytes a stále se objevuje.
přikládám výpisy s FRST

díky veny

Re: Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 09:24
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 10:43
od veny
log
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-13-2022
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [13/06/2022 11:38:39]
AdwCleaner[S01].txt - [1466 octets] - [13/06/2022 11:39:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Re: Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 12:16
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {69241A97-FBA0-4F1D-AD95-1A9563F8E75C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-20] (Google LLC -> Google LLC)
Task: {8B7C4350-E1A9-485C-A54A-6612D22EA83C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-20] (Google LLC -> Google LLC)
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [406]
C:\Users\CAM\AppData\Local\Temp\00da4d2f-6027-4f58-9149-0e23a1939ff1.ps1

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 12:31
od veny
do txt jsem dal dva jiné soubory které se tam mezi tím objevily
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-06-2022
Ran by CAM (13-06-2022 13:24:13) Run:1
Running from C:\Users\CAM\Desktop
Loaded Profiles: CAM & CAM_2
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {69241A97-FBA0-4F1D-AD95-1A9563F8E75C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-20] (Google LLC -> Google LLC)
Task: {8B7C4350-E1A9-485C-A54A-6612D22EA83C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-20] (Google LLC -> Google LLC)
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [406]
C:\Users\CAM\AppData\Local\Temp\4bea98a0-aac5-4b56-81eb-0d19fa2481c1.ps1
C:\Users\CAM\AppData\Local\Temp\54d0da28-61eb-44e9-b760-ee7f34b1617c.ps1
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69241A97-FBA0-4F1D-AD95-1A9563F8E75C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69241A97-FBA0-4F1D-AD95-1A9563F8E75C}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B7C4350-E1A9-485C-A54A-6612D22EA83C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B7C4350-E1A9-485C-A54A-6612D22EA83C}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully
C:\Users\CAM\AppData\Local\Temp\4bea98a0-aac5-4b56-81eb-0d19fa2481c1.ps1 => moved successfully
C:\Users\CAM\AppData\Local\Temp\54d0da28-61eb-44e9-b760-ee7f34b1617c.ps1 => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12792154 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 5380301 B
Edge => 0 B
Chrome => 87445342 B
Firefox => 0 B
Opera => 625594270 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6682 B
NetworkService => 8508 B
CAM => 9182751 B
CAM_2 => 124655301 B

RecycleBin => 335872 B
EmptyTemp: => 826.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:24:28 ====



EDIT:
zatím to vypadá OK a žádné nové soubory se nevytváří a AV taky zatím klid

Re: Trojan:BAT/Malgent!MSR

Napsal: 13 čer 2022 13:53
od Rudy
Tak to jsem rád! :)

Re: Trojan:BAT/Malgent!MSR

Napsal: 14 čer 2022 05:46
od veny
tak i dnes klid a vypadá to že vyřešeno

Děkuji moc

Re: Trojan:BAT/Malgent!MSR

Napsal: 14 čer 2022 09:20
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz