TOPIC: Anyone good at computer security?

I came home yesterday to teamviewer opened and some giftcards purchased on my amazon account. I've reversed all charges and everything so that's all said and done. The only issue I'm having is cleaning my pc from whatever hit it.

The trojan was a kovter and I looked at its origin:

That made no sense to me seeing how it is 2018 and that is the only thing 4 antiviruses have found.

I checked it on virus total and got this: www.virustotal.com/#/file/b2aba101f2d9a7...faad83ba2c/detection

Now, this virus seemed to fuck with my registry and powershell. I am not experienced in any of that. If anyone knows anything about it, I will upload the contents of the virus here. (NOT THE VIRUS ITSELF, JUST THE STUFF IN THE FILE)

I found the file from 2016 in my google downloads folder from the same link from within the file. Now, I would never download something this stupid. That also means it was a forced download meant to look like a chrome update.


If ANYONE can offer some assistance on what that means I would be incredibly grateful. And if anyone knows of other affected areas of my pc based off of that that would also be helpful. I'll probably send someone $20 on steam or something if they can successfully help me out here. Thanks in advance.

Mr. Happy says that you have 3 trojan's on your pc, boot it in safemode and launch your antivirus

what for antivirus you have?

Happy wrote:
I got u!!

collin dm me on discord dog

Windows wrote:
Been doing that for the past day and a half.

Happy wrote:
I was using malwarebytes, bitdefender, and windows defender for what it was worth.

Blocked wrote:
wscript.exe as in the one inside my system32?

Blocked wrote:
I'm not seeing any of those files.

Put this inside a .bat file and run it to fix!!

Bunnyslippers69 wrote:
Goto makes spaghetti code

Nah, but in all seriousness it looks as though the files downloaded/ran themselves from the temp folder on your PC. You could try deleting the contents of the folder by pressing Win + R, typing %temp% and removing everything located inside. Nothing inside of that folder should matter to any program too much so you should be fine deleting it all.

check registry, afaik since its from 2016 every antimalware/virus/whatever should clean it for you if not try running rkill and the symantec program

Simple batch file

it runs a powershell thats hidden and abuses a bug to get an exe out of the temp folder (or maybe it just cancels the \ i dont remember) and runs this i belive ff327a5feb135015ae1bb140607f9ded.exe then it downloads a file from yiomolibertyreserve.org/17/528.dat and starts it and installs flash, wscript.exe has nothing to do with it i belive

Gamesys The Chiken God wrote: ^

EDIT: wscript is just is just windows script host, everything was in your temporary folder or 2 above it, use Malwarebytes and it should do the trick!

Let it go dowg it’s over.....

Take your pictures, videos and anything else that you need and out it on a flash drive then go to recovery and reset your pc with the files removed option. Now a days it takes five minutes at the most to restore a pc and you not only get rid of them stinky viruses you also get to feel good of having a clean pc.

You probably should stop downloading shit you have no idea about too because I can honestly tell you I’ve only ever had the windows anti virus installed for a couple years now and I’ve NEVER had a issue with dodgy processes, files or installations of programs including adware.

RedPowder wrote:
The file was downloaded over 2 years ago without my knowledge. The fact that I've made it this far not having downloaded (consensually) is pretty good. I could wipe everything and yeah, that would solve it all. But I'd rather not have to go through that if I can. That is why I posted wondering if anyone knew anything about it.

add me on discord Gamesys#9140

Gamesys The Chiken God wrote:
Oh how wrong you are.