Jump to content

Odd Virus/Malware and how to remove it if possible


Dominik
 Share

Recommended Posts

Hello all,

The Computer of my mother got a very nasty virus/malware.I don't think i'm able to remove it myself.

I wrote to the Eset support two times and i included Eset log files but i didn't get any response.

My mother's computer is treated carefully.She know how to surf the Internet and never download anything suspicious.

About two month's ago a folder was created and it is not possible to remove this folder.I successful deleted this folder using a Linux USB stick but the folder came back,created itself after starting Windows 10 again.

My mother is using SynBack to backup files and today it's gotten worse.A second identical folder was created (the folder "Text") something i have never seen and didn't think this is possible.Please look at the image.

Btw, this is not to blame SyncBack which i think is a great Software.

 

I don't want to simply run a cleaner by myself,i believe this is something very nasty and interesting to have a look at because the computer was so easily infected.

Depending on your reply i will provide the Eset logs and more information.

 

Many thanks for your help and best regards,

Dominik

 

5a4fde434b6b5_2malgleicherOrdnerFehler.PNG.afc9078a2b4b979f9fba5e7cf9c46e83.PNG

 

 

 

 

Link to comment
Share on other sites

My suggestion is to create a HIPS "ask" rule to monitor write activity to the directory where the "Text" folders are located. Source applications should "All applications." This will point you to the process that is writing these folders in that directory.

Link to comment
Share on other sites

Thank you for your answer

"TomFace":

I wrote to the Eset support two times but i noticed that i used another e-mail address.Could it possibly went to their spam folder because i didn't use my with Eset registered e-mail address?

 

"itman":

I did create a HIPS rule suggested by a Eset forum thread called "Hips Tricks" to allow or disallow certain processes,it was possibly not your suggestion.

The Computer went nuts afterwards.

The hole system was unusable.I had to wait 5 minutes for a program to open.I couldn't open Windows-explorer as well.

Eset was completely knocked out but still no warnings. Eset didn't see anything what was going on.

After several restarts and attempts to disable the rule i was able to take a screen shot with the snipping tool.The "Advanced Setup" was not reachable anymore. and only a white image was seen. Please take a look at the attachment.

There was no chance to install anything anymore or to allow any external support removing it.

I freshly installed the computer on Sunday but i still needed to remove  the "Text" folder on drive "G" with the software "unlocker"  because i couldn't delete it with Linux or with Windows (anymore).

Please look at the first image above (drive "D").

The removed "Text" folder was on the second Backup "G"  drive.The other originally infected "Text" folder on drive "D" could not be removed at all.I needed to backup the drive and had to format it to get rid of it (using the fresh Windows installation).

Btw. As i mentioned it was possible on my first attempt, with Linux to delete all folders on "D".It seems the (now empty) "Text" folder got its own permissions and was locked (with Linux too!).Anyhow,when trying to delete the folder,Windows "claimed" the folder doesn't exist anymore and thus can not be deleted.

 

This malware automatically created a folder called "Search" and automatically it did first created a folder and then renamed the folder it was in.It was possible to delete this folder using "unlocker" (in this case the "Text Word" folder)

 

I have never seen such a aggressive malware and i have plenty of computer experience.This all happened on a very well maintained system used by a elderly woman.She has many years of computer experiences and know very well how to use it.Not visiting any faulty pages or installing anything suspicious (only legal software from development sites).

Finally i installed Eset again but got error code ACT.33.This Eset Version was supposed to be a German version.

 

I hope somebody interested,can help and is interested to see the log files,help with the activation and can tell something about this happening.

 

Thanks and best regards,

Dominik

 

Eset-Blank.PNG

Link to comment
Share on other sites

Hum ...........

Deleting the "Text" folder wherever it is located is not going to solve your problems since the malware, if it is indeed that, will just re-create it again in all likelihood.

First, lets get Eset installed and activated. I believe ACT.33 is related to the below although not specifically stated as such. Some from Eset will have to assit you on this. @Marcos ?

 

Activation failed

ACT.32
ACT.34

Activation failed - An error occurred during activation

Your license key is not valid in the country you selected during installation. Please select the proper country or contact your license distributor.

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

Re. error ACT.33 during activation, it's necessary to contact the distributor or reseller from whom you purchased your license. Most likely the license was issued in another country and is locked to it. The distributor should be able to tell what's going on and suggest the best way how to resolve it.

Did you contact ESET DE? Do you have an ID assigned to your support ticket?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...