Jump to content

Orma

Member
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Well its been over 12h and nothing has popped up at all. Guess im finaly safe now. Thanks for all your help with trying to find this hidden bugger.
  2. There we go, deleted it as instructed and cleaned up the mysa1-2 and ok schedules. Will see in 6~h if it pops back again since that is the next time the 9h mark hits. Thanks for all your help so far Kevin :). Also will something to avoid this be added to emsisoft software in the future(unless its already in)?
  3. Oh .. found the script with wmi explorer. Lovely name on it .. "fuckyoumm2_consumer". The script downloads quite a few things. Made a txt file with the stuff it does so you can look it over Kevin. Not deleted anything yet tho. script text.txt
  4. Here is the log. Only thing that popped up was space engineers server files, which i now deleted since i already uninstalled the game. Also the schedules and files stopped being added every 3h , now it was a 9h instead. TDSSKiller.3.1.0.15_03.08.2017_04.02.24_log.txt
  5. So far no new schedules has popped up and bitdefender is being quiet. PC has been on and connected to the net for 14h~ straight. Edit: Well it worked for a while. Mysa 1-2-3, ok, 32[1].zip and lsmosee.exe got dropped after PC been on for 18h~.
  6. So far everything looks good and runs smooth. Shall see if something gets added again within 6-9h. Here is the zip virusinfo_syscheck.zip
  7. Here is the zip virusinfo_syscheck.zip
  8. Noticed something while i had process explorer up on the second monitor and the files and schedules got dumped. ping.exe and netsh.exe got started up and after that scrcons.exe started up, probably something else as well but missed it bc only scrcons.exe is active for more then 2~ seconds. Edit: Every 3 hours on the second something is triggered and downloads the schedules and that 32[1].zip file. Not seen bitdefender popping up saying it blocked the lsmose files anymore.
  9. Update. Mysa1, Mysa2, Mysa3 and ok scheduled tasks just got added again. Bitdefender caugh something called 32[1].zip(threat name: trojan.generic) and mysa3(threat name: generic.botget).
  10. It does not drop a log on my desktop so i use the built in export to txt option. Anyho here it is: rk_B5F3.txt
  11. Some updates. Bitdefender has got updated a few times, now it quarantined lsmoee.exe. The thing that is adding scheduled tasks is still lurking somewhere and im getting one more scheduled task called "Mysa3". Now bitdefender has blocked and deleted this one but ignores Mysa1, Mysa2 and ok even with manual scan.
  12. I ran everything, but is it normal for FRST64 to take 2h+ to finish? It finished editing the log it made after 1 min but the program is still running. It uses 24-25% cpu constantly and super low ram.. feels like its done but forgot how to turn itself off. Should i kill its process or just let it run in the background? When i started using the programs i had already turned off browser and all the other programs running in the background like skype/steam etc. Edit: Let it run for 4h. Gave up on it at that point since it had 0 fluctuations on CPU and RAM usage during that time and i killed its process since i could not shut it down any other way. CPU usage moved from 24.5% to 25%(but it never went above 25% for some reason) but it was solid there. The ram usage was at a constant super low number with 0 fluctuations. Here are the logs: AdwCleaner[S0].txt JRT.txt Fixlog.txt AdwCleaner[C0].txt
  13. All of this started 1½~ week ago. Bitdefender(free) started blocking 2 things, "item.dat" and "lsmo.exe". The second one got blocked every 3 hours on the second. This went on for around a week then suddenly nothing for a day or two. Then i noticed on my cpu/ram/hdd monitor that my CPU was overworking itself to death and say a file called "lsmose.exe" eating away at full power. I manually killed it and scanned the file with bitdefender which found nothing wrong with it, deleted it from my HDD. Then anywhere in a 3-8h window this guy would come back, so i froze its process with Process explorer so i didnt have to bother with it. This worked for a while but then a new file called "lsmosee.exe" got added and killed the first one and started chewing CPU. Now both of these got added everytime but only 1 of them would start up. Also at the same time these 2 where downloaded something killed my task manager if i had it open(but ignored process explorer) and it added 3 new scheduled tasks for system startup called "Mysa1", "Mysa2" and "ok". Mysa1 and ok wanted to start up DLL files in the same folder in the miner called "item.dat" and "ok.dat", item.dat has been stopped a week ago and never seen from again, never seen ok.dat probably stopped even earlier. Mysa2 does something with the cmd which i guess you will see in the logs. Yesterday bitdefender stopped and quarantined lsmose.exe and tagged it as a "trojan generic" but i manually scanned lsmosee.exe and it found nothing wrong with it. Also the schedules point to windows\debug where the 2 miners always appeared, but after bitdefender stopped lsmose.exe, lsmosee.exe started appearing in windows\help. lsmosee.exe was still on my HDD when i did the logs and the system start up schedules are also there but i turned them to inactive in case of PC crash or sudden restart, i always delete the schedules before i restart my PC but they get reactivated even if i dont delete them when the miner drop happens. Dont really dare to swap out from bitdefender atm since it's keeping part of the problem at bay. Edit: I also did the scans with lsmose.exe on my hdd before bitdefender got updated and caught it and the first scan did not detect it. Logs: scan_170727-052925.txt FRST.txt Addition.txt
×
×
  • Create New...