1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Terrible Trojan

Discussion in 'Virus & Other Malware Removal' started by indeepcrap, Oct 20, 2019.

Advertisement
  1. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    Hi Precious People!

    I am in a malware quagmire. Not too long ago, I inadvertently imported the Floxif trojan into my parents' laptops when I installed AVG TuneUp on both their computers. Although my intentions were good to speed up their systems, I bear full responsibility for my idiocy as I did not (and still do not) have the funds to buy the utility software (as I have been unemployed since the beginning of this very year). So I downloaded the software from one of the less dodgy warez sites.

    Now, I'm not extolling the merits of cracked software, if any, really! What I did was wrong and foolish and I have learned my lesson the hard way...

    My question is, using the basic and rudimentary knowledge I have concerning virii, I managed to give the Floxif virus/trojan on my mother's lappy a boot by installing Bitdefender Free and configuring a firewall to block outbound (and inbound) traffic. It worked and cleaned and disinfected the nasty malware. Her PC is clean to this day (with no hiccups in system performance ever since) having scanned it with BD Free, Zemana AntiMalware* and Hitman Pro (free version).

    I put Zemana (the premium version which my parents purchased themselves on my recommendation) with an asterisk because surprise, surprise...though it has worked well in removing all sorts of malicious malware for the last few years, it detected the Frustrating Floxif and quarantined it, but Floxif returned promptly after its supposed removal.

    Sorry for the convulution but it is my father's lappy that is the source of much frustration. I don't know if it is a disk corruption issue, a problem with his TeMP cache, a system corruption or the nature of Floxif preventing the installation of Bitdefender Free but everytime I try to install the software, it notifies or tells me that 'The specified path does not exist' to 'C:\Users\Phil\AppData\Local\Temp\RarSFX16\agent_launcher.exe'.

    I've tried clearing the TeMP cache and uninstalling and reinstalling WinRAR Free to no avail. I have also tried ReImage Repair but the dang thing costs over 160 bucks (for what I foresee is a one-time usage) in my currency.

    I am wondering whether all you kind people can help me solve this with free or relatively inexpensive software without me having to reformat my father's PC (which is my LAST resort) since he has a lot of priceless data on it and would have to start with a clean slate? ;(

    I reckon this virus/trojan corrupts antivirus software becos when I installed MBytes Trial, it returned false negatives of legit, paid software installed on their PCs such as Microsoft PowerPoint and USB Safely Remove.

    What do you suggest as I have tried numerous so-called 'solutions' through Google but they have been confusing and conflicting?

    Thanks in advance!

    Sincerely,
    Caleb
     
  2. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    Hi, I realise everyone here is a volunteer, but I've waited MORE than two weeks and no one has replied? I see others who have posted later than me and they have been attended to.

    I'm going to give up on this forum if no one is willing to help me. :(
     
  3. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi indeepcrap, welcome to the Tech Support Guy malware removal forum, and sorry for the delay.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  4. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    Sorry for the delay. Just saw the e-mail notification of your reply.

    Here are the scan logs. I also uploaded them to VirusTotal before I uploaded the TXT files to this thread in this forum and the results showed there were no viruses, although AFAIK, text files don't usually carry malware OR viruses. I spose it never hurts to err on the side of caution, nonetheless.

    I didn't install any new apps or run any fixes or tools as requested and my father's data is all in his secondary partition, not on the system partition. I also looked at the scan and the software that is in the log results are either software giveaways with legitimate licenses or software I bought for cheap in the past. I will also see this topic to its completion and not forsake this thread EVEN WHEN things seem to be working normally again.

    Thanks for your help, Malware Specialist iMacg3. Your service is much appreciated.
     

    Attached Files:

  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi indeepcrap,

    ---------------------------------------------------
    CKScanner

    Download CKScanner by askey127 from here

    Important : Save it to your desktop.
    • Double-click CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    ---------------------------------------------------

    Please do this...

    • Click the Start button and type Command Prompt in the search box.
    • Right-click "Command Prompt" in the search results and select Run as Administrator.
    • At the command prompt, type slmgr -dlv and press Enter.
    • A window will open after a few seconds. Press Ctrl + C on your keyboard to copy its contents.
      • Press the Windows key + R. Type Notepad and click OK.
      • A new text file will appear. Press Ctrl + V to paste the contents of the window into the text file.
      • Click File > Save and save the file to your desktop.
    Copy and paste the contents of the text file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • CKFiles.txt
    • slmgr results
     
  6. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    Here I attach the results of the scan and below is the slmgr result:

    ---------------------------
    Windows Script Host
    ---------------------------
    Software licensing service version: 6.3.9600.16497

    Name: Windows(R), CoreSingleLanguage edition

    Description: Windows(R) Operating System, OEM_DM channel

    Activation ID: 71f411ae-7b4b-41bd-b68c-c519c499f950

    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

    Extended PID: 06401-01794-031-037302-02-1033-9600.0000-0012018

    Product Key Channel: OEM:DM

    Installation ID: 585584354104169390251407398050913756933941363089237447835631523

    Use License URL: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=DM

    Validation URL: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx

    Partial Product Key: 7T67Q

    License Status: Licensed

    Remaining Windows rearm count: 1000

    Remaining SKU rearm count: 1001

    Trusted time: 05/11/2019 21:50:30

    ---------------------------
    OK
    ---------------------------

    Sorry I didn't realise I still have so many malware-inducing things on my father's laptop. Should I delete them all?
     

    Attached Files:

  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,276
    Please open an Elevated Command Prompt window (on the Start screen, type "Command" - a Command Prompt icon will appear, right-click on it and select Run as Administrator) then at the prompt, type the following (be sure to include the spaces):

    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

    After running the command, two files will appear on your desktop, report.txt and repfiles.cab. Please open the report.txt file in Notepad and copy and paste the contents here. The repfiles.cab is only a backup file and can be ignored for the time being.
     
  8. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    <DiagReport>
    <LicensingData>
    <ToolVersion>6.3.9600.16384</ToolVersion>
    <LicensingStatus>SL_LICENSING_STATUS_LICENSED</LicensingStatus>
    <LicensingStatusReason>0x00000000</LicensingStatusReason>
    <LocalGenuineState>SL_GEN_STATE_IS_GENUINE</LocalGenuineState>
    <LocalGenuineResultP>1</LocalGenuineResultP>
    <LastOnlineGenuineResult>0x00000000</LastOnlineGenuineResult>
    <GraceTimeMinutes>0</GraceTimeMinutes>
    <TotalGraceDays>0</TotalGraceDays>
    <ValidityExpiration></ValidityExpiration>
    <ActivePartialProductKey>7T67Q</ActivePartialProductKey>
    <ActiveProductKeyPid2>00179-40310-37302-AAOEM</ActiveProductKeyPid2>
    <OSVersion>6.3.9600.2.00010300.0.0.100</OSVersion>
    <ProductName>Windows 8.1 Single Language</ProductName>
    <ProcessorArchitecture>x64</ProcessorArchitecture>
    <EditionId>CoreSingleLanguage</EditionId>
    <BuildLab>9600.winblue_ltsb.180101-1800</BuildLab>
    <TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone>
    <ActiveSkuId>71f411ae-7b4b-41bd-b68c-c519c499f950</ActiveSkuId>
    <ActiveSkuDescription>Windows(R) Operating System, OEM_DM channel</ActiveSkuDescription>
    <ProductUniquenessGroups>55c92734-d682-4d71-983e-d6ec3f16059f</ProductUniquenessGroups>
    <ActiveProductKeyPKeyId>485837d7-9386-5dbc-9d1f-77bd59f47758</ActiveProductKeyPKeyId>
    <ActiveProductKeyPidEx>06401-01794-031-037302-02-1033-9600.0000-0012018</ActiveProductKeyPidEx>
    <ActiveProductKeyChannel>OEM:DM</ActiveProductKeyChannel>
    <ActiveVolumeCustomerPid></ActiveVolumeCustomerPid>
    <OfflineInstallationId>585584354104169390251407398050913756933941363089237447835631523</OfflineInstallationId>
    <DomainJoined>false</DomainJoined>
    <ComputerSid>S-1-5-21-2007410531-2584461852-969158893</ComputerSid>
    <ProductLCID>1033</ProductLCID>
    <UserLCID>2057</UserLCID>
    <SystemLCID>1033</SystemLCID>
    <CodeSigning>SIGNED_INFO_PRS_SIGNED</CodeSigning>
    <ServiceAvailable>true</ServiceAvailable>
    <OemMarkerVersion></OemMarkerVersion>
    <OemId></OemId>
    <OemTableId></OemTableId>
    <Manufacturer>ASUSTeK COMPUTER INC.</Manufacturer>
    <Model>X450CC</Model>
    <InstallDate>20180101220350.000000+480</InstallDate>
    </LicensingData>
    <HealthCheck>
    <Result>PASS</Result>
    <TamperedItems></TamperedItems>
    </HealthCheck>
    <GenuineAuthz>
    <ServerProps>GenuineId=55c92734-d682-4d71-983e-d6ec3f16059f;OemId=A264;OptionalInfoId=t6Dix3g1HAS3JTxwHB3K8tu4srWE7gbES0R2obrh6lNUBEVYi0cv1HRF7NaSgH1R;Pid=F3oXfzFBGgizwy1HmuivYPKjbUqykZR/Ejx3CordvHY=;SkuId=71f411ae-7b4b-41bd-b68c-c519c499f950;TimeStampServer=2013-09-19T09:29:20Z;</ServerProps>
    </GenuineAuthz>
    </DiagReport>
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,276
    It looks like the operating system is genuine. However, it would be best to reformat and reinstall Windows after backing up important stuff if that's an option for you given all of the cracks and hacks you've been using. We don't condone or support piracy of software.
     
  10. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    I know but please help my father, not me. I will delete the cracked stuff. It is no fault of his but mine. It is not an option for him to reformat and reinstall as he has a lot of data in the apps he installed. And currently, none of us are working. My father left his employment because of internal politics and I don't have any more work. My mother is a homemaker.

    So it is NOT an option...please suggest a way to remove the Floxif virus. You are a malware removal thread after all? Don't you give people second chances to reform? And what is the point of all the scans and tests? Just to label me a pirate??? Then, I wouldn't have wasted my time doing ALL that! It is my fault but I don't think my father should take the hit for MY MISTAKES. I will delete everything off his hard disk. Please help me remove the virus. I already said in my thread that I started that I realised my wrongdoing. Are you going to hold a past act that I no longer do against me and worse still, against my father who has no part in all this?
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    626
    Hi indeepcrap,

    It looks like you may have pirated/cracked software on your computer. Not only is this type of software illegal in many places, it is a significant security risk. Viruses, malware, and spyware are often packaged with illegal software.
    Please remove any pirated software from your computer, then do the following:

    ---------------------------------------------------
    Re-scan with CKScanner

    • Double-click CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • CKFiles.txt
     
  12. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    I'll do my level best to rid my father's computer of ALL illegal software as you instructed. I will be a bit delayed, though, as my father is still using his computer to type his work, even though his system is in a dire situation being very slow and all. When he is done doing some work, I will clean his system of all cracked software as well as upload the post-removal scan by CKScanner. Thank you for your graciousness, even if I do not deserve it. I accept full responsibility for my stupid actions but do not want my father to suffer as a result of them.

    Thanks for understanding my reasons for the delay because I do not want to interrupt him in his endeavours while he is fresh and bushy-tailed. When he is not using his laptop, I will proceed to clean his computer of the junk I installed and downloaded. My apologies again. Will update this thread the soonest I can get to his computer. And I understand your apprehension to help me, considering what I've done. I have learned my lesson. But if you can believe I will not revert to this idiocy in the future, I would be most appreciative of any and ALL help in removing this terrible trojan.
     
  13. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    As far as I know, the keygen within my Rails installation folder on my father's laptop is not a keygen per se, but it generates SSH keys for my web app project. So even though it is named 'keygen', it ISN'T ONE. As for the Asus (my father's laptop model) folder containing the security risk, I'm scared to delete it as this stupid Floxif keeps tricking and corrupting security scanners and software to tell me my utility files are security risks. I have already needlessly uninstalled my father's licensed Microsoft Office PowerPoint as a result and he can't view PowerPoint files. ;(

    I attach my scan results here. Thank you and sorry again for the delay.
     

    Attached Files:

  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,276
    I understand your dilemma but surely you can understand our position as well. We needed to determine if the operating system was genuine before proceeding. If it had proven not to be genuine we would not have assisted with malware removal regardless of whose fault it was because we don't work on pirated systems. We are not too concerned about the other software since we're not working on assisting with hacked programs, in fact, they will likely be partially damaged or removed entirely during the clean up process. Of course it's best to uninstall them first as it appears you have done. I'm sure iMacg3 will be commencing the malware removal process pending review of the latest CKScanner log.
     
  15. indeepcrap

    indeepcrap Thread Starter

    Joined:
    Oct 20, 2019
    Messages:
    34
    First Name:
    Caleb
    Not to worry, Cookiegal. I totally get you and understand your and this forum's position. Piracy is a multi-million dollar thievery and scourge and while I'm not justifying my wrongdoing, I opted for the easy way out rather than to buy licensed software which sometimes can cost a bomb. Today, I am aware and understand it is NOT an easy fix but a malware malady and I have learned my lesson the hard way. Thank you for your patience thus far and I don't blame you for not being so keen to help a former pirate. I'm sorry for the inconvenience on your part to assist in what could have been prevented on my side. I will await iMacg3's next instructions and as for OSes, I have never found piracy to be an option since if the entire ecosystem is bugged, any attempt at productivity and work on the computer will be severely hampered and will not be worth saving the $$$ to buy a genuine Windows license. THAT MUCH I know. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1234500

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice