Michiel

CLOSED trojan horse infection? third party control ?

Recommended Posts

LS,

I have recieved an extorsion mail by someone who states to have infected my PC with a trojan horse virus and claims to have control over my microphone and camera. I have Emsisoft AntiMalware installed, daily updated and running (version 2018.2.1.84830). Scans do not deliver any infection or risk. Can you pls check if some kind of trojan horse is installed?

I have run the advised/mandatory scans. Pls find the logs attacched.

Hope to hear fron you soon, 

Michiel

 

Addition.txt

EEK 20180330 Forensics_180330-190037.txt

FRST.txt

Share this post


Link to post
Share on other sites

Michiel,

The email was likely a hoax.  I do not see any signs that the computer is infected, in your logs, but there are several orphaned registry entries that should be fixed.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => niet gevonden
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Geen bestand]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Geen bestand]
CustomCLSID: HKU\S-1-5-21-2331795345-1990132498-1874067920-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michiel\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-2331795345-1990132498-1874067920-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michiel\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-2331795345-1990132498-1874067920-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michiel\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-2331795345-1990132498-1874067920-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michiel\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-2331795345-1990132498-1874067920-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michiel\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Geen bestand
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Geen bestand
Task: {00FE41CA-7B29-4559-BD28-2AE7A3A59290} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {079B0A72-DB4A-478E-8688-919A977C1F4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {10869C67-F4D4-4B69-9F51-975881154AB0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Geen bestand <==== AANDACHT
Task: {184075DB-7837-4CBA-AC89-55974322EE17} - \DistromaticSearchProtect-hourly -> Geen bestand <==== AANDACHT
Task: {1FC3A4BB-BA26-46B3-86B8-49D2D9DA3EC3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {2D827E64-AD92-4B4D-A15F-B0514BD0EB4F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {349378EF-9EC8-49B0-8ED8-52082D951866} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {38853BFC-97F1-4A9D-9538-A03F9D5CA97B} - \DistromaticUpdater-periodic -> Geen bestand <==== AANDACHT
Task: {3A25382F-3CA6-4A50-9CEC-FC583C09FA9B} - \DistromaticUpdater-logon -> Geen bestand <==== AANDACHT
Task: {4115FACE-0727-4F2C-8981-84D75B2B2EB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {7EDA7545-3726-4F0F-9BEB-F067372D964F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Geen bestand <==== AANDACHT
Task: {90165556-E732-4AC6-BC39-DFC8A8B566A9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {A0DC9528-6628-4FD4-AA0F-7641F39F09B4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {BB453D9F-B1E2-48E9-9064-58C2F8BC6C84} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Geen bestand <==== AANDACHT
Task: {C318C674-3ADA-4DEA-B764-B70D01962B47} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {C74C24DD-F8C1-4360-AB2D-B8D1D7E9EF52} - \WPD\SqmUpload_S-1-5-21-2331795345-1990132498-1874067920-1004 -> Geen bestand <==== AANDACHT
Task: {CD16DF04-C397-4477-BE4A-159FC2BD9DBF} - \WPD\SqmUpload_S-1-5-21-2331795345-1990132498-1874067920-1001 -> Geen bestand <==== AANDACHT
Task: {CEF0F84B-8DB6-42B6-A198-31E23D964D24} - \DistromaticSearchProtect-logon -> Geen bestand <==== AANDACHT
Task: {CF24D2A2-C4C0-4254-B88B-AE008FA00C6D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {D0B558E8-9F5A-47D1-9179-ED11BDEA9A5F} - \CCleanerSkipUAC -> Geen bestand <==== AANDACHT

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.