|
Post by jigger66 on Apr 29, 2017 8:21:44 GMT -8
Hello all, Thank you for the invitation to this board/group. I apparently am infected with Trojan.Kotver!gm2 trojan. I have quarantined it multiple times with Norton Security Suite but it continues to reappear. Am running Windows 7 Home Premium Service Pack 1 Kotver is abruptly shutting down sessions, corrupting video, forcing restart and disabling keyboard & mouse When I start a new session I use Norton to quick scan, detect virus then I restart for the quarantine process to take effect. Kotver continues to reappear. I have followed the board's instructions by downloading frst.exe and frst64.exe onto my desktop. I have run frst64 and it has created 2 .txt result files. I will await further instructions from the group/moderator/assistant. Thanks jigger66 Results of Scan FRST.txt (52.77 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Apr 30, 2017 11:33:29 GMT -8
FIRST >>>>Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed): DailyBibleGuide Toolbar QuickTime 7To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software. SECOND >>>>Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. THIRD >>>>Please download Malwarebytes Anti-Rootkit from here- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt .
[/ul] LAST >>>>INFO TO REPLY WITH:How is your system running now? How did the uninstall(s) go? Any problems? The Fixlog.txt text file (you should be able to attach this file; no need for wikisend.com usually). The logs from MBAR - mbar-log.txt and the system-log.txt files please. Any questions?
|
|
|
Post by jigger66 on Apr 30, 2017 19:07:04 GMT -8
OK, ran everything ok. FRST64 & fixlist ran fine. Malwarebytes ran fine, detected some infected .tmp files at sysWOW64. Cleaned & then rebooted. On that bootup, my Norton detected Kotver!gm2 remnants and notified me. It finished its scan and reported that it picked up Kotver!gm2 but it had quarantined it. (Normally you have to restart Norton to quarantine) I then ran Malwarebytes again. As it was running, the system crashed with video totally corrupted and all disk processing ceased. Rebooted into Safe Mode with Networking. After looking around, rebooted to Windows and again ran Norton and Malwarebytes. Norton reported back no threats and Malwarebytes reported system clean.
So far been on the system for 1 hr & running well but will restart in morning and recheck. Uninstalls went well, no problems
Here's the logs:mbar-log-2017-04-30 19-11-29.txt (23.58 KB) (first log) mbar-log-2017-04-30 21-26-39.txt (2.1 KB) (second log) system-log.txt (94.85 KB) I will repost here after checking the system in the morning. My sincere thanks for your effort...much appreciated. My donation via paypal... surely!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 1, 2017 6:47:43 GMT -8
Let us know what the morning usage finds for you. Thanks.
|
|
|
Post by jigger66 on May 1, 2017 7:18:52 GMT -8
Situation at the present time: Stable. Performed 2 Malwarebytes scans, reports nothing found. Ran 3 Norton Security Quick scans, reports no threats.
That being said, while I was running (Norton AV) first thing this morning, I had another video crash and all disc processing halted. Had to hard reboot into Safe mode. After restarting into normal Windows mode, the system has been stable and that is the time I performed additional scans (Norton & Malwarebytes) with nothing sinister being reported back.
My conclusion:Yes I had this Kotver trojan and your processes removed it! I, however, believe I may have a hardware problem (possibly a voltage issue with a questionable old PS, an intermittent electronic video problem (video is integrated into Mother Board) or possibly a cooling problem. I have since put the PC on my workbench, cleaned everything(system was physically clean - no dust) and made voltage tests, all which were correct. I will be in the process of building a new PC to replace this one (it is 8 yrs old). Sorry the issue was conflated with this hardware problem The team's efforts are to be applauded.
Thank you again
|
|
|
Post by jigger66 on May 4, 2017 8:15:59 GMT -8
Just an update - 5_04_2017
Since eradicating the Kotver Trojan, System has been scanned many times with Norton and Malwarebytes. No threats reported and Clean System reported. Thanks for all your efforts in successfully removing this threat. My donation has been forwarded to the group.
All the best
Jigger
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 9, 2017 21:16:30 GMT -8
Sorry for the delay in replying. If you still have FRST and MBAR on your system, you may want to run the following to remove them and give you a good starting point. We need to remove the tools we've used during the cleaning of your machine. [/a] or hereEnsure the following is ticked: - Remove disinfection tools
- Create registry backup
- Purge system restore
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless you want something else done, you are done and free to go.Final words from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time. === options ====Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed. CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here. Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week. Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view. You may also find some information and tips at this thread: How did I get infected in the first place?and COMPUTER SECURITY - a short quide to staying safer online
I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
|
|
|
Post by jigger66 on May 26, 2017 4:20:25 GMT -8
OK, ran it & here's the log:
# DelFix v1.013 - Logfile created 26/05/2017 at 08:16:38 # Updated 17/04/2016 by Xplode # Username : RS_ZT - ZULU_TANGO_PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST Deleted : C:\Fixlog.txt Deleted : C:\Users\RS_ZT\Desktop\Addition.txt Deleted : C:\Users\RS_ZT\Desktop\Fixlog.txt Deleted : C:\Users\RS_ZT\Desktop\FRST.txt Deleted : C:\Users\RS_ZT\Desktop\FRST64.exe Deleted : C:\Users\RS_ZT\Downloads\adwcleaner.exe Deleted : C:\Users\RS_ZT\Downloads\FRST64(1).exe Deleted : C:\Users\RS_ZT\Downloads\FRST64.exe Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #536 [Scheduled Checkpoint | 05/23/2017 19:11:58]
New restore point created !
Thanks for all the help - system running well since original fix except for the intermittent hardware problems.
|
|