Trojan.kovter And Other Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by handyaj, Feb 12, 2019.

  1. handyaj

    handyaj Private E-2

    I am helping a friend with cleaning their computer. She saw a message about potential hacking and possible compromise of financial information. She did not say if it was a message from Norton Security Suite or something that just popped up. This was about 3 weeks ago. She hired a company to clean the computer. They said it was done but there was a message about a trojan being found. She wanted another person to look at this.

    I looked over the computer and did not see anything unusual but wanted to check it thoroughly. I used Major Geeks in the past to help clean computers and wanted to make sure this computer is completely clean. I went through the readme and ran the 4 recommended tools. I used Malwarebytes to clean what it found. It found and deleted files including one marked as Trojan.Kovter. I found several files in the user's appdata folder, Firefox-Patch.js. I manually deleted them since the one was marked as a trojan in Malwarebytes.

    I am attaching logs from Malwarebytes, Rougue Killer, Hitman Pro and MGTools. Please let me know the next steps to take.
     
    handyaj, Feb 12, 2019
    #1
  2. handyaj

    handyaj Private E-2

    Here are the attached files.
     

    Attached Files:

    handyaj, Feb 12, 2019
    #2
  3. handyaj

    handyaj Private E-2

    I wanted to add more detail of the events that transpired. I found out they had a window pop up about having a problem with Microsoft Office and that their computer may already be compromised. They used a service named 365techcare.com. I did some searching and found this is a scam. She said this tech support company connected to their computer but only after they initiated it. The program used is Goto Opener by LogmeIn. It does not appear to be running in the background. I am going to uninstall this application after hearing back from you and checking for registry entries and other files. Thank you.
     
    handyaj, Feb 12, 2019
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please remove everything found by MBAM.....reboot and rescan with MBAM and also attach that log and the log from running ADWCleaner.
     
    TimW, Feb 12, 2019
    #4
  5. handyaj

    handyaj Private E-2

    Thank you. Due to ice storms yesterday, we kept losing power so I will work on it this evening.
    I also wanted to mention I found a file, Network Security.exe on the desktop. Not sure it is tied to anything but did not want to delete it yet. Could this be malware or something left behind from malware?
     
    handyaj, Feb 13, 2019
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I don't know yet....need the logs.
     
    TimW, Feb 13, 2019
    #6
  7. handyaj

    handyaj Private E-2

    Logs from MBAM and ADWCleaner attached including a couple from real time blocking.
     

    Attached Files:

    handyaj, Feb 13, 2019
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    So it looks like MBAM is doing its job. What other malware issue, if any, are you still having?
     
    TimW, Feb 13, 2019
    #8
  9. handyaj

    handyaj Private E-2

    There are no more issues. Thank you for your help.
     
    handyaj, Feb 14, 2019
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    3. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    4. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. After doing the above, you should work thru the below link:
     
    TimW, Feb 14, 2019
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds