Ive Been Hacked - Xtolgck.exe

Discussion in 'Malware Help (A Specialist Will Reply)' started by kayfabeuk, Feb 28, 2018.

  1. kayfabeuk

    kayfabeuk Private E-2

    So last night I return to my pc to literally see the mouse moving via remote connection about to log in to my paypal account. I close the window down and disable internet. A few days before my email was hacked, forwarding was setup without my knowledge so fixed that, passwords changed. Now I have an annoying prompt called xtolgck.exe that pops up wanting to make change to the computer. This happenes every few mins. I cant get rid of it. Ive tried

    Hitman
    Malware bytes
    AVG
    Rkill
    Sophos

    Ive physically located the file and deleted it, and removed all registry entries yet it still pops up.
    Any help appreciated
     
    kayfabeuk, Feb 28, 2018
    #1
  2. kayfabeuk

    kayfabeuk Private E-2

    picture attached
     

    Attached Files:

    kayfabeuk, Feb 28, 2018
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member


    C:\Users\Xeon\cfkmk\xtolgkc.exe
    C:\Users\Xeon\cfkmk\bcikgmy.fnx
    Go HERE and download Microsoft Process Explorer 16.21.
    • Save it to your desktop
    • It does not require installation, just right-click to run
    • Once opened, select Options
      • Place ticks by "Verify Image Signatures", VirusTotal.com > Check VirusTotal.com, Confirm Kill
    • At the far right you will see the VirusTotal column
    • Look under that column for anything showing other than 0/56-57
      See something? INVESTIGATE IT
    • At the far left column - see if you find the two files high-lighted under the Process column. If so - hover your mouse over it.
      • You will be shown Command Line - Path - Services <= if any involved
      • If found, right-click the bad process --> choose "Kill process tree"
    • Let us know your progress!
     
    dr.moriarty, Feb 28, 2018
    #3
  4. kayfabeuk

    kayfabeuk Private E-2

    Hi thanks for your prompt and helpful reply Dr.Moriarty. Ive found that the majority of processes are 0/68 for applcations such as Chrome, Nvidia etc, should I still be concerned? The processes in question arent on the left.
     
    kayfabeuk, Feb 28, 2018
    #4
  5. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome.

    You shouldn't be concerned about the number of processes yet (depends on the applications you run at startup or currently have open). There might be a scheduled task causing this or something the scanners didn't detect, so I recommend that you run the full Read & Run Me First guide and start a new thread in the forum Malware Help - MG (A Specialist Will Reply).

    NOTE: Process Explorer would need to be running when the prompt appears for you to track it down with it.
     
    Last edited: Feb 28, 2018
    dr.moriarty, Feb 28, 2018
    #5
  6. kayfabeuk

    kayfabeuk Private E-2

    Looks to be all fixed, thanks for your support Dr Mortiarty.
     
    kayfabeuk, Mar 8, 2018
    #6
  7. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome!

    Please tell us what steps you used to fix the problem.
    dr.m
     
    Last edited: Mar 8, 2018
    dr.moriarty, Mar 8, 2018
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds