Trojan Malware Removal

0 views
Skip to first unread message

Егор Ульянов

unread,
Aug 5, 2024, 4:45:15 AM8/5/24
to azusocun
Twoor so days ago I downloaded a file I believed to contain a cracked ROM, it had an exe file that I ran. I know it was stupid even after I did it but I just deleted the files and thought nothing of it.

Today I woke up to find out that two of my accounts had been compromised. I have since reset the passwords and put in more security measures. I decided to buy the premium plan for Malwarebytes as well.


Every few minutes, Malwarebytes gives me a pop-up saying it has blocked a site from being accessed. It also says it's connected to "explorer.exe" located in the SysWOW64 folder. The url that is associated with this malware implies that it is the Amadey trojan, so I have turned off and unplugged my computer.


I asked on a tech support Discord server for advice and they told me the best thing to do is to do a full system wipe. I am ready to do this if I must, but I saw someone else who had the exact same issue as myself (the topic is still open). Is there anything I can do? I'm scared of turning on my computer and infecting more things. I also worry that I can't use flash drives as I might infect them too.


I have added a screenshot I took of the pop-up I got. I also have the report saved as a txt. Any advice would be much appreciated. I do not have any backups of my data, nor do I have any logs I can share right now. I do not know if turning on my PC is safe as I have already had to deal with two accounts being compromised. Thank you for your time.


Every few minutes, Malwarebytes gives me a pop-up saying it has blocked a site from being accessed. It also says it's connected to "explorer.exe" located in the SysWOW64 folder. The url that is associated with this malware implies that it is the Amadey trojan


Hi, just wanted to post an update - I'm still happy to do any scans you suggest! But right now things seem to be okay? I actually updated Malwarebytes yesterday like the forum post said, and I haven't gotten any pop-up notifications since. It would definitely be a crazy coincidence that two of my accounts got compromised overnight, AND I find out I might have malware, but... everything has been okay for now. I've used the built-in Windows 11 scanner as well as Malwarebytes and Kaspersky VRT and neither of the programs found any issues. I'm hoping it really was just a false positive and that my accounts being compromised happened because of my poor passwords. Still, any advice is appreciated, if you think I should do more scans, etc. Thanks!


I'll attach the KVRT log once the scan completes, it looks like it's going to take a few hours. Yesterday I changed the Malwarebytes settings to also scan for the rootkit, and it actually did find a trojan that time. I've quarantined and removed it. I've done a full scan with the built-in windows tool as well as done a few more with Malwarebytes and there haven't been any issues since, so I hope it's resolved.


Hi all, I am wondering if there is any possibility to remove Android/Trojan.Spy.Agent.rdr as it has infected my entire system applications which malwarebytes seems to be the only mobile malware program that can detect it. I'm currently running aosp extended on s9, and wiped full internal storage and system numerous times.


Same here! I am on a Leeco LeMax 2 with AOKP Custom Rom and got 65 infections at my system applications... i made a full system wipe/format new twrp unroot new root reinstall three different backups and customroms after the reboot malwarebyte still said it is infected. i think it is a problem with malwarebytes database update.


I just started a topic in the Malwarebytes for Android section. I've got a Leaggo M8 Pro phone and suddenly had 67 similar supposed trojan found following the latest signature updates. Nothing identified until this latest update and I'm pretty sure they are false positives - they all seem to be original system files and there's been no updates to this phone for ages, so I don't expect anything's made its way onto the phone recently. I've whitelisted the files as I don't expect they are a real threat - unless someone knows differently?


The worst thing you can do is blindly trust a malware scanner and wipe your entire phone just because the scanner claims every single system file as infected. That's impossible. I also have 98 "infections" after last update. I simply ignored it 'cause after more than 20 years of internet you know if it can be or not.


Still no changes in database, still 98 "infections" on my phone. Remembers me of the problem where an update of Malwarebytes for Windows slowed the PC down 'til it was more or less useless by producing 100 % CPU usage. Took also rather long before some "officials" talked to us customers.


As per discussion in this topic: -last-update-20190524-identifies-system-files-as-trojans/?ct=1558877494, issue is fixed and will not appear with the next DB update, which is in progress and will be pushed asap.


Some trojans download additional malware onto your computer and then bypass your security settings while others try to actively disable your antivirus software. Some Trojans hijack your computer and make it part of a criminal DDoS (Distributed Denial of Service) network.


Almost everyone who is at least a little tech savvy occasionally uses file-sharing websites. File-sharing websites include torrent websites and other sites that allow users to share their files, and this concept is appealing for a variety of reasons. First, it allows people to get premium software without paying the retail price. The problem though, is that file-sharing sites are also extremely attractive to hackers who want to find an easy way inside your system.


A countless number of popular programs and useful applications allow you to chat with others from your desktop. Bur regardless of if you use such software for business or personal connections, you are at risk of trojan infection unless you know how to protect yourself.


Many hackers target websites instead of individual users. They find weaknesses in unsecured websites which allow them to upload files or, in some cases, even take over the entire website. When this type of site hijacking happens, the hacker can then use the website to redirect you to other sites.


The hacker can compromise the entire website and redirect your downloads to a malicious server that contains the trojan. Using only trusted, well-known websites is one way to reduce your odds of falling into that trap, but a good antivirus program can also help detect infected and hacked sites.


I opened up Safari and straight away it started by a loading screen with a pop up window and a voice saying 'please contact this number' I forced quit Safari straight away and did an anti virus scan and it came up with 7 viruses - namely VBA:Downloader-AOV, others were the same but different three letters. Does anyone know how to remove these trojan viruses. The work computer uses AVAST for mac as the anti virus, and I'm not sure how you remove them.


The presence of viruses which tend to be for Windows computers and won't affect a Mac (unless you run Windows on it), and the message you are seeing, may be unrelated so you have two issues. Use ClamXAV to deal with the Windows things, check for your computer. Edit: It looks like Malwarebytes requires OSX 10.8 or greater.


Although you should remove any malware found, it is extremely unlikely that any of them caused the pop-up. Rather this is commonly caused by a javascript on the web site you visited, not anything on your computer.


Your issue doesn't appear to be caused by malware. If you don't need any of that account's files, log in with the administrator account, open the Users & Groups pane of System Preferences, and delete it.


I did delete the user. I had a guest user that I deleted as well. I rebooted, and put in a new 2ndary user, the same problems occurred, This is something very strange. When you log into the 2ndary, things look fine, then start to get weird fast, the Finder crashes/blinks on/off, same with Safari, Sys Pref. -- all crash immediately, so i can't even open any anti-virus app


but i checked today, there is a Guest User-- which I cannot delete/the '-' sign is greyed out at the bottom[next to the +] is that normal - to have a guest user, and it says it doesn't require a password


A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a legitimate program. The delivery method typically sees an attacker use social engineering to hide malicious code within legitimate software to try and gain users' system access with their software.


The original story of the Trojan horse can be found in the Aeneid by Virgil and the Odyssey by Homer. In the story, the enemies of the city of Troy were able to get inside the city gates using a horse they pretended was a gift. The soldiers hid inside the huge wooden horse and once inside, they climbed out and let the other soldiers in.


A Trojan virus spreads through legitimate-looking emails and files attached to emails, which are spammed to reach the inboxes of as many people as possible. When the email is opened and the malicious attachment is downloaded, the Trojan server will install and automatically run every time the infected device is turned on.


Devices can also be infected by a Trojan through social engineering tactics, which cyber criminals use to coerce users into downloading a malicious application. The malicious file could be hidden in banner advertisements, pop-up advertisements, or links on websites.


A computer infected by Trojan malware can also spread it to other computers. A cyber criminal turns the device into a zombie computer, which means they have remote control of it without the user knowing. Hackers can then use the zombie computer to continue sharing malware across a network of devices, known as a botnet.

3a8082e126
Reply all
Reply to author
Forward
0 new messages