Locked Trojan

[Greym]

Hi guys sorry for my bad English
Ok so my issue is that I had an old fitgirl repack installation of a game I installed that game like 2 y ago and played it just fine but when I tried installing it again on my PC it somehow gave me a virus and the virus is Trojan muldrop I believe?.. I don't know what to do I tried reinstalling windows but it seems like after I reinstalled windows the virus is still there it creates a lot of junk files for example like FAFe.tmp I don't understand is my ssd that infected? Do I really need a new one? Or is there anything I can do to fix my problem hopefully I find a fix and thank you guys.

 

[peter pete]

there is alot of antivirus here best use malwarebytes .

 

[Uncle Mac]

Moved to here.. Has nothing to do with Bugs about the forum..

Why not format ssd and see... If ok then Burn the game

 

[Greym]

Moved to here.. Has nothing to do with Bugs about the forum..

Why not format ssd and see... If ok then Burn the game

The thing is I did format by windows installation way sadly the Trojan is still there

 

[Uncle Mac]

The thing is I did format by windows installation way sadly the Trojan is still there

You did a complete installation or just the upgrade, right

 

[Mirkec]

A TMP file is a temporary backup, cache, or other data file created automatically by a software program.
It is sometimes created as an invisible file and is often deleted when the program is closed.
That not means necessary it is a trojan.

probably appears during unpacking like some kind of leftovers

 

[Greym]

You did a complete installation or just the upgrade, right

Yea a complete new one not upgrade no

 

[Greym]

A TMP file is a temporary backup, cache, or other data file created automatically by a software program.
It is sometimes created as an invisible file and is often deleted when the program is closed.
That not means necessary it is a trojan.

probably appears during unpacking like some kind of leftovers

I agree with you but the thing is when i looked up for those multiple temp files they're not showing up to my friends but showed up for me right after i installed windows which that was last night

 

[Mirkec]

I agree with you but the thing is when i looked up for those multiple temp files they're not showing up to my friends but showed up for me right after i installed windows which that was last night

Well that is new variable. It show to you but not to your friend.
If it is a really trojan then it would attack all host machines not some of them. Try to delete them manually. Scan with virustotal
Also maybe some other app/program triggered that

 

[Greym]

there is alot of antivirus here best use malwarebytes .

I did it detected nothing but when i ran chameleon in safe mode it ran their scan fine but when it said it needed to restart my pc was having this kind of blackscreen bootloop

 

[Light_Eater]

I would try something like Kaspersky Rescue Disk

https://www.kaspersky.co.uk/downloads/thank-you/free-rescue-disk

This USB Boot tool set has a bunch of AV solutions included

Spoiler: List

ANTIVIRUS UTILITES:

- Antivirus Live CD 31.0-0.102.0 (2019, zk1234) - Console antivirus scanner ClamAV.
- Avira Rescue System (2016-09-16, Avira Operations) - Ubuntu OS with Avira antivirus scanner, file manager, web browser, Gparted, RegEdit. Online update.
- Comodo Rescue Disk (2013-04-16, Comodo Group) - Linux OS with an antivirus scanner Comodo, file manager and web browser. Online update.
- Dr.Web LiveDisk (2019-11-24, ?????? ???) - Linux OS with Dr.Web anti-virus scanner, file manager and web browser. Online update.
- ESET SysRescue (2019-06-07, ESET) - Linux OS with ESET SysRescue antivirus scanner , file manager, web browser, Gparted. Online update.
- F-Secure Rescue CD (2014-09-01, F-Secure) - Antivirus scanner F-Secure. Online update.
- Kaspersky Rescue Disk (2019-11-24, Kaspersky Lab) - Linux OS with Kaspersky Anti-Virus scanner, file manager, web browser, RegEdit. Online update.
- Norton Bootable Recovery Tool (2019-07-08, Symantec) - Linux OS with Norton antivirus scanner, file manager and web browser. Online update.
- Sophos Bootable (2019-11-24, Sophos) - Bootable Anti-Virus Sophos.
- Tencent Rescue Disk (2017-05-17, Tencent) - Linux OS with Tencent anti-virus scanner, file manager, web browser, RegEdit, FixMBR.
- Windows Defender Offline (2019-11-24, Microsoft) - Antivirus scanner Windows Defender Offline. Online update.

You must be registered for see links

 

[Greym]

Is Kaspersky strong? for stuff like this?

 

[Light_Eater]

Is Kaspersky strong? for stuff like this?

No, it is weak, this is why I recommended trying it. If you don't have faith in Kaspersky, you can go with the second solution and try all AV solutions included in Comss boot usb

 

[Greym]

No, it is weak, this is why I recommended trying it. If you don't have faith in Kaspersky, you can go with the second solution and try all AV solutions included in Comss boot usb

Thank you i will try this and give feedback when i can.

 

[Cyler]

I would like to say some things cause something is not right here:

The thing is I did format by windows installation way sadly the Trojan is still there

There is no way a virus can come back after a format unless what you format with has a virus too, or some of the files you accessed AFTER the format (maybe something you installed) had the virus. This means it's not the game from FG as you claimed in the original post.

... and the virus is Trojan muldrop I believe?... junk files for example like FAFe.tmp....

Muldrop does not create several temp files. It generates the following files:

The file you actually mentioned FAFe.tmp is probably from either chrome or firefox temp files.

I agree with you but the thing is when i looked up for those multiple temp files they're not showing up to my friends but showed up for me right after i installed windows which that was last night

As @Mirkec said, the fact that those files showed up on your PC and not your friends means it's not at all what you said in your original post. Its a software (or a link) you use and not your friend. Maybe that will make it easier to see which one it is.

My guess is you have a virus/trojan/malware in one of your installation files (the programs you use to install whatever it is you do) or on one of your addons from chrome/firefox and maybe somehow it got into your windows ISO too. You must scan all the files you use to install on a different PC, including the ISO internally (scan the USB stick or unpack/use a dvd emulator). After that, I would make sure to scan everything before using it.

You didn't tell us which windows build you are using just to be on the safe side.

 

[Greym]

I would like to say some things cause something is not right here:


There is no way a virus can come back after a format unless what you format with has a virus too, or some of the files you accessed AFTER the format (maybe something you installed) had the virus. This means it's not the game from FG as you claimed in the original post.


Muldrop does not create several temp files. It generates the following files:

The file you actually mentioned FAFe.tmp is probably from either chrome or firefox temp files.


As @Mirkec said, the fact that those files showed up on your PC and not your friends means it's not at all what you said in your original post. Its a software (or a link) you use and not your friend. Maybe that will make it easier to see which one it is.

My guess is you have a virus/trojan/malware in one of your installation files (the programs you use to install whatever it is you do) or on one of your addons from chrome/firefox and maybe somehow it got into your windows ISO too. You must scan all the files you use to install on a different PC, including the ISO internally (scan the USB stick or unpack/use a dvd emulator). After that, I would make sure to scan everything before using it.

You didn't tell us which windows build you are using just to be on the safe side.

The windows I'm using is from this --> (

You must be registered for see links

) that version is working just fine I tried using a different USB windows installation I may be overreacting about my pc cause it's new and im too scared i guess that something can harm it my apologies I dunno much about this plus this whole situation that im having is confusing the heck out of me and stressing me out really.

 

[lunchtime]

The only sources I can find for that filename are related to Chrome...

Uninstall chrome (or just don't use it) and use a different browser for a while and see if the file stops showing up. If it never shows up again, then you know it's just Chrome making a temp file.

 

[theprivatetorrent]

@Greym It seems like the virus attacks program files, It means it not survives after installing windows, It attack your Installer Files, Mostly it attack cracked version of Applications.
For removing this at first fresh install Windows and then don't install any program.
Download any Antivirus you like and scan all Personal files using it.
Then the antivirus may detect viruses and removed it.

 

[spmt1]

OK... try this
a) follow the above from @theprivatetorrent . IF the "virus" would resurrect... all of the below is more or less guessing, apart from step 4.
1. DO NOT use any super-duper-hyper rescue disks older than a...month or two. Tools given e.g. somewhere above are older than the script kiddo who wrote the trojan/virus whatever attacks you.
2. DO NOT try to check/rescue the system from within. USE Sergei /Hirens/whatever to boot your system from USB and then check, using LATEST version of dr. web, kaspersky, eset, whatever.
3. IF you are really curious/sure you want to feel the pain, do not use the virus scanner, but use the IOC detection stuff. Simples, I believe, would be to use LOKI or Thor Lite from nextron systems (google it, its free so no third party source needed. Important: even if you have the recent version of Thor Lite, download LOKI and run updater. Whatever LOKI would download into the signature-base folder, copy to Thor's custom-signatures.).
4. If the above will fail (no detection/removal but presence visible) it would be likely that you have something more serious. In this case, I'm afraid you may need a systematic approach like use of FRST, FSS, GMER, kaspersky TDSS killer and.. someone smart and not as lazy as I am to analyse the logs and provide you with tailored, dedicated help. There are dedicated, authorised by creators of the tools forum places where you will find such a help. For instance, search for bleeping computer, where you will find guides and most likely tailored help.

 

[MediumSteak]

what's the game name bro? i have some games from her too. i don't have any anti virus installed on my system, the windows defender is also totally disabled. i think so far i didn't find any something weird on my system.