Other > Viruses and worms
Desperately need help
REDACTED:
I have reformatted multiple times and it keeps coming back. I have a 3 hard drives installed, I ran the "clean" command from cmd on 2/3. The one I neglected to run it on was my SSD which I used secure erase+ from my bios. However, I am still worried I have the virus. Once I ran kaspersky disk rescue and some random .jpeg file came up as a virus, was then removed and no long have it. However just before I ran secure erase on my SSD, kaspersky av came up with a .dll file which is identified as a hack tool for damaging computers or something. I tried to install Avast but it says I don't have required permissions to access the .exe to open it after the install, which is only located in programfiles folder so ... I should be able to? I tried to run the avast stand-alone rootkit scanner, and as soon as I try to activate virtualization technology it BSOD's due to a aswMBR.sys file. I have a 7700k intel @4.2ghz so I know I should be able to support it, but it crashes every time I turn it on and the tool BSOD's every time I skip that and just try to simply scan. Says a couple services were locked. I can't remember... I know this thing infected my phone which I had to throw out. I have been dealing with this virus for 5 months.
Pondus:
--- Quote ---AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
--- End quote ---
Why Using Multiple Antivirus Programs is a Bad Idea
https://www.kaspersky.com/blog/multiple-antivirus-programs-bad-idea/2670/
There can be only one ;) https://www.youtube.com/watch?v=sqcLjcSloXs
Uninstalling other antivirus software >> https://support.avast.com/en-eu/article/Uninstall-other-antivirus
Michael (alan1998):
2017-12-12 07:00 - 2017-12-12 07:00 - 004922400 _____ (AO Kaspersky Lab) C:\Users\vvvvvvvvv\Desktop\luuuuuuuuuuerop.exe .... <--- Huh?
Someone will be along shortly I'm sure (Sassdrake or dbrise). In the meantime...
2017-12-12 02:27 - 2017-12-12 03:38 - 000001868 _____ C:\Users\vvvvvvvvv\Desktop\Rkill.txt <--- Find this file, post it
2017-12-12 02:27 - 2017-12-12 02:27 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\vvvvvvvvv\Downloads\rkill.com <--- Stop downloading tools that you don't know how to use
2017-12-12 03:10 - 2017-12-12 03:10 - 007176464 _____ (AVAST Software) C:\Users\vvvvvvvvv\Downloads\avast_free_antivirus_setup_online.exe <--- Downloaded today??
2017-12-12 03:17 - 2017-12-12 03:17 - 000000000 ____D C:\ProgramData\HitmanPro <--- Ditch Hitman Pro
2017-12-12 03:39 - 2017-12-12 03:39 - 004922400 _____ (AO Kaspersky Lab) C:\Users\vvvvvvvvv\Downloads\tdsskiller (1).exe <--- Stop downloading tools that you don't know how to use
2017-12-12 04:08 - 2017-12-12 04:08 - 005659243 _____ (Swearware) C:\Users\vvvvvvvvv\Downloads\ComboFix.exe
ComboFix Warning
Do NOT ever download ComboFix without visiting us, or another UNITE/AMF (MyCity or similar) website.
|Read: https://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/
Platform: Windows 10 Pro Version 1709 16299.98 (X64) Language: English (United States)
--- Quote --- Windows 10, Windows 8.1 and Windows 2000 are NOT supported by ComboFix.
--- End quote ---
--- Quote ---Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections...CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.
Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.
--- End quote ---
Sass Drake:
Uninstall either Avast either Kaspersky. I don't see traces of malware in your logs. Can you make a screenshot of that thing you think is malware?
REDACTED:
That weird file was TDSkiller, someone said to rename it lol...
Just for the record, I never ran combofix cause I heard what you said from some one else. The thing is, every time I re-format I can't find the RAT. But when I join an overwatch custom game server the same group of people will force my computer to shut down then I find one trace of it like a dll file or all my computer permissions change, or my graphics drivers stop working. I'm uninstalling kaspersky to try installing avast seeing how it goes. But I promise you, some how they fuck up my computer whenever they want and leave no traces until then.
I've been getting targeted and harassed for around 5+ months now. Even Blizzard can confirm that they've seen the messages from all these people. They some how manage to keep hacking my computer. I had to throw out my phone too.
This was the last detection I made before a reformat, however, the entire time leading up to the detection I was simply playing Overwatch, then they left the server after I joined, my gpu drivers were shut down and restarted then I performed a scan and found this.
https://threats.kaspersky.com/en/threat/RiskTool.Win64.HackKMS
10.12.2017 08.00.28;Detected object (file) not processed;C:\Windows\Temp\SppExtComObjHook.dll;C:\Windows\Temp\SppExtComObjHook.dll;not-a-virus:RiskTool.Win64.HackKMS.e;Legitimate software that can be used by criminals to damage your computer or personal data;12/10/2017 08:00:28
Navigation
[0] Message Index
[#] Next page
Go to full version