Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Morto.fi detected?

  1. #1
    Member
    Join Date
    Jan 2016
    Posts
    65

    Question Morto.fi detected?

    So Kaskpersky tells me to uninstall this because it's *apparently* incompatible with Spybot Search and Destroy as it would seem it pretty much does what Spybot S&D already does and more. Well luckily I never uninstalled(as I don't believe KIS 2016 can do everything that Spybot does - I don't see immunization option(one of the reasons why I've kept Spybot) in KIS 2016) and just recently did a scan and it found a Morto worm that Kaskersky(so much for people touting "you should just only have an AV installed and that's it, nothing more and you should be safe" saying), Malwarebytes and SUPERAntiSpyware failed to find. In the attachment you will find a screenshot of Spybot finding and fixing up the Morto worm. So I've already scanned the system with Rkill and TDSSK so I should be clean right...?
    Attached Images Attached Images

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,582

    Default

    Hello Nnewb,

    Did another scan flag anything, how is the computer running?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Quote Originally Posted by tashi View Post
    Hello Nnewb,

    Did another scan flag anything, how is the computer running?

    Best regards.
    Hi thanks for replying - hmm strange I didn't even get an email notification of it....and yes I subscribed with instant email notification....I thought you guys forgot all about me or had more pressing matters to deal with(or maybe the answer is so obvious that there's no point in replying). I was about to go and bump this post and or post in the malware removal forum(thinking maybe I posted in the wrong section...) and link it to this thread, but saw someone has already replied.

    Well I just rescan with Spybot and it appears clean, would you like me to re-scan with the other programs too?

    Also, I have suspicion that this trainer may have been the cause of this(despite the website I got it from says that everything there is 100% virus/malware free and are false positives if any programs do pick them up and that he wouldn't upload them if something bad did happen whilst he was working with them)....well one of the reason is why does the exe file delete itself randomly? Or after some set period of time? The rar files it came with didn't get deleted with it though so I still have a copy of them....

    Check it out, it's in the attachment, I've zipped up for you. Inside it is a picture, two rar files and a txt file containing some detail info about it.
    Hashes for the zipped file=> MD5: cfe4123e54ba56a1149d6f47215385c2, SHA256: 46031b1e168ce7a38cf491065f7b751cf65029aab672c9d992273703cb56321c

    Hmmm strange, it won't let me upload the zipped file....you see the load icon animation and then it disappears....is there a size limit or maybe this...hidden malware/virus is preventing me from doing so? I tried to upload a couple or random smaller zip files and they came through. I tried splitting the archive to 256KB size but upon uploading the 256 part, it says sorry invalid file or something like that.. Nope file size limit is 2.86MB for zip format, the file itself is only 1.07MB....is your uploader screwed or is it me?

    Besides that, the computer seems to be running as if nothing has happened....................

    Oh well I've uploaded it on an external website:
    Last edited by tashi; 2016-08-06 at 17:20. Reason: Removed link

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,582

    Default

    Hello Nnewb,

    Quote Originally Posted by Nnewb View Post
    Hi thanks for replying - hmm strange I didn't even get an email notification of it....and yes I subscribed with instant email notification....I thought you guys forgot all about me or had more pressing matters to deal with(or maybe the answer is so obvious that there's no point in replying). I was about to go and bump this post and or post in the malware removal forum(thinking maybe I posted in the wrong section...) and link it to this thread, but saw someone has already replied.
    Unfortunately there was an issue with notifications which has now been resolved.

    Quote Originally Posted by Nnewb View Post
    Also, I have suspicion that this trainer may have been the cause of this(despite the website I got it from says that everything there is 100% virus/malware free and are false positives if any programs do pick them up and that he wouldn't upload them if something bad did happen whilst he was working with them)....well one of the reason is why does the exe file delete itself randomly? Or after some set period of time? The rar files it came with didn't get deleted with it though so I still have a copy of them....
    Trainer?

    Check it out, it's in the attachment, I've zipped up for you. Inside it is a picture, two rar files and a txt file containing some detail info about it.
    Hashes for the zipped file=> MD5: cfe4123e54ba56a1149d6f47215385c2, SHA256: 46031b1e168ce7a38cf491065f7b751cf65029aab672c9d992273703cb56321c

    Hmmm strange, it won't let me upload the zipped file....you see the load icon animation and then it disappears....is there a size limit or maybe this...hidden malware/virus is preventing me from doing so? I tried to upload a couple or random smaller zip files and they came through. I tried splitting the archive to 256KB size but upon uploading the 256 part, it says sorry invalid file or something like that.. Nope file size limit is 2.86MB for zip format, the file itself is only 1.07MB....is your uploader screwed or is it me?

    Besides that, the computer seems to be running as if nothing has happened....................

    Oh well I've uploaded it on an external website:
    The links were removed for the safety of other users. Glad to hear the computer is running well, if any malware issues do occur please start a topic in the malware forum. FAQ here.

    Have a nice weekend!
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    Quote Originally Posted by tashi View Post
    Hello Nnewb,



    Unfortunately there was an issue with notifications which has now been resolved.
    Ah I see, well I just woke up and saw the notification via email so it's working!



    Quote Originally Posted by tashi View Post
    Trainer?
    Game Trainer, basically what it does is allow you to cheat in games that either don't have cheat codes and thus impossible to cheat or you're too lazy to type in the codes.....in my case for Oil Rush(a game from these guys running Unigine engine) there were no such codes existed and I felt like power housing and mucking about.....hee hee.....and yeah, that's when I decided to go and grab a trainer....



    Quote Originally Posted by tashi View Post
    The links were removed for the safety of other users. Glad to hear the computer is running well, if any malware issues do occur please start a topic in the malware forum. FAQ here.

    Have a nice weekend!
    Oh there was a delete link that you could have used that I did provide.......and that would have rendered both links invalid.....I didn't anticipate you removing the entire URL so I don't even have a backup of those URL links.....hahahahaha

    Well I did mention they were suspicious so why would anyone in their right mind would want to download them knowing that I put a caution on it? hahaha Unless they skip reading and just go straight to clicking on random links on forums and posts coz they can....which is just plain dumb without knowing what the hell they're downloading/clicking on.......hahaha

    Well I guess I'll go make another one and upload it again....I'll PM you the link this time....for the safety of others....

    PS - Hm, looks like your uploader still refuses to take my zip file despite being under the file size limit.
    PPS - Somehow Intel True Key got installed, apparently associated with McAfee....could have also been bundled with Adobe Flash player.....-.-
    PPPS - So you don't think a file deleting itself(yes only just that one file so far that I've noticed) after some period of time is considered suspicious...? Or you overlooked that part in my post? I also ran the trainer in Sandbox but it somehow escaped and was running outside Sandboxie when it crashed ...with admin privileges I might add....(or at least I presume it was in, as I had to run SB as admin to run the trainer so I would guess that would still be in effect once it's outside?) it was working for the time being when it didn't crash, but after that, the trainer no longer works even after extrcting a new copy from the rar file.....I find that strange....you wouldn't think a program suddenly stops working completely because of one crash.....
    Last edited by Nnewb; 2016-08-07 at 03:36. Reason: More info

  6. #6
    Member
    Join Date
    Jan 2016
    Posts
    65

    Post

    So why can't I edit my post after a set period of time? 15 minutes or so? It would save your forum from being cluttered with new posts that aren't needed that could have been appended to the last post(if the last post is yours and you feel it's not necessary to bump the thread up either)....unless you are forcing users to bump their thread post every 15 minutes if they want to add something which would then alert you guys, rather them appending to the last post?



    Quote Originally Posted by Nnewb View Post

    Besides that, the computer seems to be running as if nothing has happened....................
    I had something else added onto that(that would have gone but because of this time limit of editing after posting...) but it looks like your admin(yes I contacted the guy so he could edit and append my post...) hasn't added it in for me yet or has ignored my request. The next part of that would have said something along the lines of: or I have a hidden keylogger that so inconspicuous that all my security scanners fail to pick up or and is wait for the right moment to cause havoc....but the only destruction I've seen is said trainer exe file deleting itself.....

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,582

    Default

    Hello Nnewb,

    Quote Originally Posted by Nnewb View Post
    So why can't I edit my post after a set period of time? 15 minutes or so? It would save your forum from being cluttered with new posts that aren't needed that could have been appended to the last post(if the last post is yours and you feel it's not necessary to bump the thread up either)....unless you are forcing users to bump their thread post every 15 minutes if they want to add something which would then alert you guys, rather them appending to the last post?.
    Forums:
    Can I edit my own posts?


    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.



    Quote Originally Posted by Nnewb View Post
    I had something else added onto that(that would have gone but because of this time limit of editing after posting...) but it looks like your admin(yes I contacted the guy so he could edit and append my post...) hasn't added it in for me yet or has ignored my request. The next part of that would have said something along the lines of: or I have a hidden keylogger that so inconspicuous that all my security scanners fail to pick up or and is wait for the right moment to cause havoc....but the only destruction I've seen is said trainer exe file deleting itself.....
    I received your PM but I don't open such links. You may zip or rar the file/s and send them to: detections AT spybot.info

    Subject: 'Infected" Please provide a link to this thread.

    If you would like someone to take a look at the system in the Malware Removal Forum please start a new topic there after reading that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then a volunteer analyst will advise.

    If you choose to do that please do not provide links to the files. If an analyst wants to take a look at the scan results of any suspicious files you may be asked to upload them to a site such as:

    http://virusscan.jotti.org/
    http://www.virustotal.com/

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Member
    Join Date
    Jan 2016
    Posts
    65

    Red face

    Quote Originally Posted by tashi View Post
    Hello Nnewb,



    Forums:
    Can I edit my own posts?


    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.
    Oh fair enough.




    Quote Originally Posted by tashi View Post
    I received your PM but I don't open such links. You may zip or rar the file/s and send them to: detections AT spybot.info

    Subject: 'Infected" Please provide a link to this thread.
    Replace AT with @ and remove the spaces between the word detections and spybot? So it would read detections @ spybot.info?

    Quote Originally Posted by tashi View Post
    If you would like someone to take a look at the system in the Malware Removal Forum please start a new topic there after reading that forum's FAQ which also includes instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    Then a volunteer analyst will advise.

    If you choose to do that please do not provide links to the files. If an analyst wants to take a look at the scan results of any suspicious files you may be asked to upload them to a site such as:

    http://virusscan.jotti.org/
    http://www.virustotal.com/

    Best regards.
    Alright cool, I'll go do that, to make sure my computer is actually clean and not me thinking it is when it isn't and there are still stuff lurking about....

    Thanks!
    Last edited by tashi; 2016-08-07 at 06:54. Reason: Broke email link to avoid spam bots.

  9. #9
    Member
    Join Date
    Jan 2016
    Posts
    65

    Default

    Quote Originally Posted by tashi View Post
    Hello Nnewb,



    Forums:
    Can I edit my own posts?


    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.


    Quote Originally Posted by Nnewb View Post
    Oh fair enough.
    But that's why we have the quotes right? Which is one of the reasons why I make use of the quote function in forums.....just in case it gets deleted, so long as the quoted text still exist, people can still read what it used to say(and what it was answering too as well) unless the answer post was edited by someone(the poster, mod or admin).

    Say for example if the quoted text I just quoted for this reply gets deleted or modified, so long as this post doesn't get edited by me or the mods/admins, viewers would still see what the post was referring to. :D
    Last edited by Nnewb; 2016-08-07 at 07:49.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,582
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •