Help!! I Downloaded A Torrent And Installed It And I Think The Program Installed A Lot Of Viruses!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by shadowfury, Jan 10, 2018.

  1. shadowfury

    shadowfury Private E-2

    I'm scared as I'm typing this because I think the person has found its way into my personal settings and a lot of my info. It's modified a lot of my windows settings and probably a lot of other settings, like when I look up stuff now it leads me to bing.com. I'm scared right now because the person probably got my passwords and everything and has a keylog and I'm scared that all my stuff is compromised in my PC!!! It's been a long time but I'ms cared to death. I already tried using malware byets and Micorosft essentials to uninstall these viruses, it's almost been nearly 10 years since I got infected with this insane virus. These random things apepared in my Progrma files and I'm sure a lot of stuff in my windows settings got modified. If anyone can help me fix this this is urgent and I really need help... this person might have compromised a lot of things in my browser.

    I can't even System restore either. This person has messed up my settings when I installed this virus.

    By the way, I installed the virus from some downloading an Alcohol 120% torrent from the new extratorrent site domain from here: https://extratorrent.ag/torrent/6731799/Alcohol+120%+2.0.3.8314+FINAL+++Crack.torrent.html
    This virus is nasty and I don't know what else it messed up a lot of settings in my computer. Any help is greatly appreciated. Please help.

    I should have known to be better not to dl any pirated software.
    https://i.imgur.com/uKwfCEP.jpg

    This is what the virus looks like after removal, I had to go to Safe Mode to delete the other folders in Program Files because it wouldn't let me delete it and delete it from Recycle Bin.

    Now I dled the .torrent file around this time, do you guys suggest that I should remove the ones in C:\Windows ? from the recent date modified files? They look suspicious. I hope you guys can help me
     

    Attached Files:

    shadowfury, Jan 10, 2018
    #1
  2. shadowfury

    shadowfury Private E-2

    Also I don't know why the file attachments aren't displaying its original size
     
    shadowfury, Jan 10, 2018
    #2
  3. shadowfury

    shadowfury Private E-2

    Sorry for panicking, I've managed to remove a lot of viruses from malwarebytes but I haven't begin to start cleaning the other viruses that has been detected from the other programs. I will try to upload the other files with pics with as separate link from imgur website. But let me just attach the logs for now.

    https://i.imgur.com/3jEg82w.png
    https://i.imgur.com/rROUp9S.jpg
    https://i.imgur.com/VZJ82CF.png
    https://i.imgur.com/8ozHuBd.jpg
    https://i.imgur.com/L3kFYXr.jpg
    https://i.imgur.com/osOkLGR.jpg
    https://i.imgur.com/SVaxU6O.jpg
     

    Attached Files:

    Last edited: Jan 11, 2018
    shadowfury, Jan 11, 2018
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I apologize for the late reply. I don't know how you slipped past us.

    Please rerun RogueKiller and remove all of these:
    ¤¤¤ Processes : 3 ¤¤¤
    [Root.Wajam] b18980c4bd5a5626e78efbc17b1d1470.exe(10032) -- C:\Program Files\4caeb9cc5826a10e05ef2a905339ecb4\b18980c4bd5a5626e78efbc17b1d1470.exe[-] -> Found
    [VT.Detected] 6f66d64c4fd95da65d67356a4e822ce8.dll(1844) -- C:\Windows\6f66d64c4fd95da65d67356a4e822ce8.dll[-] -> Found
    [Root.Wajam] (SVC) 4caeb9cc5826a10e05ef2a905339ecb4 -- "C:\Program Files\4caeb9cc5826a10e05ef2a905339ecb4\b18980c4bd5a5626e78efbc17b1d1470.exe"[-] -> Found

    ¤¤¤ Registry : 20 ¤¤¤
    [Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4caeb9cc5826a10e05ef2a905339ecb4 ("C:\Program Files\4caeb9cc5826a10e05ef2a905339ecb4\b18980c4bd5a5626e78efbc17b1d1470.exe") -> Found
    [Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\de01df5e6783271f4fb8a78911cddbe1 (\??\C:\Windows\system32\drivers\de01df5e6783271f4fb8a78911cddbe1.sys) -> Found
    [Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\de01df5e6783271f4fb8a78911cddbe1 (\??\C:\Windows\system32\drivers\de01df5e6783271f4fb8a78911cddbe1.sys) -> Found

    ¤¤¤ Files : 18 ¤¤¤
    [Hj.Shortcut][File] C:\2-click run\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe http://free-apps.friendsinwar.com/viewpage.php?page_id=2 -> Found
    [Hj.Shortcut][File] C:\2-click run\Internet Explorer.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://free-apps.friendsinwar.com/viewpage.php?page_id=2 -> Found
    [Hj.Shortcut][File] C:\2-click run\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\MOZILL~1\firefox.exe http://free-apps.friendsinwar.com/viewpage.php?page_id=2 -> Found
    [Adw.Shopperz][Folder] C:\ProgramData\YTD Video Downloader -> Found
    [PUP.Gen1][File] C:\Users\Public\Desktop\YTD Video Downloader.lnk [LNK@] C:\PROGRA~2\GREENT~1\YTDVID~1\ytd.exe -> Found
    [Root.Wajam][File] C:\Windows\System32\drivers\de01df5e6783271f4fb8a78911cddbe1.sys -> Found
    [PUP.OnlineIO|PUP.Gen1][Folder] C:\Users\Andrew\AppData\Roaming\AGData -> Found
    [PUP.Gen1][Folder] C:\Users\Andrew\AppData\Roaming\Imminent -> Found
    [Adw.AdService][Folder] C:\Users\Andrew\AppData\Local\AdService -> Found
    [PUP.MalwareProtection|PUP.Gen1][Folder] C:\Users\Andrew\AppData\Local\MalwareProtectionLive -> Found
    [Adw.Shopperz][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader -> Found
    [Adw.Shopperz][Folder] C:\ProgramData\YTD Video Downloader -> Found
    [Root.Wajam][Folder] C:\Program Files\4caeb9cc5826a10e05ef2a905339ecb4 -> Found
    [PUP.Gen1][Folder] C:\Program Files (x86)\GreenTree Applications -> Found
    [PUP.Gen1][File] C:\Users\Public\Desktop\YTD Video Downloader.lnk [LNK@] C:\PROGRA~2\GREENT~1\YTDVID~1\ytd.exe -> Found
    [PUP.Gen3][File] C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\du37wwjk.default\searchplugins\conduit.xml -> Found
    [PUP.Gen3][File] C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\du37wwjk.default\searchplugins\yahoo_ff.xml -> Found
    [PUP.Gen3][File] C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\jg7ofy2j.default\searchplugins\yahoo_ff.xml -> Found

    ¤¤¤ Web browsers : 4 ¤¤¤
    [PUP.Gen2][Firefox:Addon] du37wwjk.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
    [PUP.Gen2][Firefox:Addon] du37wwjk.default : Winamp Toolbar [{0b38152b-1b20-484d-a11f-5e04a9b0661f}] -> Found


    Then rerun Hitman and remove everything listed under Malware.

    Reboot and rerun Hitman, RogueKiller, MBAM and also please attach the log from running ADWCleaner.
     
    TimW, Jan 17, 2018
    #4
  5. shadowfury

    shadowfury Private E-2

    Do you want me to remove '[PUP.Gen1][File] C:\Users\Public\Desktop\YTD Video Downloader.lnk [LNK@] C:\PROGRA~2\GREENT~1\YTDVID~1\ytd.exe -> Found"? I use YTD downloader for ownloading Youtube videos and so far for years now it hasn't done anything to my computer, I'm sure that the progrma is safe and isn't malware or has spyware, virus, etc. should I leave YTD?
     
    shadowfury, Jan 17, 2018
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That's fine....leave it. Then carry on.
     
    TimW, Jan 17, 2018
    #6
  7. shadowfury

    shadowfury Private E-2

    Hello all. I want to thank TimW here in helping me in removing and cleaning my PC from all the malware that has almost made my life a nightmare dealing with when I got infected from installing a .exe torrent file from p2w back in January 2018. Right now I'm just making a follow-up if anyone can look into helping me to find out if there are any more issues persisting. Lately I've noticed that there might be something corrupted in my windows directory or registry, and I think there might still be some rootkit or really deadly malware lurking in my system.
    So I want to make sure again but what should I run again to make sure there is no more malware hiding in my PC.
    I also found this interesting procedure lately from google searching some things , and I did this in cmd to find out if it will fix any problem:
    Is doing this okay?
    https://i.imgur.com/dW3LFOZ.png
    As a result it actually did fix some issues which may have been a problem from the virus that I received in January-2018.
    Then after running it again, it told me there are no problems: https://i.imgur.com/371uZe7.png Should this have fixed some problems some of the malware have changed in my system?

    And I'm also wondering if these randoms services in my task manager is normal for windows 7 to stop these services for me. Are any of these service affiliated with malware?
    https://i.imgur.com/qcan8iS.png

    But if anyone can look into my problem again and see if there is still some malware such as rootkits hiding itself in my system, please tell me what steps to do again.
    Let me know if those pictures I provided is okay and if it's normal for those other programs under services in task manager to be "stopped" in status.
     
    shadowfury, May 10, 2018
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You neglected to follow up on the last fix.
     
    TimW, May 10, 2018
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds