Trojan.Floxif.Trace - still there

[JAN7]

Every time I run my (free) Malwarebytes program, the Trojan.Floxif.Trace appears two times. I quarantine and rid it but it keeps coming back.  I spent most of all day yesterday trying to get rid of it with no luck! I am not an expert user by any means, and know just enough to be dangerous.  I run Windows 7 32 bit.  Is there an EASY way to get rid of the fluckin Floxif -   I am updated with the latest CCleaner (free)  version. 

There are sites on line telling how to rid this nasty, but most instructions are over my head or I am afraid to try the 10+ step approach at one site.  I tried one suggestion with no luck. I wish CCleaner would release a fix for this.   I am now paranoid to use the computer for banking, etc.  Also, I was alerted that an update is available today 5.42.6499 but seems to be only for paid users.  Am I wrong?  Any help would be appreciated.  Thank You! 

 

[hazelnut]

You would be best following the instructions on the Malwarebytes site for help as we don't do Malware removal on this forum.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Don't worry, just follow the instructions and they will help you.

[JAN7]

Thank you hazelnut for your quick reply.  I would think that because the Trojan was caused by CCleaner, THEY should provide a fix. 

I will try the Malwarebytes link you suggested.  Wish me luck.... I think I see a new computer in my future!   Thanks again.

 

 

 

 

 

[hazelnut]

Let us know how you get on Jan7

Good luck !!

[JAN7]

I looked at the link you provided.... it is all so overwhelming to me and I did not attempt (was afraid)  to follow the instructions. My head spins. As I said, I am not very tech savvy with this stuff.

I am in the process of backing up my important things to an external hard drive.  Been two days working on this cr*p!  I called a few repair companies to rid viruses etc. and they are expensive.  My computer is over 10 years old,  but works great still and I would keep it but for that darned Floxif!  Have no idea what I did, but lost my bookmarks!  Been working on restoring them too with no luck.  FUBAR'D!

I think I will buy a new computer at this point.  Thanks Ccleaner!!   

Perhaps when I have all important things backed up I will try the malwarebytes fix.  So many programs and steps to follow makes me crazy.  Again, thanks for your help and concern. 

[Andavari]

You state you have the newest CCleaner installed, so I wonder if your anti-virus/anti-malware is perhaps detecting the infection in the backups made by System Restore? If so those restore points can be easily deleted/purged so you'll stop getting virus alerts.

Edit:
Also search your hard disk for the infected installer, and if it is found delete it: ccsetup533.exe

Also the latest CCleaner isn't just for paid users there's still a freeware version available at:
https://www.ccleaner.com/ccleaner/builds

[JAN7]

Thank you so much Andavari for your response. I bit the bullet today and am getting a new computer. This one is older anyway and it's time. There are a few minor hardware issues
with it in addition to the nasty Trojan.

My free anti-virus never picked up on the Floxif -- only free Malwarebytes did. Again, I'm not tech savvy and don't really know how to do what you suggest. I uninstalled Ccleaner and will be searching for an alternative for the new box when I get it on Tuesday. Ccleaner pushed my buttons to the point of not wanting to use them again. It's sad you have to go to other sites to get Help trying to fix what THEY should be doing -- admitting how bad the trojan was and how to fix it. I know it's a complicated process (for me) at least to get rid of it. I have backed up everything I need on to my external hard drive and the place where I'm having the computer built is going to scan the drive to make sure nothing is infected before reinstalling programs/files. Lord only knows what the Floxif did or is doing at this moment.

I PAID FOR a new anti-virus program from the computer store. They will install it for me. I most likely will get the paid version of malwarebytes as well. Free is good -- but not if it doesn't catch things in real time. Live and learn. Sorry for the ramble/rant. I sincerely Appreciate ALL of you for helping US! -- especially "challenged" users like me! THANK YOU!

[Nergal]

34 minutes ago, JAN7 said:

Help trying to fix what THEY should be doing -- admitting how bad the trojan was and how to fix it.

With all do respect, they did exactly that at the time of the infection, september of 2017

36 minutes ago, JAN7 said:

Lord only knows what the Floxif did or is doing at this moment.

It does basically nothing because shortly after its discovery the data receiver server was shut down.

More information here

 

[JAN7]

Thank you for your "respectful" reply Nergal!  The information you posted is news to me. I did not belong to the Piriform message boards and did not see that information. MyBad I guess. I was not notified about it any other way.  I only recently looked up the information on line after seeing it in my Malwarebytes scan.. and panicked. I feel better knowing the server was shut down and 'most likely'  nothing was compromised.  Appreciate you pointing out the information.  I will try to be more vigilant with my new computer.  THANK YOU AGAIN for information and help. 

Edited May 18, 2018 by JAN7
did not finish reply

[JAN7]

I  know this topic is old news (2017) to everyone but me I guess.  I figured since I'm getting a new machine I'd play around with this one... if I messed it up... oh well. This is interesting:  No matter how many time I ran malwarebytes and supposedly cleaned it, the floxif trojan always kept reappearing in the list. 

This afternoon I noticed Malwarebytes has a free BETA program called Malwarebytes Anti-Rootkit -( "Malwarebytes Anti-Rootkit BETA is cutting-edge technology for detecting and removing the nastiest malicious rootkits.")

For the heck of it, I ran the beta... the floxif trojan appeared twice on that list also.  Once I cleaned it using the beta program, and re-ran the regular Malwarebytes program,  floxif no longer appears in the list!  I did four more scans before and after reboots and it is completely gone.  I know you said no damage had been done, which is a relief to know,  but it was unnerving to always see the that trojan show up when I did a scan.  Now It's Gone!  Probably wouldn't hurt to try it should anyone else  be interested in it. It is not only for the floxif.  https://www.malwarebytes.com/antirootkit/ -

Hope posting links is OK.  Now that I'm calmed down, I plan on purchasing the Ccleaner program for my new machine.  Again, thank you all for your help and patience! 

 

 

 

 

[nukecad]

I believe that in a small number of cases the floxif issue put a couple of keys in the registry.

They were just junk and could not do any harm once the rouge server had been shut down.

But if they were on your machine then until they were removed a decent malware scan would still flag them as suspicious/nasty.

MB anti-rootkit seems to have got rid of them for you.
(It's an advanced tool that is not needed most of the time, but as you have found somtimes it is good to know about).

[Andavari]

Interesting that one Malwarebytes program would remove it, but the other wouldn't. Something to definitely remember!

[nukecad]

The standard MB3 now includes a scan for rootkits, (it got built in when they changed from MBAM2 to MB3), but because it's an advanced option that's usually only needed in extreme cases it is turned off by default so as not to slow scans down.

In MB3 open the settings and go to the 'Protection' tab.

'Scan for rootkits' is the first entry in the 'Scan options'. (Don't forget to turn it off again after using or all your scans will take longer).

Or of course you could still use the stand alone anti-rootkit beta.
It's in beta for testing features that may later get incorporated into the main MB3.

[Andavari]

Malwarebytes takes less time on my system at 15 seconds to complete a rootkit scan (albeit not a very thorough scan) when compared to the Pre-scan Operations which takes 19 seconds.

[nukecad]

TBH I've never timed it, I was merely repeating the advice from Malwarebytes about scanning for rootkits:

I do note that they now say a weekly rootkit scan is a good idea.

https://support.malwarebytes.com/docs/DOC-1311

[Andavari]

The first thing I do in the settings is enable the rootkit scan, and I leave it as always enabled. Which is probably important if using the freeware version, that way it gives it every chance at detecting something since real-time protection isn't available in the freeware version.