After-infection Advise - Untraceable Keyloggers And Backdoors

Short Version

----------------------------------------------------------------------------------------------------------------------------------------

Hello, MajorGeeks community

As I wrote a gigantic post that probably prevents reading, this is the short version:



I have Windows 10 Pro, and my PC have been infected by malware via installation of software. I applied a large number of measures to clean the infection (see below).



Now my PC demonstrates no more visible traces of the infection and behaves normally, so my questions is if you (who might read) think that I may now resume usage of the PC or should still worry, as I heard multiple threats can go on untraceable through all means of scanning, like keyloggers and binnary backdoors.

Best regards to all,

----------------------------------------------------------------------------------------------------------------------------------------

Hello, MajorGeeks community



As this is my first post, and I couldn't find a more fit category for this kind of question, I hope this is not the wrong place for doing so, and if it is not, I thank in advance for advise on where I could be posting this kind of questio, if it is, indeed, permitted.

I'm using Windows 10 Pro (maybe that's where the issue starts) OS on my desktop PC. I was installing software and fell to the old "next-next-next" trap and ended up getting infected by malware.



*** In my defense, there were check boxes for installing the contamined software, and I unchecked them. It even went on prompting "yes or no" box stating that it would "compromise the system" if I would not install that software (yeah, sure). However, the boxes weren't uncheked after the prompt box, and I just assumed it was some kind of lag on the installer. Bummer...



When the anti-virus (I use Avast Premier) started warning, I looked for solutions, and these are the measures I took:



* Ran Avast Boot-time scan and prompted for every found issue to be sent to quarentine, and after logging in, ran another complete system scan;



*Ran Malwarebytes and Spybot - Search & Destroy scans and corrected all issues found, sending everything I could to quarentines, and when unable to, deleting the malignant files;



*Ran Kaspersky TDSSKiller and RKill;



* Verified manually the Running Processes, Registry, Hosts file, Services, Group Policies and Installed Programs and removes or deactivated or stopped anything suspicious (almost anything that had unknown sources and left only those with sources that I was ABSOLUTE certain of safe procedence and existence);



*Used CCleaner to deactivate any process that started with the system that seemed suspicious (same criteria as above);



*Did this all on normal mode (not safe mode);



*Verified manually all my browsers and corrected all settings and homepages and I even wanted to remove any suspicious add-ons and extensions, but there weren't any. (Obs.: Edge can't open any web page, but it already couldn't previously to the infection, and I cannot find why, even though no proxy are set).



*Ran again all scans I could.



Well, manually verifying, I couldn't find any more traces of the infection, and the PC is not behaving anormally (except for an exceptionally long time to boot up and shut down, but normal performance after logging in).



Of course, even running all scanners in the world, I know a PC may never be really safe, and there are always something nasty that can stay there hidden.



I think I tried anything the average user could (but I would gladly accept any more sugestions for more measures I could take to assure safety).



I read about decade lasting backdoors and absolutely untraceable keyloggers and was really worried about it, although I suspect this may be exageratting, like some "searched for flu symptoms on internet and found out I have cancer" sort of effect.



I just want some advice about, after all this measures and now finding nothing traceable about the infection, being able to assume that I can resume normal usage of the PC (of course critical websites, like online banking, will be done inside Avast SafeZone, that doesn't even allow me print files because it generates temporary files), or should I still be scared.



I really, really don't want to reinstall the OS or format the PC, as I have more than 600GB of data, and most of it is software, which would had to be installed all again...



With this ammount of data, I couldn't search for corrupting or locking ransomware, as it would require trying to open every single app and document, and that's a lot...



I thank you very, very much for your attention if you read until here and thank even more if you could advice if I'm safe or sould do something else.



Best regards to you all.

 

Dear admins,

I'm sorry that I didn't pay attention to the "Run first" thread required for posting assistance requests.

As my system is no longer infected, I didn't though it would be required, but as it is a standard procedure, I will do so. I'm currently working at a different PC, so I will post the logs later today.

Thank you very much for support and understanding.

Best regards,
Lucas Almeida

 

Hello, Kestrel13 and MajorGeeks

Follows attached the logs.


*Some of the logs are in portuguese because that is my system language, but as you are all used to these logs, it may be easy to indentify what is what, I guess. I can translate them if needed.
*It was advised to ignore everything on HitPro, but it did a lot of automatic things on scanning process, like updating things to the cloud. On the results screen, I ignored everything.
*MGTools said getlogs doesn't support my OS.

P.S.: In any way I would want to insult you guys, as I'm requiring help from you, and so, I admire your work. I just want to be cautious when asking to keep any information found on these logs private, and used only for request-related purposes, an not disclosed in any other way. But I'm sure that is your policy already .

 

Hello, Kestrel13

Thanks for your instant reply. Follows attached the logs.

Best regards.

 

Good morning, Kestrel13 (it is morning here)

I'm very sorry about this, as you've been working on the logs I sent to help solve the problem, but I won't keep you any longer on them.

In the end I got scared because the browsers started to reset to default configs everytime I closed and then opened them, and then I had to input passwords again in websites that requested them, and I though it was becoming dangerous to input passwords all the time, as they could be being stolen somehow.

I got scared and formatted the drive. Most of my software were on another hard drive, and I have an external drive too, so I lost mostly application that were essential to the system that I installed on the system drive (like Office). I didn't want to format because it will be hard to find the covers with the serials again, but now I'm gonna have to...

However, I'm still suspicious about the infection getting passed to the other drives as well, in which case if you would like to advise new procedures to assure their safety, and this time I would not take measures for myself again until we've finished, promise.

Sorry again for going over the help you was providing. I didn't want to act with disregard towards it, just thought I should act fast before something critical happen.

Best regards,

 

I also want to add that if any measure against my account should be taken in view of this or refrain for future assistance, it would be fair and I would accept it without reply.

 

Kestrel13,

If they can be useful in some way to advise in other users' system infections, and I hope they can, there's no need to delete. Otherewise, I guess there's no longer much use for them as I formatted the drive which contained the files listend in them, so yes, thank you.

Best regards,