Overclock.net › Forums › Software, Programming and Coding › Operating Systems › How do i get rid of the Fynloski Backdoor trojan
New Posts  All Forums:Forum Nav:

How do i get rid of the Fynloski Backdoor trojan

post #1 of 24
Thread Starter 
It's kept popping up in MS security essentials and despite numerous quarantines it pops right back up again. I tried to use ComboFix to get rid of it but it too failed.
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
post #2 of 24
Try malware bytes in safe mode?
post #3 of 24
Malwarebytes should get rid of it.
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
post #4 of 24
Thread Starter 
This thing is persistent

MalwareBytes failed
Microsoft Security Essentials failed
Combo Fix failed
TDSSKiller failed

redface.gif what now?
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
post #5 of 24
Did you run them from safemode logged in as the administrator account?
post #6 of 24
Thread Starter 
Quote:
Originally Posted by thrasherht View Post

Did you run them from safemode logged in as the administrator account?
All of them, every time Microsoft Essentials Quarantine it but when i restart it's right back where it started. It somehow starts up when my PC starts up and i have no clue where it is.
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
post #7 of 24
It probably inserted a line in the run, run once or run services keys in the system registry. So you can't delete/quarantine it unless you shut it down first. Which is why it keeps starting up. If you know the file name of the trojan you can search for it in your registry and shut down the run service then restart and use MalwareBytes in safe mode to remove it.

Edit:
By shut it down in the registry i mean Delete the key.
Edited by huhh - 11/6/13 at 8:11pm
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
post #8 of 24
Thread Starter 
Quote:
Originally Posted by huhh View Post

It probably inserted a line in the run, run once or run services keys in the system registry. So you can't delete/quarantine it unless you shut it down first. Which is why it keeps starting up. If you know the file name of the trojan you can search for it in your registry and shut down the run service then restart and use MalwareBytes in safe mode to remove it.

Edit:
By shut it down in the registry i mean Delete the key.
I don't know where to find it in the registry. MSE just tells me it's name but not it's locations... Any ideas? There are thousands of things in there.
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
Bender
(18 items)
 
  
CPUMotherboardGraphicsGraphics
Core i5-2500k @ 4.6Ghz Gigabyte Z68X-UD3H-B3 Sapphire AMD R9 290X Tri-X (1050/1300mhz)  EVGA GeForce GTX 1080 (How do you OC?) 
RAMHard DriveHard DriveOS
8GB 1600Mhz OCZ Vertex 3 240GB SSD OCZ Vertex 3 240GB SSD windows 10 64bit 
MonitorKeyboardPowerCase
Asus MG279Q Logitech G510  Corsair TX750 CM II 690 Advanced 
MouseMouse PadAudioAudio
CM Sentinel Advance  some big corsair one beyerdynamic DT 770 Pro 250 Ohm SoundBlaster Z Soundcard 
  hide details  
Reply
post #9 of 24
Download hijackthis and submit the log,also go into msconfig and see if a unusual name is in startup files.you might need to go into appdata in my documents to destory it ,It will most likely need done in safemode.Its probable in c: also.here is a link to manually get rid of it.http://blog.yoocare.com/manual-way-to-remove-backdoorwin32fynloski-a-virus-completely-step-by-step/
hope that helps.
hotdamn
(13 items)
 
  
CPUMotherboardGraphicsRAM
e8500@4.05 asus p5k deluxe gtx580 ocz pc8500 
Hard DriveOptical DriveOSMonitor
seagate 1tb lg dvd win 7 64 bit westinghouse 23" 
PowerCase
ocz 850 thermaltake v3 
  hide details  
Reply
hotdamn
(13 items)
 
  
CPUMotherboardGraphicsRAM
e8500@4.05 asus p5k deluxe gtx580 ocz pc8500 
Hard DriveOptical DriveOSMonitor
seagate 1tb lg dvd win 7 64 bit westinghouse 23" 
PowerCase
ocz 850 thermaltake v3 
  hide details  
Reply
post #10 of 24
Quote:
Originally Posted by th3illusiveman View Post

I don't know where to find it in the registry. MSE just tells me it's name but not it's locations... Any ideas? There are thousands of things in there.

You know filename, Edit -> Find in regedit. wink.gif

Once you delete the keys telling the trojan to start up on boot it wont start next time you boot up, then you are free to use MalwareBytes to delete the file(s).
Edited by huhh - 11/6/13 at 8:25pm
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
RedCraze
(23 items)
 
  
CPUMotherboardGraphicsGraphics
Intel core i5 4690k Asus maximus VII Hero MSI 7970 OC TF3 MSI 7970 OC TF3 
RAMHard DriveHard DriveHard Drive
G.Skill Ripjaw X 2166mhz 2x8GB Samsung 840 120gb 3tb toshiba Samsung 850 evo 250gb 
Optical DriveCoolingCoolingCooling
LG BH12LS35 Blu-Ray USB 3.0 EK-D5 X-RES 250 CSQ  MCP655 EK Supremacy Evo 
CoolingCoolingCoolingCooling
Bitspower Petg Tubing & Darkside Fittings EK Coolstream XE360 w/ AP-15 Push/Pull Ek Coolstream PE360 /AP-15 Push EK-FC7970-CSQ x 2 w/Backplate 
OSMonitorKeyboardPower
Windows 7 / Windows 10 Viewsonic vx2703mh  Logitech G15 XFX PRO1050W Black Edition  
CaseMouseMouse Pad
Corsair 900d  Logitech G502 SteelSeries QcK Gaming Mouse Pad 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › How do i get rid of the Fynloski Backdoor trojan