Inactive Can't locate, quarantine or remove sabsik trojan

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

missdismiss

Thread Starter
Joined
Oct 16, 2021
Messages
2
I've recently downloaded a game on my windows 10 laptop from a site I trusted to have no malware. It was in a zip file. When I checked what was inside, there was a text file and another zip file that required a password for me to enter (which was in the text file previously mentioned). When I checked the second zip file there was just one setup.exe file. When I clicked on it, the windows defender detected multiple threats. I noticed a few cmd windows popping up and disappearing, one appearing a bit later than another. Also my google chrome window that was opened closed without me doing anything.

I disconnected from the internet and tried to remove all of the threats. They were all labeled severe. I also disabled two .exe programs that I saw running in the task manager. When I checked the windows defender again, every threat was quarantined or removed, except for two that said that the remediation was incomplete and one that was active. The latter one I can't quarantine or remove, and when I check the location stated below I can't find anything of that sort. It said it was located in the temp folder of my user account.
I later loticed that one of the "incomplete" threats was labeled the same as the active threat, it was a sabsik trojan. The other incomplete one was an AgentTesla.

I booted the computer in safe mode and scanned the computer from cmd. No threats found. When I checked windows defender from safe mode it also said that no threats were found. But when I start the computer normally it detects this one threat. Note that I used another user account on the computer when it was in safe mode, because when I tried logging in my account in safe mode for some reason my password was incorrect even if I was 100% sure I typed it correctly. Also, I couldn't start any sort of scan in win defender from safe mode, I would click "scan now" and nothing happened.

I am scared to start my computer and connect to the internet so I could install another anti malware program. What should I do?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,630
Hello missdismiss and welcome to TSG,

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us...otect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/fo...nti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin
 

missdismiss

Thread Starter
Joined
Oct 16, 2021
Messages
2
Hello missdismiss and welcome to TSG,

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us...otect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/fo...nti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin
In the meantime I have downloaded Malwarebytes and ran a scan on it. Found 116 threats at that moment. here is the log:

Malwarebytes


-Log Details-
Scan Date: 10/16/21
Scan Time: 2:12 PM
Log File: a6e61a64-2e82-11ec-9d46-00090ffe0001.json

-Software Information-
Version: 4.4.8.137
Components Version: 1.0.1474
Update Package Version: 1.0.45982
License: Trial

-System Information-
OS: Windows 10 (Build 18363.1198)
CPU: x64
File System: NTFS
User: DESKTOP-1RLNAJB\sofij

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 666341
Threats Detected: 116
Threats Quarantined: 116
Time Elapsed: 23 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 16
PUP.Optional.InstallCore, HKU\S-1-5-21-1368817351-3228443981-686292068-1001\SOFTWARE\CSASTATS\ic, Quarantined, 516, 586068, 1.0.45982, , ame, , ,
Trojan.Dropper.E, HKU\S-1-5-21-1368817351-3228443981-686292068-1002\SOFTWARE\BrowserDeat, Quarantined, 3838, 983580, 1.0.45982, , ame, , ,
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66A7F1C9-F270-4C51-BFD8-5415E3CB1E85}, Quarantined, 925, 555343, 1.0.45982, , ame, , ,
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{66A7F1C9-F270-4C51-BFD8-5415E3CB1E85}, Quarantined, 925, 555342, , , , , ,
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Timer, Quarantined, 925, 555342, 1.0.45982, , ame, , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PowerControl LG, Quarantined, 2956, 982508, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3705C79D-80F8-498E-B161-A71776B0544A}, Quarantined, 2956, 982508, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{3705C79D-80F8-498E-B161-A71776B0544A}, Quarantined, 2956, 982508, , , , , ,
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, Quarantined, 5680, 293553, , , , , ,
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, Quarantined, 5680, 293553, , , , , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Device Information\sacotup, Quarantined, 2716, 944578, , , , , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A25DC28-F86F-41B6-819D-BD91EEF46BF9}, Quarantined, 2716, 944578, , , , , ,
Trojan.BrowserHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{0A25DC28-F86F-41B6-819D-BD91EEF46BF9}, Quarantined, 2716, 944578, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PowerControl HR, Quarantined, 2956, 982507, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{81338A10-A6B7-4410-A914-1BE0D1DE10BA}, Quarantined, 2956, 982507, , , , , ,
Trojan.Downloader.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{81338A10-A6B7-4410-A914-1BE0D1DE10BA}, Quarantined, 2956, 982507, , , , , ,

Registry Value: 4
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66A7F1C9-F270-4C51-BFD8-5415E3CB1E85}|PATH, Quarantined, 925, 555343, 1.0.45982, , ame, , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1368817351-3228443981-686292068-1001\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|aemdknhflgikhelppjapdhhpepgjlcca, Quarantined, 1903, 443121, , , , , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1368817351-3228443981-686292068-1001\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|bnmdnnacoefompilgacldgkjioblpaci, Quarantined, 1903, 867816, , , , , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1368817351-3228443981-686292068-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bnmdnnacoefompilgacldgkjioblpaci, Quarantined, 1903, 867816, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 21
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\ElectronCash, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\ElectrumLTC, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\MultiDoge, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Electrum, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Jaxx_New, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Binance, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Coinomi, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Atomic, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Exodus, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\Monero, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\ProgramData\7XFZU35JHQF32FRGQU2ILR1NK\files\Wallets\JAXX, Quarantined, 1005, 697276, , , , , ,
Spyware.StolenData.E, C:\PROGRAMDATA\7XFZU35JHQF32FRGQU2ILR1NK\FILES\Wallets, Quarantined, 1005, 697276, 1.0.45982, , ame, , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca, Quarantined, 1903, 443121, , , , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\AEMDKNHFLGIKHELPPJAPDHHPEPGJLCCA, Quarantined, 1903, 443121, 1.0.45982, , ame, , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci, Quarantined, 1903, 867816, , , , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\BNMDNNACOEFOMPILGACLDGKJIOBLPACI, Quarantined, 1903, 867816, 1.0.45982, , ame, , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci, Quarantined, 1903, 867816, , , , , ,
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BNMDNNACOEFOMPILGACLDGKJIOBLPACI, Quarantined, 1903, 867816, 1.0.45982, , ame, , ,
PUP.Optional.Trovi, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 504, 454808, , , , , ,
PUP.Optional.Trovi, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, Quarantined, 504, 454808, , , , , ,
PUP.Optional.Trovi, C:\USERS\SOFIJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 504, 454808, , , , , ,

File: 75
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\TIMER, Quarantined, 925, 555342, , , , , 50EB8E1FD265B8245B718E6AF1642CF9, 192A38D48E67FF49C806F9E63CA7CCE7CAAFD62284E8DFE6157762C11710B723
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 1903, 443121, , , , , 05D212B6E865B2A4EDBB9919B99C22D8, B37A7E00D9EA35CA3A36AA086ED376701860D8168534DF716BA74986A872D118
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Preferences, Replaced, 1903, 443121, , , , , 16B2F0EFD5D92AD9F3EC41AB0804BBB3, 81DE20EF9CE9165581B0FEDAF08A060D1D3BB08636E9B62B4CC948735C51B36B
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca\000003.log, Quarantined, 1903, 443121, , , , , 7F7F6B417C22E07380CC750932E73367, 03593FC0019E35FB1D440FFDC4BE852F23BB685D88C14CD48EC9775D337E42A9
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca\CURRENT, Quarantined, 1903, 443121, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca\LOCK, Quarantined, 1903, 443121, , , , , ,
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca\LOG, Quarantined, 1903, 443121, , , , , 3B2AB7B427660BA5049D2B75C91E94EF, DA85AF78B520E9B974046B9FBECE77257066A25B015ED811382D86E1BB2B522A
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\aemdknhflgikhelppjapdhhpepgjlcca\MANIFEST-000001, Quarantined, 1903, 443121, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\AEMDKNHFLGIKHELPPJAPDHHPEPGJLCCA\13.931.18.7871_0\MANIFEST.JSON, Quarantined, 1903, 443121, 1.0.45982, , ame, , F3FAC795C13C12C3B4251CE26A232B6D, A075D0F869693656FC820610491AC2F7C849509D532F5572E656E12275D1926A
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 1903, 867816, , , , , 05D212B6E865B2A4EDBB9919B99C22D8, B37A7E00D9EA35CA3A36AA086ED376701860D8168534DF716BA74986A872D118
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Preferences, Replaced, 1903, 867816, , , , , 16B2F0EFD5D92AD9F3EC41AB0804BBB3, 81DE20EF9CE9165581B0FEDAF08A060D1D3BB08636E9B62B4CC948735C51B36B
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\000003.log, Quarantined, 1903, 867816, , , , , 9BB90148B7CA5C39335B44272B1D4A53, 7145588E068FC620CB05C5A42EEC75F862866ABF76858A59B4B744C43AB99C11
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\CURRENT, Quarantined, 1903, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\LOCK, Quarantined, 1903, 867816, , , , , ,
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\LOG, Quarantined, 1903, 867816, , , , , 0BC2FA6531BED468F9D5C59476BF5E89, D2E4ED55A3B17DD3092D8A87F4C75C232C36431B369AE9A63AEBD15DB015D87B
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\MANIFEST-000001, Quarantined, 1903, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\BNMDNNACOEFOMPILGACLDGKJIOBLPACI\13.945.18.35135_0\MANIFEST.JSON, Quarantined, 1903, 867816, 1.0.45982, , ame, , 5BEA9266A52F1D78BD077223DE39552D, 145D1A98228A0CA7B233050D2D174F1072ED35309DCDAB94202DF407806AD6B7
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 1903, 867816, , , , , 30067E5DAADFBF27370A692398B9A48D, 6A1F03E931DEE7CC6AA9BBF8C3357993839E2372C2D42BD3B45B6A5C0DC44AFE
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 1903, 867816, , , , , F4FF3A1EC03C37F95AAB9E5DDE4C86D6, 5F522CB37C38693665BDEA194751A26AEED726B0FD20DA5D9891EE4D30382B01
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\000003.log, Quarantined, 1903, 867816, , , , , C09CD32CCDB11192D12B335E2146152F, 816BD38E9E2245D3B249F8C6DEBE2954E6A08A15E0DAEAE58B3A42A3AE65D2D2
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\CURRENT, Quarantined, 1903, 867816, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\LOCK, Quarantined, 1903, 867816, , , , , ,
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\LOG, Quarantined, 1903, 867816, , , , , 2DB2F17ADB9350E249949C40038A6593, B23DEC1846EC027460C193E940C9F98766DA54AB0F26F596D762ECDDBC720E28
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\LOG.old, Quarantined, 1903, 867816, , , , , BBAC88557A0121BFCCC9F9B2228583E8, 247E9C27A79B157426A04B8F0988F0573BBB06AE87FB1846EC8FEF16B3F80617
PUP.Optional.MindSpark.Generic, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnmdnnacoefompilgacldgkjioblpaci\MANIFEST-000001, Quarantined, 1903, 867816, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BNMDNNACOEFOMPILGACLDGKJIOBLPACI\13.945.18.35135_0\MANIFEST.JSON, Quarantined, 1903, 867816, 1.0.45982, , ame, , 5BEA9266A52F1D78BD077223DE39552D, 145D1A98228A0CA7B233050D2D174F1072ED35309DCDAB94202DF407806AD6B7
PUP.Optional.MindSpark.Generic, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\AEMDKNHFLGIKHELPPJAPDHHPEPGJLCCA\13.931.18.7871_0\CONFIG\CONFIG.JSON, Quarantined, 1903, 456842, 1.0.45982, , ame, , 2F4A1606482BFFB68C41A3CDD84793C4, 973B89A907D460D4A7EE6583468CCD0AEF5284A69127EF729B4F27C642F4C53E
Trojan.Downloader.E, C:\WINDOWS\SYSTEM32\TASKS\PowerControl LG, Quarantined, 2956, 982508, 1.0.45982, , ame, , 5046AF6793936A2BF327956CFD7D212C, D7D87D3CDC9877D1C879D94D61D9524E7AB37A71E61DF825C90A39D6D4AB734E
RiskWare.HeuristicsReservedWordExploit, C:\WINDOWS\SYSTEM\SVCHOST.EXE, Quarantined, 5680, 293553, 1.0.45982, , ame, , 2E025DAACFE1DEF8AC1FA48820D2C8CE, 7FBA11E6CF45E2B1F27FA0011E65C00C71C227D151EB4ED7975E50320F9E26C8
Trojan.BrowserHijack, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Device Information\sacotup, Quarantined, 2716, 944578, , , , , F67758D0B594A36543A39680F85551DF, 4460DA882EF0B6CB96286B65BEE3E54CBE96B786603C2BAFFC8534EF6ED3AC9E
Trojan.BrowserHijack, C:\PROGRAMDATA\TASKVOICE\COLJRRAND\APPISQGT_PAELV.DLL, Quarantined, 2716, 944578, 1.0.45982, , ame, , 535693AB091395E861F36817F115260C, 4778FE5B459EFFB46B9525D7B0803790ABF689AC1886882A270DE73A0CAEA995
Trojan.Downloader.E, C:\WINDOWS\SYSTEM32\TASKS\PowerControl HR, Quarantined, 2956, 982507, 1.0.45982, , ame, , 22281187AFD8E61BB0DDD9326C9A9331, AF1C27B8B966BA09313ABC2A0844D6F3F2B09A39E945180A2FB5BDA0876042ED
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\VCRUNTIME140.DLL, Quarantined, 3981, 820419, 1.0.45982, , ame, , 7587BF9CB4147022CD5681B015183046, C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MSVCP140.DLL, Quarantined, 3981, 820423, 1.0.45982, , ame, , 109F0F02FD37C84BFC7508D4227D7ED5, 334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, Quarantined, 3981, 820422, 1.0.45982, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\SOFTOKN3.DLL, Quarantined, 3981, 820420, 1.0.45982, , ame, , A2EE53DE9167BF0D6C019303B7CA84E5, 43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, Quarantined, 3981, 820421, 1.0.45982, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\FREEBL3.DLL, Quarantined, 3981, 820418, 1.0.45982, , ame, , EF2834AC4EE7D6724F255BEAF527E635, A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
Trojan.Crypt.MSIL.Generic, C:\USERS\SOFIJ\APPDATA\ROAMING\5972456.SCR, Quarantined, 7535, 988241, 1.0.45982, 0000000000000000000003EB, dds, 01468024, 4CF4B346CE5E48F766B3D5C8838317C6, 0E43B7E859D35F9F5393BEB6DD6D97BDD7B3E42DA6ADF9E4A9DFA58C9C480995
Spyware.PasswordStealer, C:\USERS\SOFIJ\APPDATA\ROAMING\2981395.SCR, Quarantined, 555, 988457, 1.0.45982, 0000000000000000000003EB, dds, 01468024, E1B06481E082973F67E43C1AA30FE81D, 413DD0EE312EFAE74DFDDD9223D1AF0896DE4735F7DB1438494EB7AF9367A93C
Trojan.MalPack.GS, C:\USERS\SOFIJ\APPDATA\LOCAL\TEMP\{OZE1-J8XJL-3MRJ-98EVB}\26745908719.EXE, Quarantined, 8497, 988489, 1.0.45982, , ame, , 3F03E871135EA30656560F6BEA4454B0, D57F6E4365E56D18EFB86659984D8D9D28A3AF73CD12A9489B991436F430772A
Trojan.MalPack.GS, C:\USERS\SOFIJ\APPDATA\LOCAL\TEMP\{OZE1-J8XJL-3MRJ-98EVB}\73988656969.EXE, Quarantined, 8497, 987916, 1.0.45982, , ame, , C200E4D07007A35710E92D7DFCEB0324, F9AC3A5E47D22923CF2BA30DCA03B8B16ADD5CE62350A60A36A5B1CA188AB158
Trojan.ClipBanker, C:\USERS\SOFIJ\APPDATA\ROAMING\2852889.SCR, Quarantined, 4470, 982300, 1.0.45982, 0000000000000000000003EB, dds, 01468024, 9EC6ECF38CB040515DD99EDC3E964C10, 80DB68B4B0216A5371497F59D688D88108EFE0BBF3D3FEA1B969CDE9CE8D4168
Trojan.Crypt.MSIL, C:\USERS\SOFIJ\APPDATA\ROAMING\2547542.SCR, Quarantined, 6038, 987966, 1.0.45982, 0000000000000000000003EB, dds, 01468024, A75F3F3BD4023BBC4ED40068E53E135E, 6AB2D03CDF3AE7DD8A7DE523D7CA2D40B04443220AE10983332BAC5634AE808D
Trojan.Crypt, C:\PROGRAM FILES (X86)\POWERCONTROL\POWERCONTROL_SVC.EXE, Quarantined, 526, 987734, 1.0.45982, , ame, , 19B0BF2BB132231DE9DD08F8761C5998, EF2A03F03F9748EFFD79D71D7684347792F9748B7BBB18843BD382570E4D332E
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 504, 454808, , , , , 52A4EE7692892C01457C19D9716F379D, 876B13415B8CCE3DE1E53292FE26A93D6804C0C2780A00378ED588EDC7398E48
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002056.ldb, Quarantined, 504, 454808, , , , , 11216DB639B8B661B256A846B3CC71DF, 62AB27F3D4DBADD7035995FDCFCA02E09CCFD079A63304D5983D92BE31F40EDD
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002059.ldb, Quarantined, 504, 454808, , , , , ED3D44E6EFD4F4AE97AE26C89F682069, CC778DDF1ACCD33EB4BE273FFCE29284297EEAF04A9644A6566D09BD134AE9BC
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002061.log, Quarantined, 504, 454808, , , , , DD39DC4F76D9EC97BD8D0D874DE4AE0A, 3B5BE235CF924AD820D4F3E9E53081F3649B8E2D7F6591E53BF3F6ADD1EC86C2
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002062.ldb, Quarantined, 504, 454808, , , , , 0E2E30F467B2518FED002E9DAECF184B, 462634751F6787A3E0E6DC09EE27BB8FA8EEBD6DBF06AF193F94D0AFE4D84D76
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 504, 454808, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 504, 454808, , , , , ,
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 504, 454808, , , , , 89C643A2359E67F2AF8AC17F879E7FD5, FAFC84B09C684FC097321CE0154031EBD46D984B27DEE5DE32D9FFDA26E65EF7
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 504, 454808, , , , , 3BC262C55E4E6AA3EA7D067CF6DCBF7C, FA39128C465B6D3F886D38BAB473A02F3F2B42EADD2D844E3E6DFEAA9DBAE35E
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 504, 454808, , , , , 068071D5749B8BFE662CCF977ED69A15, D26B449EA9620CEE8255CA55EBA40C41C23FE68654B406B44FB77CCE76F3DD5B
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000005.ldb, Quarantined, 504, 454808, , , , , F64C0FB15500E02895592C3749A9E55B, E2FBA9A1C0D21E2AB3749056A296C228087467B41EB997619D350408ACD22022
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000299.log, Quarantined, 504, 454808, , , , , 7BA5F1ABF1ADE0DD483442AAB142D81A, DDF7F8FCF27B8CFBC0BC6BE78CF551A132199761C06E7B851FA0DA9874D8D824
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000301.ldb, Quarantined, 504, 454808, , , , , C92E0CE96D46E52063B2DB0ECCF3358B, A94BE0C83587101C7CC83607CA3C93964C6B1BEF09990DC398162840C02514B0
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\CURRENT, Quarantined, 504, 454808, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOCK, Quarantined, 504, 454808, , , , , ,
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG, Quarantined, 504, 454808, , , , , B4A3BDAFC56FFF8FF9A034C2696194E7, 2310267CA9444DDD13D0852800EFF7F6F9133E09BA15CE173439CE5D5C6916B4
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG.old, Quarantined, 504, 454808, , , , , FC1BF77FA86BA61EB6E288F4F86B3125, 686D679F5E3A0FBD42480F5E2FA8A411C72C52D0981D3139FF67BF603F9044B5
PUP.Optional.Trovi, C:\Users\skrnj\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 504, 454808, , , , , F8D4D9BE4D9DF022BB6129AADAB6BE7E, 15D221ACC21EB135FE400ADEF2E53D0A567839DE04B51BC86E4A34C0D9EF84DC
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 504, 454808, , , , , 3DE8FB52D6018F9B084AAAE6AD088657, 34548DE56CD03A2842B9A2405F39E134E596DB323A7CB0A94C9FF596C172ECAA
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, Quarantined, 504, 454808, , , , , 58C21C7167AA43C72D739D6AF6F9BC86, 2B494AEF342739FF69A53FF0E734D94D45449E2685CB781EF440DAF991975AD7
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000010.log, Quarantined, 504, 454808, , , , , 7DEF7931A73C30930F9C341FAE297868, CF7DCA141B7E6D55780E030F750376318165D35DB3DB1601FECDF7F47DCA4549
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000011.ldb, Quarantined, 504, 454808, , , , , ABA1AF871453366A6DC4B7510B2C208F, 94F102E92F70A22574741C098DB00E22D3E84E27468D0BCC8C805C569845A89A
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 504, 454808, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 504, 454808, , , , , ,
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 504, 454808, , , , , 08B4BED984BAE36A6C0187770FB2A90C, 543AA8E1430ACF1CD834E51ACE40F1F89D8771BA1027B218C00C0DE42CE40646
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 504, 454808, , , , , 8EABA4402CC3E368F63199D3B033735C, B4FE8E24103FEDFFA1BE0130B217E296A31C33D6A24CF53693430EC77FF8AB4B
PUP.Optional.Trovi, C:\Users\sofij\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 504, 454808, , , , , 7C0C3F75BC1F92487595E5E3AFE40002, E1170F44DA69329AD3482434E0A49887D8EFD6F26884E3955E18B1E8DFA85FA0
PUP.Optional.Trovi, C:\USERS\SKRNJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 504, 454808, 1.0.45982, , ame, , 30067E5DAADFBF27370A692398B9A48D, 6A1F03E931DEE7CC6AA9BBF8C3357993839E2372C2D42BD3B45B6A5C0DC44AFE
PUP.Optional.PushNotifications.Generic, C:\USERS\SOFIJ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 201, 838845, 1.0.45982, , ame, , 9047E1322B6933DBE84F634056417A18, FD47B6F04FF6AA3E6A73C2B527A9E332EA44A6BA15280AB9C7C3EE1BE68A27FE
PUP.Optional.Trovi, C:\USERS\SKRNJ\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Replaced, 504, 454808, 1.0.45982, , ame, , 05D212B6E865B2A4EDBB9919B99C22D8, B37A7E00D9EA35CA3A36AA086ED376701860D8168534DF716BA74986A872D118

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Also about 3 h ago my discord got hacked and sent almost every single one of my friends a fake discord nitro link, luckily I don't think anyone got fooled by it. Also a page was added on my facebook profile, it was named vostra and it had a naruto shippuden pfp. I deleted it and changed all of my passwords (facebook, discord, instagram, gmail etc.) and enabled 2-step authentification. Fortunately we don't use this computer for finances at all, things would have been nasty if some of those passwords were saved here.
I scanned a bunch more times after this and no threats were found afterwards.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top