Windows 10: Trojan deep in my system

Hi!

Today i might have got a trojan. I did indeed install a program that redirected me to a site where i think the website downloaded unwanted malware to my PC. The malware that has got control over my PC has completely blacked out my access to Windows Defender, At the time I am writting this i am running IObit Malware Fighter 5, as this is the only other antivirus i had on this computer (I do know it is stupid to not have a AV). IObit Malware Fighter 5 was able to find a Trojan called Trojan.Generic which was using the program smu.exe. I told IObit Malware fighter to remove the trojan and uninstalled SMU.exe. Even thought this helped me a little bit, i still get popups from different web browsers that has been hijacked. I'm pretty sure most of my Email accounts have been stolen or opened as well. Perfomance whise my computer is running okay, but my memory rate is higher than Usual. The program has removed all administrasion rights from me as well as defender has been disabled by "Group Policy".

Hugs,

:)

 

How to remove Trojan: Win32\Dorv.Flrfn

Windows Defender detected Trojan: Win32\Dorv.Flrfn buried deep in an external hard drive. An error message appeared. I don't think the trojan was purged. I think a manual removal was recommended. How do I do this or is there another way to remove it?

 

windows 10 download through hacked routers.

That's a relief.

I think what you don't understand is that when hackers can take over 300,000 routers at a time and divert or pipe whatever they like : any form of world wide downloads of full operating systems is at risk.

And as to Microsoft recommendations Here is just one from one of microsofts Malware protection engineers.

.

A new variant of the Trojan Popureb burrows deep enough into the Windows operating system that users are recommended to reinstall the OS in order to remove it.

A new rootkit targeting Windows systems currently making the rounds can be removed only by fixing the master boot record, Microsoft said.

The "Popureb" Trojan corrupts the hard drive's master boot record to such an extent that the only way to remove it is to run Windows Recovery Console to rewrite the sectors to a clean state, Microsoft Malware Protection Center engineer Chun Feng wrote in an
advisory posted on the Threat Research and Reponse blog June 22.

A new variant of the Trojan Popureb burrows deep enough into the Windows operating system that users are recommended to reinstall the OS in order to remove it.

There are thousands of these recommendations out there

 

You may want to consider d/l ing the suggested malware scanners beforehand onto a FD or to your PC so that they will be ready to run once you have run RKill.

First off, d/l & run RKill, this will attempt to terminate any malware processes running in the background. Do not reboot after running RKill, instead immediately run a malware scanner. Rebooting will allow the malware processes to run again.

Next d/l SuperAntiSpyware portable and run it.



Note Please note : The scanner is saved under a random filename so that malware infections won't block its execution.

It would be a good idea to d/l & install Malwarebytes Free & also run that.

Follow up with AdwCleaner. After running it, reboot your PC if it finds anything.

Hope this helps.

BTW, IOBit has somewhat of a shady past and you may wish to uninstall that & go with another program. They have been know to install PUP's as well as other spyware.

 

Hi!

So i followed what you said from detail to detail and the problem seems to be solved. I uninstalled IOBit as well, because it had a shady past. The only problem is that the memory/ram which the computer is using is still higher than usual. Before i got the trojan i would use around 20% of my ram, now after the trojan, i'm using around 70% of the ram. This does not bother me a lot, but if i run either games or multiple programs, i have a chance of using all of my total ram. Is this normal? Can I fix this in any way? Thanks again for helping

Regards,

UPDATE: The trojan itself seems to be gone, but all AV is still Blocked as well as ADWCleaner and MalwareBytes.

 

Also, I could not use MalwareBytes or ADWcleaner, as i still could not run the installer after downloading it

Picture of what happens when i try ADWCleaner is: Screenshot - dfa208c4b3fd5bc1feb5c71421f67660 - Gyazo

 

Download Malwarebytes Anti-Rootkit Supplement from LINK
Instructions are included...
https://support.malwarebytes.com/cus...7176?b_id=6400

 

Check this article on Bleepingcomputer. At the end is section about removing it

News was posted here about a week ago

 

Hi!

Thanks again for helping me. The malwarebytes Anti-Rootkit got the same trojan over and over again, duplicated in different areas. Malwarebytes found 21 Trojan.Droppers and 1 Trojan.downloader and the computer seems to run fine. There is still abit of a high Memory usage compared with before, but i'm fine with that. I can still not download AdwCleaner even if i did what was said in the post above. I was able to remove the Reg that denied me access to windows Defender. (this was thanks to rKill). Any idea how to get these rights back?



UPDATE:
Virus just backfired. I'm now getting popups once again and my background on web browsers has changed. Not sure what happend thought as i did not download anything.

 

If you have Smartscreen infection, try using following removal guide from Bleepingcomputer.

 

After you had done the Mbam Anti-root scan did you tick all identified Trojans, then clicked Delete....IMPORTANT you must then Shut down the computer straightaway to complete the cleanup.

 

Yes i did do so, but in the middle of the cleanups it crashes. I'm currently doing what AndreTen told me to do, but while running Zemana it does equal to the AntiRoot-Kit and crashes in the middle of the cleanup :/

 

In addition to the suggested malware scanners, suggest you add TDSSKiller to the list to see if you have a rootkit present.



Note When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

Also it may help to go back to a restore point before the infection, provided this action isn't blocked. You may have to do this in safe mode if it is blocked in regular mode. Be sure to go 2 to 3 points back past the point of infection as malware can infect the 1st restore point so that the virus will reappear.

Another scanner you could use would be Norton Power Eraser. Please read the tutorial if you opt to use this.



Note Norton Power Eraser uses aggressive methods to detect threats, and there is a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files.

You also have the option of doing a refresh or a reset if the damage is too deep to restore normal operations.

Be aware that if you do have a rootkit it will have to be cleaned before using refresh or reset. A rootkit is a hidden boot partition that hides at the end of the drive & boots up before the OS, thus taking control over it before it has a chance to boot. Hence the reason some infection keep coming back.

Refresh Windows 10 - Windows 10 Installation Upgrade Tutorials

Reset Windows 10 - Windows 10 Installation Upgrade Tutorials

 

A suggestion...open Task Manager, under Processes look for any abnormal or suspicious programmes running especially anything linking to the Trojan and click on End Task.....then repeat MBAM Anti-Root scan

 

I've already done so and also ran rKill to take out any hidden tasks.

Also, Do you want me to post the MBAR log files here? from both the first and 2nd time i ran it?