Trojan.Floxif discovered need help

YSH94

New Member
Updated*****
Discovered Trojan.Floxif on my computer the other morning with a full malwarebytes scan and removed the initial infection which apparently piggybacked on a version of CCleaner.
It was found in the Ccsetup location.

I then proceeded to do a rootkit scan with malwarebytes. Nothing found.

Next I followed the steps seen here all the way through https://www.bleepingcomputer.com/virus-removal/remove-floxif-ccleaner-trojan


Did a windows 10 “ reset/clean “ but then I felt it was better to start Completely over so..
I then factory restored the computer and erased all the drives completely with the windows 10 disc.



Did I probably do a lot of unnecessary stuff along the way? Yep. But I’ve never encountered malicious code such as this before and am not the most experienced with dealing with nasty malware.

Why did I edit my responses? To be honest I have a lot of work to do, and I understand people do the same. So, Since staff member johnb35 stated if I reinstalled windows I would be good, I proceeded with the factory disc complete reinstall option of windows 10 this morning to just put the final nail in the coffin.
 
Last edited:

_Pete_

Active Member
This trojan came with a hacked Ccleaner installation file. It was ccsetup533. You need to uninstall Ccleaner and delete ccsetup533. run Malwarebytes to ensure that the trojan has gone. ccsetup544 or whatever version is current is clean. There is a thread about this on this somewhere.
 

YSH94

New Member
This trojan came with a hacked Ccleaner installation file. It was ccsetup533. You need to uninstall Ccleaner and delete ccsetup533. run Malwarebytes to ensure that the trojan has gone. ccsetup544 or whatever version is current is clean. There is a thread about this on this somewhere.

Will do, I am a little paranoid of what data was stolen, considering I didn’t find out until today. Backdoor malware, taking IPs, keylogger, injecting malicious code, etc. obviously I’ll be changing all passwords too.
 

_Kyle_

Well-Known Member
Will do, I am a little paranoid of what data was stolen, considering I didn’t find out until today. Backdoor malware, taking IPs, keylogger, injecting malicious code, etc. obviously I’ll be changing all passwords too.
Lol, are you like a secret services agent.
Just joking, I know lots of valuable data could of been on your PC.
 

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Moved to the security section.

We do have a guide on what to do first when asking for help with malware issues.

The most common malware issues can be taken care of just by running a few simple programs and it would help to run them in order.

1. AdwCleaner
2. Junkware Removal tool
3. Malwarebytes

I will post specific instructions for each program later in this post.

For the more tougher malware issues, such as mbr/bootkit infections and browser redirect infections we must use stronger programs.

1. TDSSkiller
2. ASWmbr
3. Combofix - NOTE: Should only be ran when told to do so by a Moderator.



So if you come here looking for help to remove malware on your system, we would appreciate it if you would go ahead and follow steps 1-4 outlined below and we will determine if any more scans are needed to get you cleaned up.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
Top