Windows 10: Problems posible trojan Solved

Page 1 of 2 12 LastLast
  1.    21 May 2018 #1

    Problems posible trojan


    Having problems..I couldn't open sites on FF..I can't recall exactly what it said but was something like the site was not set up properly & wasn't safe. FF could not connect. I ran Unhack-me & can move around but there are many problems shown on Rkill. I would be thankful for help.
      My ComputerSystem Spec

  2.    21 May 2018 #2

    here are the two Rkill files...Rkill 1 is before I ran unhackme..Rkill 2 is after..it looks messed up.. please help!
    Problems posible trojan Attached Files
      My ComputerSystem Spec

  3.    22 May 2018 #3

    Hi.
    Couple things:
    First of all, you answered your own thread, so it's not sitting in the "unanswered queue" anymore.
    Secondly, you marked it as solved, which tells everyone you no longer need help.

    Here is what I would recommend. Run these programs in the order I give them:

    RKILL (free)
    Download RKill

    ADWCleaner (free)
    (Post the logs. It will have you reboot first)
    Downloads - AdwCleaner - ToolsLib

    RKILL again
    (because everything RKILL does is undone by a reboot)

    Malwarebytes Antimalware (free) FULL SCAN
    (be sure to tick the box in settings to scan for rootkits!)
    (post the log)
    Free Anti-Malware & Malware Removal | Malwarebytes

    Ccleaner (free)
    Download CCleaner | Clean, optimize tune up your PC, free!
    Run this cleaner on all your browsers and clear everything out. If you save passwords in your browsers, back them up first.
    Then RESET ALL Browsers on the system (not just the ones you use, but all of them, especially Internet Explorer).
    Reset Microsoft Edge to Default in Windows 10 | Windows 10 Tutorials

    How to Reset Your Web Browser To Its Default Settings

    Then, back in Ccleaner, go into Tools>Uninstall and remove any toolbars or rogue apps you find.
    Then run it on your registry, ticking all boxes except Help Files.

    Open an Admin Command Prompt and clear your DNS
    Code:
    ipconfig /flushdns
    You have 728 entries in your HOSTS file. Can you please explain?
    If there is any illegal software on the system, please uninstall it now.
    Check that Windows Update is now running, and your AV also (whatever you use).

    Open an Admin Command Prompt and run the System File Checker, by entering
    Code:
    sfc /scannow
    Once it is finished, you should see "No integrity violations found". If it says found and fixed, or found and couldn't fix, reboot and run it again, up to 3 times.

    Report back here and we'll see how things are going.
      My ComputerSystem Spec

  4.    22 May 2018 #4

    Thanks Simrick for the reply...I'll try to explain the confusion later...here are the first set of logs. I'll make sure these send then reboot.
    Problems posible trojan Attached Files
      My ComputerSystem Spec

  5.    22 May 2018 #5

    Here is the last rkill & mbytes..I think I've completed all items...on the first post, it was all my confusion...I was your reply & was so thankful because I was getting ready to format. I don't know why all the hosts were on rkill ..they hadn't shown up before...please let me know if there is anything else I need to do...
    Problems posible trojan Attached Files
      My ComputerSystem Spec

  6.    22 May 2018 #6

    Thank you once again Simrick..you save me a lot of trouble..kudos to you & 10forums
      My ComputerSystem Spec

  7.    23 May 2018 #7

    Thank you for the logs.
    Nothing looking to terribly bad in there (except slim cleaner, which is considered a PUP).
    I'd like to see a FULL SCAN though, and not just a threat scan from MBAM, with Rootkits box checked.

    1. Have you confirmed Windows Update is working?
    2. What Anti-Virus program do you use, and have you confirmed that it is functioning correctly (Windows Defender is disabled).
    3. What were the results of the system file checker scan?

    If you have completed all the steps and are no longer having any issues with FF, I think you are good to go. But, if you are still having issues, we'll need to take a deeper look.
      My ComputerSystem Spec

  8.    23 May 2018 #8

    One more thing:
    Unless you or your legitimate apps have specifically made those changes to your HOSTS file, I would reset it. MS have instructions here:
    https://support.microsoft.com/en-us/...to-the-default

    Or you can use this tool
    Downloads - RstHosts - ToolsLib

    Here you can read a little more on the subject, if you like:
    How can I reset the Hosts file back to the default in Windows 10? - Windows 10 Support

    .
      My ComputerSystem Spec

  9.    23 May 2018 #9

    Thank you simrick..on mbam I did have rootkits checked..I didn't see any way to run a scan...I'm using a version I just upgraded from mbytes, so i'm installing the one you sent just in case.
    1. I went to windows update & clicked on update ...it began looking...not sure how to check any other way.
    2. I use Avast...it opens & I don't notice anything amiss...When I go to update/security there is no windows defender listed so I didn't know how to turn on or off realtime protection
    3. The SFC indicated no integrity violations found.
    4. Hit Man finds the file SVC host...listed as suspicious.
    I will take care of the host as you have directed
    I have also attatched an mbam txt from the mbam that you sent.
    I think that covers it all.
    Problems posible trojan Attached Files
      My ComputerSystem Spec

  10.    24 May 2018 #10

    10beers said: View Post
    Thank you simrick..on mbam I did have rootkits checked..I didn't see any way to run a scan...I'm using a version I just upgraded from mbytes, so i'm installing the one you sent just in case.
    1. I went to windows update & clicked on update ...it began looking...not sure how to check any other way.
    Okay good - that's fine.

    10beers said: View Post
    2. I use Avast...it opens & I don't notice anything amiss...When I go to update/security there is no windows defender listed so I didn't know how to turn on or off realtime protection
    Defender will be disabled by Avast to prevent conflicts. Turning off Avast shields will turn off real-time protection.

    10beers said: View Post
    3. The SFC indicated no integrity violations found.
    Great.

    10beers said: View Post
    4. Hit Man finds the file SVC host...listed as suspicious.
    Hmmm....Please provide the logs for this?

    10beers said: View Post
    I will take care of the host as you have directed
    Good.

    10beers said: View Post
    I have also attatched an mbam txt from the mbam that you sent.
    I think that covers it all.
    Thanks - looks good, but still only a Threat Scan. Still, since you're on the trial, you have active protection from MBAM for about 2 weeks, so that makes me feel better, while we determine what Hitman has flagged.

    One thing: please run winver from the search box and post a screenshot of what version Windows you have running on there. Hopefully you're already on v1803...

    For a Full MBAM scan:

    Click image for larger version. 

Name:	image.png 
Views:	1 
Size:	52.4 KB 
ID:	190041


    Click image for larger version. 

Name:	image.png 
Views:	3 
Size:	31.9 KB 
ID:	190040
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Solved WD says I have a trojan at every boot in AntiVirus, Firewalls and System Security
Hello. Windows Defender says I have a trojan on every boot buy when I check WD Security Center there is nothing there. I haven't noticed anything weird but the message is getting on my nerves. Ran AdwCleaner and it came up clean. This is...
Solved Trojan, Trojan.Generic? in AntiVirus, Firewalls and System Security
Hi! Today i might have got a trojan. I did indeed install a program that redirected me to a site where i think the website downloaded unwanted malware to my PC. The malware that has got control over my PC has completely blacked out my access to...
Solved Trojan or not ? in AntiVirus, Firewalls and System Security
Hi all, Not quite sure when this started but roughly somewhere around July I noticed a file called NTUSER.rhk that resides in "Users\My username". Googling for the .rhk file extension gave me a bit of a scare as most sites suggest this is...
Solved Do I Have A Trojan? in AntiVirus, Firewalls and System Security
Hello, First post here :) Lately my Windows Defender is finding a Trojan in the Recovery D (Trojan:Win32/Dynamer!ac) It only shows up after a full 3 hour search and not in the fast search A full search with Malwarebytes, Adware and Hitman...
Trojan in My Registry in AntiVirus, Firewalls and System Security
I have an older 15 inch HP with W10 that I recently updated. I have always had McAfee on the computer, it has never lapsed. I have also run Spybot, Malwarebytes, Google Ghostery and ABP Adblock Popup. When I recently bought a new printer...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:17.
Find Us