Essex, he’s using Windws 8, not 7.
OTL just sent some Thumbs.db file to the desktop as unhidden, YOu’re right. This might be a pain and extensive cleaning process.
More issues: No Internet.
no internet is normal for most malware infections 
here are some screenshots.
nothing that looks like malware in the VM without photoshop installed.
HAHAHA. Yes, I can see it.
The screenshots just show the installation files running around, after the restart nothing is showing up like malware.
Essex, I’ve given this link to Mach to see if he can learn anything. if he has any advice or anything, fire away once (If he still has to confirm) he’s confirmed a idea.
Norman lab had a look at your cracked software and surprise surprise it contained some extra software…who would have guessed that ;D
Files:
Photoshop CS6 (Portable).exe: Backdoor.CEQ
Uhhh. Thta’s not good. I flagged the YT video. I’ll check to see if it’s down.
YT video confirmed removed. Any word on the CF Log Essex? There is more active malware, that for sure
OK there is no further apparent malware however, I would like to now check out the MBR
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Hi essex. I’m on skype with Hack/Bailey. I’ll hand the file over here in a second. He’s worried about the malware spreading to his network. Should he be worried?
Most exe files still will not run.
I would recommend that he disconnect from the network. What are the current symptoms
Most EXE’s will not run, mostly skype and games. Random refresh of all .ico files on desktop.
OK lets get a full analysis on the system
This is a two part run. First we will get a second opinion scan then run an analysis on the remnants. The zip file will need to be uploaded to a file sharing site for collection
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
Select the cog to access scan areas
https://dl.dropboxusercontent.com/u/73555776/Kas%20front.JPG
On the first tab select all elements down to OS C and then select start scan
https://dl.dropboxusercontent.com/u/73555776/Kas%20Scan%20area.JPG
Once it has finished select reports and post the detected threats
.
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
https://dl.dropboxusercontent.com/u/73555776/kas%20manual.JPG
Once it has completed then click Step 2 Report sending
https://dl.dropboxusercontent.com/u/73555776/avp%20report.JPG
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
That leads to a setup file for Kaspersky
Yep they make AVP which has a nice analysis mode (basically an updated version of AVZ)
Is it supposed to take 12 hours?
Depends on how large the drive is. You can let it run for 20 minutes or so and see if it reports anything and then stop and go direct to the analysis scan (that takes about 5 minutes )
Okay, he stopped the scan at 30mins. However, there is no Manual Disinfection. Any other ideas?
Edit: I’ve given Temp access to my account for Bailey. After this is done, I’ll change my password.
This is the analysis scan and will take but a few minutes
From the scan I will be able to generate a disinfection script
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
https://dl.dropboxusercontent.com/u/73555776/kas%20manual.JPG
Once it has completed then click Step 2 Report sending
https://dl.dropboxusercontent.com/u/73555776/avp%20report.JPG
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached