Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Dridex

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Dridex

Unread postby maksa_afrikanac2017 » March 9th, 2017, 4:47 pm

Hi there, a few days ago I opened a blog and a fake google update pop up opened and downloaded a file that for some silly reason I seem to have opened and infected my computer.
After that a strange .exe file would run on its own occasionally in a cmd type window for a second and close.
I used malwarebytes anti-malware to scan and it found that a trojan.dridex infected two files. A .dll file and a file that was a .cpl (I think). I quarantined and then purged both files and after that the strange cmd window stopped showing up but now systempropertiescomputername.exe opens on its own every now and again (roughly 3-5 times a day). It is located in the same folder the .cpl file I purged earlier was located in.
Since then I've tried JRT, HitmanPRO, ADWCleaner and Rkill and all I've managed to clean up are tracking cookies. The systempropertiescomputername.exe still opens on its own every now and again.
I've attached the FRST and Addition logs to this post. Would really appreciate some help as I'm really confused as to how to sort this out.

Thanks in advance.
You do not have the required permissions to view the files attached to this post.
maksa_afrikanac2017
Active Member
 
Posts: 2
Joined: March 9th, 2017, 4:34 pm
Advertisement
Register to Remove

Re: Trojan Dridex

Unread postby pgmigg » March 12th, 2017, 10:12 pm

Hello maksa_afrikanac2017,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan Dridex

Unread postby pgmigg » March 12th, 2017, 10:21 pm

Hello maksa_afrikanac2017,

P2P Advisory!
IMPORTANT: There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy,
I can offer you no further assistance
.

If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove P2P Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    µTorrent
  4. Click on the Change/Remove button to uninstall it.
  5. When the program have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 2.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
TSG - SysInfo utility
  1. Please download SysInfo.exe and save it to your Desktop.
  2. Right click SysInfo.exe and select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. The small square window will be opened with already highlighted text - please right click on it, select Copy and then paste it in your next post.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of TSG - SysInfo utility
  4. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan Dridex

Unread postby maksa_afrikanac2017 » March 15th, 2017, 7:35 am

I am currently away on holiday and won't be able to do what has been suggested until I get back. I will do so when I get back and create a new topic. Thanks for your help!
maksa_afrikanac2017
Active Member
 
Posts: 2
Joined: March 9th, 2017, 4:34 pm

Re: Trojan Dridex

Unread postby pgmigg » March 15th, 2017, 12:08 pm

Due to a lack of activity within the specified allowable time period, this topic is now closed.

Although we understand a poster may have difficulty responding to a helper's posts and following the instructions therein in a timely manner, that is the way we and most of the other free online help forums function.
Online help forums are usually not the most suitable choice for those who must be away from their infected computers for a period of time that exceeds the posted parameters for receiving assistance.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST logs, and wait for a new helper...
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware