Hello everyone,
My PC got infected with this damn annoying trojan of EpicNet Inc (Cloudnet.exe), it's very famous and I got infected with it a month ago and i realized it was a virus in the same minute i excuted the program and then i replaced the whole windows with a fresh version,
But in my current case, this time there's no program that i've by mistake excuted and there's no active suspicious process,
but each time i do a scan when i start my windows (it's a habit) i can see the same 8 files every time, i remove them by maleware or manually to make sure they're gone
but on restart they are back again,
I use windows 10, and for checking the processes i use both Process Explorer Tool & SecurityTaskManager (i use them ofc before removing the trojans but i cant find any shady processes or any process with a matching location where the trojan is)
it's important to notice that it only recreate it self upon windows restart, not after a certian time
i need to know how it does recreate it self? and how to completely delete it? and how to protect myself from such trojans in the future that comes from webpages scripts and such thing is using sandboxie will help ? (i'm not considering buying any antivirus and i'm sure they won't stop webpages hidden attacks they only slow my machine)
and here's the Malewarebytes log
_
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/6/20
Scan Time: 3:19 PM
Log File: 15a3503a-5fad-11ea-a7ef-00241d1fea74.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.20172
License: Expired
-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: DESKTOP-UUS8QFF\Teeky
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296553
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 4 min, 13 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 8
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\ROAMING\EPICNET INC, No Action By User, 1130, 781247, 1.0.20172, , ame,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\LOCAL\EPICNET INC, No Action By User, 1130, 781248, 1.0.20172, , ame,
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
The msconfig & startup process screenshot:
View: https://imgur.com/Do4omUe
My PC got infected with this damn annoying trojan of EpicNet Inc (Cloudnet.exe), it's very famous and I got infected with it a month ago and i realized it was a virus in the same minute i excuted the program and then i replaced the whole windows with a fresh version,
But in my current case, this time there's no program that i've by mistake excuted and there's no active suspicious process,
but each time i do a scan when i start my windows (it's a habit) i can see the same 8 files every time, i remove them by maleware or manually to make sure they're gone
but on restart they are back again,
I use windows 10, and for checking the processes i use both Process Explorer Tool & SecurityTaskManager (i use them ofc before removing the trojans but i cant find any shady processes or any process with a matching location where the trojan is)
it's important to notice that it only recreate it self upon windows restart, not after a certian time
i need to know how it does recreate it self? and how to completely delete it? and how to protect myself from such trojans in the future that comes from webpages scripts and such thing is using sandboxie will help ? (i'm not considering buying any antivirus and i'm sure they won't stop webpages hidden attacks they only slow my machine)
and here's the Malewarebytes log
_
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 3/6/20
Scan Time: 3:19 PM
Log File: 15a3503a-5fad-11ea-a7ef-00241d1fea74.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.20172
License: Expired
-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: DESKTOP-UUS8QFF\Teeky
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296553
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 4 min, 13 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 8
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Roaming\EpicNet Inc\CloudNet, No Action By User, 1130, 781247, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\ROAMING\EPICNET INC, No Action By User, 1130, 781247, 1.0.20172, , ame,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\Users\Teeky\AppData\Local\EpicNet Inc\CloudNet, No Action By User, 1130, 781248, , , ,
Trojan.Glupteba.BITSRST, C:\USERS\TEEKY\APPDATA\LOCAL\EPICNET INC, No Action By User, 1130, 781248, 1.0.20172, , ame,
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
The msconfig & startup process screenshot:
View: https://imgur.com/Do4omUe
Last edited by a moderator: