Solved Trojan found on new PC

Bree · Feb 8, 2023

RedLad said:
By the way, if I mark it as resolved, will I still have access to it? I'd like to keep it as reference!

Yes, of course you will. For ease of finding it again you could click the Bookmark icon at top right of any post in this thread.

RedLad · Feb 8, 2023

Bree said:
Yes, of course you will. For ease of finding it again you could click the Bookmark icon at top right of any post in this thread.

View attachment 52220

Thanks Bree

flashh4 · Feb 8, 2023

Neves, you must be a brick short of a full stack with a comment "Furthermore, there's no such thing as a Malware Removal Specialist"

There just happens to many of us who work the Malware Forums. Just go to a few od the site that does Malware & i bet you will not be able to do one of the "ask for help" !

flashh4 · Feb 9, 2023

@neves, Furthermore, there's no such thing as a Malware Removal Specialist.

Read the last line !

PvtJohnTowle · Feb 25, 2023

TraderGary said:
Kaspersky is headquartered in Moscow, Russia, and has ties to the Russian Military. I wouldn't touch Kaspersky.

Kaspersky Antivirus Review: Is It Safe to Use in 2026?

I wanted to find out what Kaspersky antivirus is really like. Read on to learn about Kaspersky’s security features, ease of use, customer support, and more.

www.safetydetectives.com

Currently, we have no evidence to suggest that Kaspersky (headquartered in Russia) is a danger to its users.

I am using Kaspersky Internet Securtity and I have no issues that it is run from Russia. I don't really care as I have used KIS for the last 10 years

Quad9FE · Apr 28, 2023

PvtJohnTowle said:
Kaspersky Antivirus Review: Is It Safe to Use in 2026?

I wanted to find out what Kaspersky antivirus is really like. Read on to learn about Kaspersky’s security features, ease of use, customer support, and more.

www.safetydetectives.com

I am using Kaspersky Internet Securtity and I have no issues that it is run from Russia. I don't really care as I have used KIS for the last 10 years

made an account just for this because I was looking back on my old dism/admin logs I pulled before I got my pcie drives fried off my motherboard, and decided to see if anyone had the same issue recently after a massive cyber breach at a hospital I work for on almost this very date of feb - same name on the trojan found by windows. Just my 0.2, Kaspersky failed to detect any intrusion or notice any hardware changes - worst part about it was until VM Carbon Black stepped in since I offered them the bounty - kasp sat totally useless. After 9 remote sessions into my pc telling me every time that everything was fine, logs were good, and that nothing had been changed around - a full network compromise came right back through infected appx packages delivered through the gpu's driver update (Nvidia rtx 3080ti - yes we've already contacted them about this and sent them the card and files for an additional analysis) and brought everyone and everything down again at the end of march. After 6 loyal years its safe to say they're not on their A game anymore, all of the malicious payloads and changes occurring while Kaspersky was "monitoring" slipped right past them, a shredded dsim log off of a now dead pc spelled that one out for us. Additionally, for op @RedLad - it literally took VM CB working hand in hand with them just on a personal level not even enterprise since I have family who work for them, 4 full days to even get something with endpoint detection, some of this firmware / bios malware is so advanced right now that half of whats being deployed looks damn near state sponsored to the untrained eye. If you were the unfortunate one to get hit with what we got, its much deeper than just a trojan, expect a rootkit and more, almost every part of the host machine(s) operating system that could be was hit with another backup dll or something of the nature to keep all the cogs in motion even if one was taken out of the picture. Also - after this trojan hit, despite coming back (most likely due to other processes) the rootkit and everything else was 100% able to survive bios writes and flashbacks / forwards if using an asus board (i've tried it on 3 separate boards with the same result - only had asus on hand though - Z590a gaming wifi, z590a-II gaming wifi, B550). Was extra tricky to find too because even the firmware for the corsair fan controllers on multiple pcs was modified using some new POC form of a much more invasive nLite / MSIX package injection tool coupled with MDM/Host Processes all being configured to hide themselves upon any sysinfo / task manager execution, constant log deletion, and executing commands that would increase cpu / network utilization to mask activity. 100% get a malware specialist for this one, even my hospitals network admin had to call in for extra help on this one. Granted I'm sure it's much less severe on a personal front, but I got hit just as hard as my work did. Stay safe and if you happen to be in the same boat I was - pm me and if it's not something that's already fixed, I'd be happy to provide the contact info to some great pen testers / bounty hunters working with Cylance and VM Carbon Black who would love to help out if they see some value in it.
Easy way to know is if they were able to drain all your accounts in minutes, bypass authentication on your own accounts using cookies, steal fingerprinting data stored by browsers (other than brave). Within 5 min - bitlocker was cracked wide open, kasperskys pass manager was clearly ripped apart as about 20 of my logins changed in succession for all banks - i store nothing outside of a pass manager ever) , travel or other sites that might've contained any sensitive info and blockades were set up around emails to prevent entry and closure of the accounts while passwords and user emails were all swapped. Ultimately it provided a breach which we were able to help work to close (ios 16.4.1 release) but allowed full screen sharing and swipe function shortcuts to be executed at any time. By far the craziest thing I've ever seen but these guys are getting crafty and AI fed malware is here and coming fast.

TLDR: OP GOT A NASTY TROJAN THAT IS 99.999999999999% COUPLED WITH A SUITE OF MALWARE AFTER INITAL BREACH -- GET MALWARE PROFESSIONAL HELP -- THESE GUYS ARE SMART, ALSO AI IS A FACTOR NOW WHICH TURNS EVEN SCRIPT KIDDIES INTO SOMEONE WHO CAN BRICK A COMPUTER EASY AS CAKE - F**K KASPERSKY - YOU WANT RESULTS? AND DONT WANNA RISK COMPROMISE FURTHER THAN WHAT'S BEEN DONE? GET END POINT DETECTION! IT IS WORTH THE MONEY - AND FOR ANYONE WHO SAYS "bUt ItZ eNtErPrIsE sOfTwArE - I can't get that" yes, yes you can make a damn llc, I can promise you now after having seen something like this and the wonderful identity theft that followed, id pay whatever to not have to monitor my credit 5x a week for the next 7 years (fun fact getting your identity stolen doesn't qualify you for a new social security number :) )

Quad9FE · Apr 28, 2023

neves said:
Old or New that's irrelevant. My point is - when you ask for help be transparent about the issue and on point. What exactly is the point of that detail if it's not an OEM?! Seriously, saying it's a NEW Pc - only makes sense if it's a hardware issue. Not strictly software, like Trojans.

On the other hand - if it's a Custom PC with pirated Windows - then he needs a new/legit Windows from a legit source. Even if that specific Trojan was removed - there's still room for other back-door apps - which are currently not tagged by the AV companies. It's usually just a matter of time (till they release a definition for those) - but in the meantime -the OS is still compromised (especially if using some credit card on that system).

that's 100% false info - there are over 30+ "adaptive" AI trojans on the most popular DNM as of 2:54/4/28/23 marketed for iOS Windows Android and OS X that all have POC listings. post ios 16.4.1, ventura 13.3.1 and windows 11 22h2's most recent march update - might I add

RedLad · Apr 28, 2023

Hi @Quad9FE are you trying to ruin my weekend or something haha?!
That is one heck of a long post, thanks. However, I think my system is OK now. I got some help on here and also on another forum.

Hazel123 · Apr 28, 2023

Which? The consumer watchdog has their take on whether or not to use Kaspersky but didn't find any issues with it. Sorry to hijack your post Redlad]

Is Kaspersky antivirus safe to use? - Which? News

In light of Russia's invasion of Ukraine and the country's hacking history, we explain what you need to know about Russian antivirus service Kaspersky

www.which.co.uk

TraderGary · Apr 28, 2023

I couldn't care less whether someone thinks Kaspersky is safe or not. I've watched what Russia has done to Ukraine. There's a reason the world has put sanctions on Russia. There is no way my dollars will ever contribute to the Russian economy. I have my morals.

Hazel123 · Apr 28, 2023

TraderGary said:
I couldn't care less whether someone thinks Kaspersky is safe or not. I've watched what Russia has done to Ukraine. There's a reason the world has put sanctions on Russia. There is no way my dollars will ever contribute to the Russian economy. I have my morals.

Which is more or less what Which? said in that article.

Solved Trojan found on new PC

Well-known member

My Computers My Computers

At a glance

At a glance

Active member

My Computer My Computer

At a glance

Well-known member

My Computer My Computer

At a glance

Well-known member

My Computer My Computer

At a glance

Well-known member

My Computers My Computers

At a glance

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

Active member

My Computer My Computer

At a glance

Well-known member

My Computers My Computers

At a glance

At a glance

Stock Market Wizard

My Computers My Computers

At a glance

At a glance

Well-known member

My Computers My Computers

At a glance

At a glance

Similar threads

My Computers

My Computer

My Computer

My Computer

My Computers

My Computer

My Computer

My Computer

My Computers

My Computers

My Computers