Tech Support Forum banner
Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 · (Edited)
So I have this Trojan and I can’t seem to get rid of it. I’ve got about 80 hours in this.

It hijacks all your drives

It jumps to your installed devices

It hijacks your usb and basically anything you plug into the computer

It is using <Lanman Work Station>

it communicates with a C2 server.

currently I just realized it’s starting my up on a virtual machine. Which is also how it runs loudminer.

everything I’ve been doing has been on this virtual machine and not my actual windows, which is why I haven’t been able to remove.

it effects your executable files.
Elf Trojan
R.A.T.
Backdoor
RootKit
Malware
C&C capabilities
Fileless Malware *

* Creates magic string numbers in the RAM

IT HAS DIRECT MEMORY ACCESS*
Big issue here^^^^
I can disable it if I do it properly

(however I can sometimes manage to get my computer to run in safe mode. When I do this successfully, without being on the enemies virtual machine, it does not run. I am able to use my computer like normal for the time being. All of my temperatures and cooling processes work correctly. nothing is over locked. Not sure if this is because it hasnt been triggered yet or what. Bringing that up, whenever I redo everything with known good replacements, starting with BIOS, it doesn’t activate right away. It waits for a so called “trigger” (Me doing something to complete the checklist before it starts abusing my system To the point of destruction).

This thing runs everything overclocked

also includes a nasty worm***


Trojan runs with virtual box on windows and Tini installer on Linux based OS’s


ive flashed windows BIOS with known good version

Re installed windows countless times over again

Reset windows countless times

Shredded Hard Drives **

Reformatted **

On windows I’ve scanned it with the following programs after using “attrib -r -h -s /s /s (C):\.

(C) changing as needed

AVG
Mcafee
Norton
Avast
Kaspersky



On Linux Daemon based (as SU)

Chkrootkit
RKhunter
ClamAv
 

·
Super Moderator, Editor, Articles Team
Joined
·
12,669 Posts
Just click the link I provided above. After you post the results of the scan, that will tell our malware helpers all they need to know about your system.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
Just click the link I provided above. After you post the results of the scan, that will tell our malware helpers all they need to know about your system.
So issue*

I can’t load my version of windows (the one I purchased)

The malware stops all updates
This is an issue because I have to be connected to internet in order to update which immediately triggers the C2 server and the malware’s remote commands.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #6 ·
I know where the malware came from. I know you need your report before you’ll give help, I’m just making you aware ahead of time.

I let a fellow music producer use my computer. He downloaded a torrented program on my pc.
 

·
Super Moderator, Editor, Articles Team
Joined
·
12,669 Posts
Sorry, I wouldn't be able to help then. Only trained analysts are allowed to give specific malware removal assistance. One of them may be around a little later. I was simply trying to help you post your logs.
 

·
Team Manager, Microsoft Support
Joined
·
31,454 Posts
If you have an uncontaminated backup of your personal stuff, or better yet, a System Image, just reformat and go from there.
 

·
Moderator , Security Team
Joined
·
1,997 Posts
If you've re-installed Windows, as you say you have, and this has not resolved your problem, then there is nothing a forum like this can do to help you.

You need hands on help, as your infection would have to be firmware based to survive a re-install.

Firmware infections (though possible) are extremely rare (I mean winning a $100 million on the lottery rare), so the other alternative is that another device on your network is infected, and is re-infecting your computer each time you re-install Windows.

It is beyond the scope of anyone here to help you troubleshoot all the devices that might be present on your network, but I would suggest that as a minimum you should shut down all the devices on your network, re-install Windows on your computer, reset your router/modem and or any switches, before powering everything up again.
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top