[HELP] Virus????

[redmoogle]

its actuacly half decent at getting viruses that slip by


and i cant afford keys ;;;;----;;;;

[Drama]

Download MalwareBytes and scan the shit out of your computer, it's one of the best real-time malware scanning applications. If there is anything on your PC that's harmful then it should take care of it.
https://www.malwarebytes.com/

Malwarebytes is good/best at finding... well.. Mal Ware.

[Harry]

its actuacly half decent at getting viruses that slip by


and i cant afford keys ;;;;----;;;;

It's like 3-4 dollars for an Avast key I'm pretty sure. If you can't afford that then go download AVG free or something and use that alongside Malwarebytes.

[Aoredon]

Pretty much what Oneminecraftman said. Based on quick guesses without much research:

Waits 60.
Searches for the svhost.exe process using two different methods. Based on that result it will either wait another 60 and repeat the process or start a process, wait for it to close again and repeat.

Essentially it just keeps a process open which in this case is apparently svhost.exe. Whilst this looks like a native Windows process, the actual process Windows uses is svchost.exe so we can assume that it is a virus. Again, I'd do what Oneminecraftman says and scan your computer using MalwareBytes.

Also not sure why you keep redacting your account username when it's shown in the MS-DOS code you posted, and twice on the image you posted.

[redmoogle]

hey malware bytes found something i feel happy


that svhost thing that was in the code was the virus itself as i found the .exe in the same folder

[Aoredon]

hey malware bytes found something i feel happy


that svhost thing that was in the code was the virus itself as i found the .exe in the same folder

Upload it to https://www.virustotal.com/ and post the results here.

[redmoogle]

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/07/10 19:29:46 -0400</date>
<logfile>mbam-log-2016-07-10 (19-28-42).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.07.10.08</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>DESKTOP-S4OLB2O</hostname>
<ip>********** not so fast m8</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>dakot</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom<pe>
<result>completed</result>
<objects>364351</objects>
<time>784</time>
<processes>0</processes>
<modules>0</modules>
<keys>5</keys>
<values>6</values>
<datas>2</datas>
<folders>2</folders>
<files>8</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>154bb0723169f73fcc54576a768db54b</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ SERVICE MGR SEARCHNEWWINDOW</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>3927869c9a001b1b517e509431d2c937</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ UPDATE MGR SEARCHNEWWINDOW</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>9bc5fa28ddbdc670dff130b4966da759</hash></key>
<key><path>HKU\S-1-5-21-2295777904-4133049855-2223738402-1003\SOFTWARE\csastats</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>6ff1c35fdfbb072f3bf1d625b54ef808</hash></key>
<key><path>HKU\S-1-5-21-2295777904-4133049855-2223738402-1003\SOFTWARE\PRODUCTSETUP</path><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><hash>ef7151d1693138fed96d169b2ed5c838</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DoNotAskAgain</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>searchinterneat-a.akamaihd.net</valuedata><hash>e37d7ea48e0c2e08757218aabf441ae6</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path><valuename>URL</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>https://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OUABERwMTbQEIUQhcFVMRIhRZB 1pADAARcl0KVw1AFVQXJh9aFQQTSEcFME0FCFwEURNNfWpdAEs SSXtGN25RD10eVg==&amp;q={searchTerms}</valuedata><hash>154bb0723169f73fcc54576a768db54b</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICE S\Service Mgr SearchNewWindow</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>&quot;C:\ProgramData\a96ed9e8-b4db-48e1-82c2-51a1109acc39\plugincontainer.exe&quot;</valuedata><hash>3927869c9a001b1b517e509431d2c937</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICE S\Update Mgr SearchNewWindow</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>&quot;C:\Program Files (x86)\Common Files\a96ed9e8-b4db-48e1-82c2-51a1109acc39\updater.exe&quot;</valuedata><hash>9bc5fa28ddbdc670dff130b4966da759</hash></value>
<value><path>HKU\S-1-5-21-2295777904-4133049855-2223738402-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DoNotAskAgain</valuename><vendor>PUP.Optional.Yontoo</vendor><action>success</action><valuedata>searchinterneat-a.akamaihd.net</valuedata><hash>2d3374ae1882f145f240536f1be816ea</hash></value>
<value><path>HKU\S-1-5-21-2295777904-4133049855-2223738402-1003\SOFTWARE\PRODUCTSETUP</path><valuename>tb</valuename><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><valuedata>1Z1C1O2Z1R1K2T0U1H1N1D</valuedata><hash>ef7151d1693138fed96d169b2ed5c838</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><valuedata>https://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUdggBVF9HERgbcAkJTA0XE1cOIV9b UBREEwdHcg8MUA0QFVMFIk0FA1ADB0VXfVBdFElXTwhwJVhKAl E/REJ0KVdcDk4=</valuedata><baddata>https://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUdggBVF9HERgbcAkJTA0XE1cOIV9b UBREEwdHcg8MUA0QFVMFIk0FA1ADB0VXfVBdFElXTwhwJVhKAl E/REJ0KVdcDk4=</baddata><gooddata>www.google.com</gooddata><hash>9bc5b46e118900362908a5d44fb5ce32</hash></data>
<data><path>HKU\S-1-5-21-2295777904-4133049855-2223738402-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><valuedata>https://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUdggBVF9HERgbcAkJTA0XE1cOIV9b UBREEwdHcg8MUA0QFVMFIk0FA1ADB0VXfVBdFElXTwhwJVhKAl E/REJ0KVdcDk4=</valuedata><baddata>https://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggUdggBVF9HERgbcAkJTA0XE1cOIV9b UBREEwdHcg8MUA0QFVMFIk0FA1ADB0VXfVBdFElXTwhwJVhKAl E/REJ0KVdcDk4=</baddata><gooddata>www.google.com</gooddata><hash>a9b7c45eaeec4cea2115f18829dbc63a</hash></data>
<folder><path>C:\Program Files (x86)\Search New Window</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>84dc0220bcde310543d7ebdd3fc37090</hash></folder>
<folder><path>C:\Program Files (x86)\Search New Window\Extensions</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>84dc0220bcde310543d7ebdd3fc37090</hash></folder>
<file><path>C:\Users\dakot\AppData\Roaming\svhost. exe</path><vendor>Trojan.Dropper</vendor><action>success</action><hash>0c54978bf6a482b4d47a95bfbe45e020</hash></file>
<file><path>C:\Program Files (x86)\Search New Window\7za.exe</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>84dc0220bcde310543d7ebdd3fc37090</hash></file>
<file><path>C:\Program Files (x86)\Search New Window\Extensions\eghlklcplngidnhplkfddocbadmfokin .crx</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>84dc0220bcde310543d7ebdd3fc37090</hash></file>
<file><path>C:\Program Files (x86)\Search New Window\Extensions\{31fa8fc7-2661-4d0a-9072-6593b616963d}.xpi</path><vendor>PUP.Optional.Yontoo</vendor><action>success</action><hash>84dc0220bcde310543d7ebdd3fc37090</hash></file>
<file><path>C:\Users\dakot\AppData\Roaming\Mozilla \Firefox\Profiles\gnjc1o2x.default-1454713333627\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>user_pref(&quot;browser.newtab.url &quot;, &quot;https://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAIVcQANBw9BDA0TcAgVVV9DQxhCJloJT AxDE1ERdg0JVVhFRxNBNARaB0tXUUEeGGlxR1dMclBCMlpQL1w GdlxNJFZP&quot;</baddata><gooddata></gooddata><hash>f46c71b15c3ef14575e69905dc284ab6</hash></file>
<file><path>C:\Users\dakot\AppData\Roaming\Mozilla \Firefox\Profiles\gnjc1o2x.default-1454713333627\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>v\&quot;:\&quot;1.0.2\&quot;,\&quo t;st\&quot;:1465576514494},\&quot;loop@mozilla.org \&quot;:{\&quot;d\&quot;:\&quot;C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org .xpi\&quot;,\&quot;e\&quot;:true,\&quot;v\&quot;:\ &quot;1.3.2\&quot;,\&quot;st\&quot;:146557</baddata><gooddata></gooddata><hash>f96745dd6d2d142202596a3448bc26da</hash></file>
<file><path>C:\Users\dakot\AppData\Roaming\Mozilla \Firefox\Profiles\gnjc1o2x.default-1454713333627\prefs.js</path><vendor>PUP.Optional.Yontoo</vendor><action>replaced</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;https://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ4OUABERwMTbQEIUQhcFVMRIhRZB 1pADAARcl0KVw1AFVQXJh9aFQQTR0cFME0FB18EURNNfWpdAEs SSXtGN25RD10eVg==&amp;q={searchTerms}&quot;</baddata><gooddata></gooddata><hash>ed739f83bedc84b261e4f6a49b699967</hash></file>
<file><path>C:\Users\dakot\AppData\Roaming\Mozilla \Firefox\Profiles\gnjc1o2x.default-1454713333627\user.js</path><vendor>PUM.Optional.FireFoxSearchOverride</vendor><action>success</action><hash>5907170bdcbec076c9da8814d82c7d83</hash></file>
</items>
</mbam-log>




spam much m8

[Aoredon]

<file><path>C:\Users\dakot\AppData\Roaming\svhos t. exe</path><vendor>Trojan.Dropper</vendor><action>success</action><hash>0c54978bf6a482b4d47a95bfbe45e020</hash></file>

Looks like it got your virus. It says that it's a dropper which means that it might not have been the whole thing, but MalwareBytes should've taken care with any other files it created with it.

Should be good to go now.

[redmoogle]

well to bf that virus ik where i got it from was really retarted as it tried very idiotly to hide itself while it was secretly instaling itself but thx

[Harry]

well to bf that virus ik where i got it from was really retarted as it tried very idiotly to hide itself while it was secretly instaling itself but thx

Next time be more careful when downloading dodgy stuff off YouTube alright?

[redmoogle]

any hack on youtube is dodgy besides a few

[Harry]

any hack on youtube is dodgy besides a few

Trust me, they are all dodgy and come with some sort of catch. I should know from my days when I used to spam download "hacks" like an idiot haha

[redmoogle]

imma do a full scan now instead of the roaming folder

[Harry]

imma do a full scan now instead of the roaming folder

Alright, you should be pretty much good to go then. If you ever need any cheats in the future then just look on here because most cheats/hacks on here have been virus scanned meaning that you shouldn't get any viruses though you could get banned in the game depending on whether the cheats were detected or were setup to be a trap.

[redmoogle]

i have 50gb worth of trash and most of it were viruses



GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
NO
REEEEEEEEEEEEEEEEE