In Progress nusojog.com and Chromium

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Etherial

Thread Starter
Joined
Oct 14, 2019
Messages
5
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: AMD Ryzen 5 2600X Six-Core Processor, AMD64 Family 23 Model 8 Stepping 2
Processor Count: 12
RAM: 16333 Mb
Graphics Card: NVIDIA GeForce RTX 2080, -1 Mb
Hard Drives: C: 476 GB (252 GB Free); E: 1862 GB (1823 GB Free);
Motherboard: Micro-Star International Co., Ltd., B450 GAMING PRO CARBON AC (MS-7B85)
Antivirus: Windows Defender, Enabled and Updated

Since a few months ago, I downloaded from the wrong site and it installed Chromium on my device. It randomly opens, but doesn't seem to actually affect anything, and no antivirus I tried (Malwarebytes, Windows Defender) would get rid of it. I got Malwarebytes premium and it gives me a popup every now and then saying something about the nusojog.com trojan.
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
850
Hi Etherial, welcome to the Tech Support Guy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
850
Hi Etherial,

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    HKU\S-1-5-21-4194389844-2839123543-1607242095-1001\...\Run: [Chromium] => c:\users\kenneth lai\appdata\local\chromium\application\chrome.exe [4195328 2017-10-06] (The Chromium Authors) [File not signed]
    HKU\S-1-5-21-4194389844-2839123543-1607242095-1001\...\Run: [GoogleChromeAutoLaunch_427A3552FEF8B2B867654BCC9C4838B2] => C:\Users\Kenneth Lai\AppData\Local\chromium\Application\chrome.exe [4195328 2017-10-06] (The Chromium Authors) [File not signed]
    Task: {18CEC013-70A3-4516-8A2C-F08537488885} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-07-25] (Chromium.) [File not signed]
    Task: {4F29E2A7-D717-49A0-9C3C-D06CB653379C} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-07-25] (Chromium.) [File not signed]
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2019-07-25] (Chromium.) [File not signed]
    FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2019-07-25] (Chromium.) [File not signed]
    S2 chromium; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-07-25] (Chromium.) [File not signed]
    S3 chromiumm; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-07-25] (Chromium.) [File not signed]
    S2 NahimicService; "C:\Windows\system32\NahimicService.exe" [X]
    2019-06-26 04:06 - 2019-06-26 04:06 - 000000003 _____ () C:\Users\Kenneth Lai\AppData\Local\updater.log
    2019-06-26 04:06 - 2019-06-26 04:06 - 000000425 _____ () C:\Users\Kenneth Lai\AppData\Local\UserProducts.xml
    AlternateDataStreams: C:\Users\Kenneth Lai\Application Data:2e7adecd915fad7ede6cff9c6c6e4e6e [394]
    AlternateDataStreams: C:\Users\Kenneth Lai\AppData\Roaming:2e7adecd915fad7ede6cff9c6c6e4e6e [394]
    FirewallRules: [{8BFDBFE5-9190-4DCF-81AA-35BB47E2739A}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe No File
    FirewallRules: [{06057E59-0A5F-4247-B7BA-7C4A66B7102D}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe No File
    FirewallRules: [{290C1412-AB07-4FF2-9B36-2799398A17C9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [{D3BA40B8-5F9A-4EC2-B1C2-704DC1C1A98F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
    FirewallRules: [TCP Query User{038AFDA2-9337-4B88-A2C7-0146255E4DF5}C:\the witcher 2 - enhanced edition\bin\witcher2.exe] => (Allow) C:\the witcher 2 - enhanced edition\bin\witcher2.exe No File
    FirewallRules: [UDP Query User{E5DF5CF0-DD4D-4BBA-A22C-FE1C33326040}C:\the witcher 2 - enhanced edition\bin\witcher2.exe] => (Allow) C:\the witcher 2 - enhanced edition\bin\witcher2.exe No File
    FirewallRules: [{E980FDC8-822C-4468-8BE3-AF7C6C62197B}] => (Allow) C:\Users\Kenneth Lai\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
    c:\users\kenneth lai\appdata\local\chromium
    C:\Program Files (x86)\Chromium
    Emptytemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • Let me know how the computer is doing.
 

Etherial

Thread Starter
Joined
Oct 14, 2019
Messages
5
Upon restarting, I did not see Chromium open or any Malwarebytes notifications for the trojan. Will reply if I see it happen
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
850
Hi Etherial,

---------------------------------------------------
Malwarebytes Anti-Malware

Malwarebytes is already installed on your computer.
  • Launch Malwarebytes.
  • When the tool opens, click Settings, then the Protection tab.
  • Under Scan options, ensure Scan for rootkits and Scan within archives are On.
  • Click the Scan button on the left.
  • Select Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
  • Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:
  • Malwarebytes log
  • eset.txt
 

Etherial

Thread Starter
Joined
Oct 14, 2019
Messages
5
Malwarebytes log:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/17/19
Scan Time: 4:02 PM
Log File: 332204f6-f132-11e9-af1c-00d861598362.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.12953
License: Trial

-System Information-
OS: Windows 10 (Build 17134.1069)
CPU: x64
File System: NTFS
User: DESKTOP-M9RQVLP\Kenneth Lai

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 290247
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

ESET log:
10/17/2019 19:19:21 PM
Files scanned: 442689
Infected files: 0
Cleaned threats: 0
Total scan time: 00:55:27
Scan status: Finished
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
850
Hi Etherial,

---------------------------------------------------
FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
850
If all is well:

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service onlinea, external hard drive, or CD/DVD.

The following articles have more information about methods to back up your computer:

What's the Best Way to Back Up My Computer?

5 Ways to Back up Your Data
----------------------------------------------------
Here are some articles about how to keep your computer safe on the Internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top