1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

We Got Scammed And Conned

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by luciano991, Aug 11, 2017 at 3:09 PM.

  1. luciano991

    luciano991 Private E-2

    Hello,

    Well the screen came up and a number was called and then someone was remoting into the machine, software got installed, money changed hands.

    We have followed the procedures as best we can.

    The computer seems to be running OK but lots of junk from this unfortunate encounter still remain. Hopefully the logs will tell you what I need to do next.

    Thanks,

    Luciano
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you paid by credit card.....cancel the transaction!! Report it as fraud.

    I am not finding any issues in your logs except the following:

    ReRun RogueKiller and remove these items:

    ¤¤¤ Files : 4 ¤¤¤
    [PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\KMSELDI.exe -> Found
    [PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Found
    [PUP.HackTool][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Found
    [PUP.HackTool][Folder] C:\Program Files\KMSpico -> Found

    Reboot and rescan with RogueKiller and attach the new log.
     
  3. Linda.shift

    Linda.shift Private E-2

    Is there a manual way of detecting malware and getting them removed?
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That's what we are doing.
     
  5. luciano991

    luciano991 Private E-2

    Thanks. Here's the log.

    luciano
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good. I am not finding any more suspicious items in your logs.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
  7. luciano991

    luciano991 Private E-2

    Thanks very much.

    All the best,

    Luciano
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're welcome. Safe surfing.
     

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds