J
jordy5566
Guest
Hello everyone,
I'm new here.
I wanna ask for help, mine is Windows 10 Pro.
I don't know when this problem occur again, because this problem once infected my PC before and it recovered by installing fresh win 10.
so here I am, got infected again with that malware and change my registry key.
that malware infect and disable/remove my winDef, firewall and many more service.
Already read many solution on this forum but there's no help.
and also I already using malwarebytes and got that malware quarantines,
here's some screenshot about the problem.
*Malwarebytes history.
Log Malwarebytes after scanning:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/28/20
Scan Time: 4:32 PM
Log File: 978d7324-315c-11eb-a01d-309c23b48462.json
-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33530
License: Trial
-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323320
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 2 min, 16 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 2
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Module: 2
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Registry Key: 12
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , ,
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, No Action By User, 503, 780231, 1.0.33530, , ame, , ,
Registry Value: 5
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}|PATH, No Action By User, 503, 782993, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}|PATH, No Action By User, 503, 780232, 1.0.33530, , ame, , ,
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8CF2E784-34EE-42E9-929A-3965043C7E06}, No Action By User, 943, 840273, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}|PATH, No Action By User, 503, 784920, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}|PATH, No Action By User, 503, 780528, 1.0.33530, , ame, , ,
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, 14085, 293294, 1.0.33530, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 14085, 293295, 1.0.33530, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 14085, 293296, 1.0.33530, , ame, , ,
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 8
Backdoor.Agent, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , 403D7BBBCEAB066DAB197B14A064B35D, 1E55ED90FD3370CFBF6DC9A307C8E7F83D16CAB966434C3D6DE57C96C8BD985F
Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, No Action By User, 883, 653659, 1.0.33530, , ame, , 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, No Action By User, 503, 780529, 1.0.33530, , ame, , 51141535057D55CEE3A698FBA639E2E5, 6D14926A027BAB0C0E5107EF6F621BD19EA5E87102F1CDBABE439338EC82CC40
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, No Action By User, 503, 735770, 1.0.33530, , ame, , 6A4853B07D29E96054C2476508689D49, 40FC511C38766F52BD9B407A2057EC601B6A3D536E5887FBC732D785D59109C2
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, No Action By User, 503, 780231, , , , , 3BB16A706C21AD0956B905700FD4BBE3, 3079C0970A5B36FB5890E921666A4D7823D26B5FA7B6F1DD2A1E700EF0D22519
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, 1.0.33530, , ame, , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, 1.0.33530, , ame, , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, No Action By User, 4104, 676770, 1.0.33530, , ame, , 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
*Windows Security
*Windows Update
*Microsoft Store
this problem occur maybe because that malware already change my registry/delete some service.
is it clear if any potential malware is clean by malwarebytes?
if yes, then how can I recover that services or the key registry that have been changed ?
Please help. its driving me crazy cause it happen twice now.
More...
I'm new here.
I wanna ask for help, mine is Windows 10 Pro.
I don't know when this problem occur again, because this problem once infected my PC before and it recovered by installing fresh win 10.
so here I am, got infected again with that malware and change my registry key.
that malware infect and disable/remove my winDef, firewall and many more service.
Already read many solution on this forum but there's no help.
and also I already using malwarebytes and got that malware quarantines,
here's some screenshot about the problem.
*Malwarebytes history.
Log Malwarebytes after scanning:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/28/20
Scan Time: 4:32 PM
Log File: 978d7324-315c-11eb-a01d-309c23b48462.json
-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33530
License: Trial
-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323320
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 2 min, 16 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 2
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Module: 2
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, , , , , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, , , , , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Registry Key: 12
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , ,
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A08B8C4C-0C10-475E-926C-79220085DDBF}, No Action By User, 883, 653659, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Windows Error Reporting\winrmsrv, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}, No Action By User, 503, 780529, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupCheckLibrary, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{09C27E85-93F6-4676-916D-B98200CBA773}, No Action By User, 503, 735770, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}, No Action By User, 503, 780231, , , , , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\WININET\Winlogui, No Action By User, 503, 780231, 1.0.33530, , ame, , ,
Registry Value: 5
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{09C27E85-93F6-4676-916D-B98200CBA773}|PATH, No Action By User, 503, 782993, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DBF508E-AEE2-4965-9F4C-EFC51A32B048}|PATH, No Action By User, 503, 780232, 1.0.33530, , ame, , ,
Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8CF2E784-34EE-42E9-929A-3965043C7E06}, No Action By User, 943, 840273, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A08B8C4C-0C10-475E-926C-79220085DDBF}|PATH, No Action By User, 503, 784920, 1.0.33530, , ame, , ,
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC8E5CDF-69F8-4ED7-8BAF-689443C5CB53}|PATH, No Action By User, 503, 780528, 1.0.33530, , ame, , ,
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, 14085, 293294, 1.0.33530, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 14085, 293295, 1.0.33530, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 14085, 293296, 1.0.33530, , ame, , ,
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 8
Backdoor.Agent, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\WDI\SrvHost, No Action By User, 883, 653659, , , , , 403D7BBBCEAB066DAB197B14A064B35D, 1E55ED90FD3370CFBF6DC9A307C8E7F83D16CAB966434C3D6DE57C96C8BD985F
Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, No Action By User, 883, 653659, 1.0.33530, , ame, , 919611928882E781ABAB300BF9227374, CBDD93BA08E87007665250C3253A1FE9AD38511E4A8A2E5305ADC0F36E43AB44
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WINDOWS ERROR REPORTING\WINRMSRV, No Action By User, 503, 780529, 1.0.33530, , ame, , 51141535057D55CEE3A698FBA639E2E5, 6D14926A027BAB0C0E5107EF6F621BD19EA5E87102F1CDBABE439338EC82CC40
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, No Action By User, 503, 735770, 1.0.33530, , ame, , 6A4853B07D29E96054C2476508689D49, 40FC511C38766F52BD9B407A2057EC601B6A3D536E5887FBC732D785D59109C2
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\WININET\WINLOGUI, No Action By User, 503, 780231, , , , , 3BB16A706C21AD0956B905700FD4BBE3, 3079C0970A5B36FB5890E921666A4D7823D26B5FA7B6F1DD2A1E700EF0D22519
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINRMSRV.EXE, No Action By User, 943, 767022, 1.0.33530, , ame, , 462EE20E8ABBBB559BD1C4F8BE87B123, 5B85CEB558BAADED794E4DB8B8279E2AC42405896B143A63F8A334E6C6BBA3FB
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, 943, 767023, 1.0.33530, , ame, , FB9F4EB58354E9D3D6B7F84F5D12B639, 91BFB82ED5C32979368EDDCD34861B631926D2352D16ADF189944C4BA8CCF4E1
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, No Action By User, 4104, 676770, 1.0.33530, , ame, , 250532B95FBF3154FE571B65217D4B11, 8F8C635949FD4A315DC7C2D30FC9A6A18149621E72B9598ABF50D54A4BF116AC
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
*Windows Security
*Windows Update
*Microsoft Store
this problem occur maybe because that malware already change my registry/delete some service.
is it clear if any potential malware is clean by malwarebytes?
if yes, then how can I recover that services or the key registry that have been changed ?
Please help. its driving me crazy cause it happen twice now.
More...