Possibly infected with highly crypted rat/keylog

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by martiners, Jun 23, 2015.

  1. martiners

    martiners Private E-2

    Hey. i was browsing on internet and wanted to get free voice changer software and it had alot of good feedback and 40k views so i wen't and found one and it felt kinda too good to be true so i did scan it at virustotal and it got zero detects and but somehow didn't follow my gut feeling and did install it and later were recieving alot of net errors with reason and couldn't close at that point i felt im infected with possibly encrypted virus. Things to note
    -cant register on malware removal forum
    -cant enter virustotal site from any browser
    -cant do system restore tried to 2 times
    - havent done scan with avg nor malwarebytes yet since its encrypted it might not show up but currently scan is in progress
    - wierd things looks like hidden IP adresses on cmd using netstat - ano


    things to note
    -i have few rats which im testing on my own computer and made stubs from there so there might be few false positives


    When i got infected? Around 2 hours ago.


    I have logs of Farbar security tools
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    It does not look like you any encryption type problems.

    You cannot get to VirusTotal because someone added a local loopback into your hosts file. We will try to fix this below.

    Did you knowingly install PrivDog and do you really want this adware on your PC?


    Download this >>



    Save fixlist.txt on your Desktop. Make sure you save it as a txt file.
    • You should now have both fixlist.txt and FRST64.exe on your Desktop.
    • Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
    • Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
    • Click the Fix button just once and wait.
    • Your computer should reboot after the fix runs.
    • Reconnect your internet connection after reboot so you can come back here to continue.
    • The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)
    What problems are you now currently having?
     

    Attached Files:

  3. martiners

    martiners Private E-2

    By the way over night there was scan in process with malwarebytes, and malwarebytes anti rootkit and currently AVG one atm but don't think it show too much.
    It did mention hosts file being infected and could right after scan enter site virustotal. Was this malware?

    Ok. PrivDog os AVG part and i might have installed it myself i don't really remember.
     

    Attached Files:

    Last edited: Jun 24, 2015
  4. martiners

    martiners Private E-2

    After fixlist
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  6. martiners

    martiners Private E-2

    Next day i turned on my computer and my whole desktop was changed to default settings and also few files dissapered which were pictures of some girls i had and specifly does files were gone then i did system restore and everything back to when it was day before. So i'm pretty sure i have very well hidden rat and somebody didn't like my files i had so he deleted them or hidded them. I download comodo firewall for extra security but i still feel it doesn't protect me. Bassicly files from downloads folder and documents folder were gone/hidden. Im currently abit paranoid and i dont seem to have any accounts stolen yet
     
  7. martiners

    martiners Private E-2

    Few things Another case of me creating an account and later my account gets dissapeared or something and it says my account is already registered but it doesn't exist anymore..
    Another thing.
    Today turned on my computer and have my whole desktop changed and made to default and files from documents were gone and files from downloads and they looked like specific files. Then did system restore a day back and it fixed the problem.
    - downloaded comod firewall too
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I have provided you with instructions to follow in my last message. You need to complete those instructions in order for me to assist you further.

    Note: If you did a system restore aftrer running the fix with FRST then you may have basically negated the fix.
     
  9. martiners

    martiners Private E-2

    I'm reformating my computer. Goodbye. Tnx for help anyway
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Thanks for letting me know.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds