Question Trojan Keeps Coming Back After Windows Restart, Won't Remove

[Teekiii]

Hello everyone,

My PC got infected with this damn annoying trojan of EpicNet Inc (Cloudnet.exe), it's very famous and I got infected with it a month ago and i realized it was a virus in the same minute i excuted the program and then i replaced the whole windows with a fresh version,

But in my current case, this time there's no program that i've by mistake excuted and there's no active suspicious process,
but each time i do a scan when i start my windows (it's a habit) i can see the same 8 files every time, i remove them by maleware or manually to make sure they're gone
but on restart they are back again,


I use windows 10, and for checking the processes i use both Process Explorer Tool & SecurityTaskManager (i use them ofc before removing the trojans but i cant find any shady processes or any process with a matching location where the trojan is)


it's important to notice that it only recreate it self upon windows restart, not after a certian time
i need to know how it does recreate it self? and how to completely delete it? and how to protect myself from such trojans in the future that comes from webpages scripts and such thing is using sandboxie will help ? (i'm not considering buying any antivirus and i'm sure they won't stop webpages hidden attacks they only slow my machine)

and here's the Malewarebytes log
_


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/6/20
Scan Time: 3:19 PM
Log File: 15a3503a-5fad-11ea-a7ef-00241d1fea74.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.20172
License: Expired

-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: DESKTOP-UUS8QFF\Teeky

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296553
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 4 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 8
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\ROAMING\EPICNET INC, No Action By User, 1130, 781247, 1.0.20172, , ame,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\LOCAL\EPICNET INC, No Action By User, 1130, 781248, 1.0.20172, , ame,

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

The msconfig & startup process screenshot:

https://imgur.com/Do4omUe

View: https://imgur.com/Do4omUe

 

[MJS WARLORD]

How long have you been using malwarebytes. The reason I ask this is because you may not be fully aware of how Malwarebytes works. Infections of any kind can be made up of many segments , if you clicked on anything it found before quarantining and deleting you might have seen it say something like joe bloggs pup 5 , this means that joe bloggs pup is made up of 5 segments. This "might" explain why infections are still their.

This is the important bit.... Malwarebytes is one of the best programs around but it cant always get rid of all segments of something on the first scan/quarantine/delete. You must do repeated scans till it finds nothing.

Also try adwcleaner by the same company

Finally , have you been doing any downloading you could have got something you don't know about if you did not scroll down the terms and conditions , its an old trick , companies know people are lazy ( no offence ) so if you had gone to the end of terms and conditions you might have seen some boxes to UNTICK so that you don't get say another browser or a free trial anti virus.

Study your browsers for add ins and extensions you don't recognise and also look in add/remove for items you don't recognise.

 

[Armel_08]

Try downloading a second opinion scanner, like Avast Free or Bitdefender. Also, have you tried running the scan in safe mode, or using an antivirus with a boot scan? (i know avast has one, and also norton has that kind of thing too)

 

[Kelvin94]

So I found the culprit behind all of this (at least in my case)
I tried to uninstall so many things

Turns out the cause of this is Smadav

You might want to uninstall this program and clean your computer with malwarebytes and adware
Then restart your computer and see if the folder still comes back

Hope it works for you!

 

[mdd1963]

I'd read up on Freefixer



Remarkably easy to look for things starting up, automatically running, etc., that ought not be there....

At some point, one will 'bite the bullet', and quick format/reinstall....(which takes all of 5 minutes these days anyway if installing from USB flash drive to an SSD)

 

[digitalgriffin]

If you're getting an infestation like this every couple of weeks, the keyboard operator is the issue.

Tru that

Stay off the pirate and anime pr0n sites. Both will warp ya. (And get you viruses)

I also second vote bleepingcomputer.com. Its in their best interest to help you as its full of virus security experts looking for new exploits so they can defend against them.