Solved Trojan found on new PC


By the way, if I mark it as resolved, will I still have access to it? I'd like to keep it as reference!
Yes, of course you will. For ease of finding it again you could click the Bookmark icon at top right of any post in this thread.

1675885372899.png
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
Neves, you must be a brick short of a full stack with a comment "Furthermore, there's no such thing as a Malware Removal Specialist"
There just happens to many of us who work the Malware Forums. Just go to a few od the site that does Malware & i bet you will not be able to do one of the "ask for help" !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
@neves, Furthermore, there's no such thing as a Malware Removal Specialist.

Read the last line !

Screenshot 2023-02-08 192054.png
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
Kaspersky is headquartered in Moscow, Russia, and has ties to the Russian Military. I wouldn't touch Kaspersky.

Currently, we have no evidence to suggest that Kaspersky (headquartered in Russia) is a danger to its users.

I am using Kaspersky Internet Securtity and I have no issues that it is run from Russia. I don't really care as I have used KIS for the last 10 years
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 (OS Build 22631.3085)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigabyte Z270X Gaming 7
    CPU
    i7-7700k OC'd 4800 Mhz
    Motherboard
    Gigabyte Z270X Gaming 7
    Memory
    16GB
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super OC GV-N206SWF2OC-8GD
    Sound Card
    Steel Series Arctis 1 Gaming Head phones
    Monitor(s) Displays
    Asus ROG PG279Q Asus VE278 & Phillips 272V8
    Screen Resolution
    2560 X1440 27 Inch 165HZ Asus
    PSU
    Corsair RM750i (CP-9020082-AU) 750Watt 80Plus Gold Full Modular ATX Power Supply Unit
    Case
    Corsair CC750D (CC-9011078) Obsidian 750D Airflow Edition Black Full Tower ATX Case
    Cooling
    Corsair H100i V2 (CW-9060025-WW) Universal Hydro High Performance Liquid CPU Cooler
    Antivirus
    Kaspersky Internet Security 21.3.10.391 [j]
  • Operating System
    Windows 11 23H2 22631.2715
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS EVO 13.3" RNX9305C01AUSB
    CPU
    Intel i5-1135G7
    Motherboard
    Dell
    Memory
    8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Monitor(s) Displays
    LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    256GB SSD
    Other Info
    https://www.thegoodguys.com.au/dell-xps-evo-133-inches-win-11-laptop-rnx9305c01ausb



I am using Kaspersky Internet Securtity and I have no issues that it is run from Russia. I don't really care as I have used KIS for the last 10 years
made an account just for this because I was looking back on my old dism/admin logs I pulled before I got my pcie drives fried off my motherboard, and decided to see if anyone had the same issue recently after a massive cyber breach at a hospital I work for on almost this very date of feb - same name on the trojan found by windows. Just my 0.2, Kaspersky failed to detect any intrusion or notice any hardware changes - worst part about it was until VM Carbon Black stepped in since I offered them the bounty - kasp sat totally useless. After 9 remote sessions into my pc telling me every time that everything was fine, logs were good, and that nothing had been changed around - a full network compromise came right back through infected appx packages delivered through the gpu's driver update (Nvidia rtx 3080ti - yes we've already contacted them about this and sent them the card and files for an additional analysis) and brought everyone and everything down again at the end of march. After 6 loyal years its safe to say they're not on their A game anymore, all of the malicious payloads and changes occurring while Kaspersky was "monitoring" slipped right past them, a shredded dsim log off of a now dead pc spelled that one out for us. Additionally, for op @RedLad - it literally took VM CB working hand in hand with them just on a personal level not even enterprise since I have family who work for them, 4 full days to even get something with endpoint detection, some of this firmware / bios malware is so advanced right now that half of whats being deployed looks damn near state sponsored to the untrained eye. If you were the unfortunate one to get hit with what we got, its much deeper than just a trojan, expect a rootkit and more, almost every part of the host machine(s) operating system that could be was hit with another backup dll or something of the nature to keep all the cogs in motion even if one was taken out of the picture. Also - after this trojan hit, despite coming back (most likely due to other processes) the rootkit and everything else was 100% able to survive bios writes and flashbacks / forwards if using an asus board (i've tried it on 3 separate boards with the same result - only had asus on hand though - Z590a gaming wifi, z590a-II gaming wifi, B550). Was extra tricky to find too because even the firmware for the corsair fan controllers on multiple pcs was modified using some new POC form of a much more invasive nLite / MSIX package injection tool coupled with MDM/Host Processes all being configured to hide themselves upon any sysinfo / task manager execution, constant log deletion, and executing commands that would increase cpu / network utilization to mask activity. 100% get a malware specialist for this one, even my hospitals network admin had to call in for extra help on this one. Granted I'm sure it's much less severe on a personal front, but I got hit just as hard as my work did. Stay safe and if you happen to be in the same boat I was - pm me and if it's not something that's already fixed, I'd be happy to provide the contact info to some great pen testers / bounty hunters working with Cylance and VM Carbon Black who would love to help out if they see some value in it.
Easy way to know is if they were able to drain all your accounts in minutes, bypass authentication on your own accounts using cookies, steal fingerprinting data stored by browsers (other than brave). Within 5 min - bitlocker was cracked wide open, kasperskys pass manager was clearly ripped apart as about 20 of my logins changed in succession for all banks - i store nothing outside of a pass manager ever) , travel or other sites that might've contained any sensitive info and blockades were set up around emails to prevent entry and closure of the accounts while passwords and user emails were all swapped. Ultimately it provided a breach which we were able to help work to close (ios 16.4.1 release) but allowed full screen sharing and swipe function shortcuts to be executed at any time. By far the craziest thing I've ever seen but these guys are getting crafty and AI fed malware is here and coming fast.

TLDR: OP GOT A NASTY TROJAN THAT IS 99.999999999999% COUPLED WITH A SUITE OF MALWARE AFTER INITAL BREACH -- GET MALWARE PROFESSIONAL HELP -- THESE GUYS ARE SMART, ALSO AI IS A FACTOR NOW WHICH TURNS EVEN SCRIPT KIDDIES INTO SOMEONE WHO CAN BRICK A COMPUTER EASY AS CAKE - F**K KASPERSKY - YOU WANT RESULTS? AND DONT WANNA RISK COMPROMISE FURTHER THAN WHAT'S BEEN DONE? GET END POINT DETECTION! IT IS WORTH THE MONEY - AND FOR ANYONE WHO SAYS "bUt ItZ eNtErPrIsE sOfTwArE - I can't get that" yes, yes you can make a damn llc, I can promise you now after having seen something like this and the wonderful identity theft that followed, id pay whatever to not have to monitor my credit 5x a week for the next 7 years (fun fact getting your identity stolen doesn't qualify you for a new social security number :) )
 
Last edited:

My Computer

System One

  • OS
    Linux
Old or New that's irrelevant. My point is - when you ask for help be transparent about the issue and on point. What exactly is the point of that detail if it's not an OEM?! Seriously, saying it's a NEW Pc - only makes sense if it's a hardware issue. Not strictly software, like Trojans.

On the other hand - if it's a Custom PC with pirated Windows - then he needs a new/legit Windows from a legit source. Even if that specific Trojan was removed - there's still room for other back-door apps - which are currently not tagged by the AV companies. It's usually just a matter of time (till they release a definition for those) - but in the meantime -the OS is still compromised (especially if using some credit card on that system).
Old or New that's irrelevant. My point is - when you ask for help be transparent about the issue and on point. What exactly is the point of that detail if it's not an OEM?! Seriously, saying it's a NEW Pc - only makes sense if it's a hardware issue. Not strictly software, like Trojans.

On the other hand - if it's a Custom PC with pirated Windows - then he needs a new/legit Windows from a legit source. Even if that specific Trojan was removed - there's still room for other back-door apps - which are currently not tagged by the AV companies. It's usually just a matter of time (till they release a definition for those) - but in the meantime -the OS is still compromised (especially if using some credit card on that system).
that's 100% false info - there are over 30+ "adaptive" AI trojans on the most popular DNM as of 2:54/4/28/23 marketed for iOS Windows Android and OS X that all have POC listings. post ios 16.4.1, ventura 13.3.1 and windows 11 22h2's most recent march update - might I add
 

My Computer

System One

  • OS
    Linux
Hi @Quad9FE are you trying to ruin my weekend or something haha?!
That is one heck of a long post, thanks. However, I think my system is OK now. I got some help on here and also on another forum.
 

My Computer

System One

  • OS
    Windows 11 Professional
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom build
    CPU
    AMD Ryzen™ 9 7950X
    Motherboard
    ASUS ROG Strix X670E-E Gaming WiFi
    Memory
    DOMINATOR® PLATINUM RGB 64GB (2x32GB) DDR5 DRAM 5200MHz
    Graphics Card(s)
    MSI GeForce RTX™ 3080 Ti SUPRIM X 12GB
    Hard Drives
    980 PRO NVMe M.2 SSD 1TB
    970 EVO Plus NVMe M.2 SSD 2TB
    PSU
    Corsair HX1000 1000 W 80+ Platinum
    Case
    Fractal Design Meshify 2
    Cooling
    iCUE H150i ELITE LCD Display Liquid CPU Cooler
Which? The consumer watchdog has their take on whether or not to use Kaspersky but didn't find any issues with it. Sorry to hijack your post Redlad]

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
I couldn't care less whether someone thinks Kaspersky is safe or not. I've watched what Russia has done to Ukraine. There's a reason the world has put sanctions on Russia. There is no way my dollars will ever contribute to the Russian economy. I have my morals.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9510 OLED
    CPU
    11th Gen i9 -11900H
    Memory
    32 GB 3200 MHz DDR4
    Graphics Card(s)
    NVIDIA® GeForce® RTX 3050Ti
    Monitor(s) Displays
    15.6" OLED Infinity Edge Touch
    Screen Resolution
    16:10 Aspect Ratio (3456 x 2160)
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    2 Thunderbolt™ 4 (USB Type-C™)
    1 USB 3.2 Gen 2 (USB Type-C™)
    SD Card Reader (SD, SDHC, SDXC)
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft PowerToys
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Macrium Reflect
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
  • Operating System
    Windows 11 Pro
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    i5
    Memory
    8 GB
    Hard Drives
    256GB SSD
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft Visual Studio
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
I couldn't care less whether someone thinks Kaspersky is safe or not. I've watched what Russia has done to Ukraine. There's a reason the world has put sanctions on Russia. There is no way my dollars will ever contribute to the Russian economy. I have my morals.
Which is more or less what Which? said in that article.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd

Latest Support Threads

Back
Top Bottom