PWS:MSIL/Petun.A

[j.dirona]

So every time I start up my computer I get windows defender telling me that it has quarantined PWS:MSIL/Petun.A however it's never able to find the file location to get rid of it. From what I've seen it is a password stealing Trojan so I need to get rid of it asap. I ran malwarebytes but again the file wasn't found when I ran it.

 

Any idea's on how I can get rid of this?

 

Thanks

[LukaP]

boot a linux live usb

terminal

sudo dd if=/dev/zero of=[put your disk location here, its probably \dev/sdb] bs=512 count=1

[j.dirona]

boot a linux live usb

terminal

sudo dd if=/dev/zero of=[put your disk location here, its probably \dev/sdb] bs=512 count=1

okay so I'll use Ubuntu then? and what does the terminal command do?

[LukaP]

okay so I'll use Ubuntu then? and what does the terminal command do?

damn i hoped someone else would come and be more serious. This one will just fill your entire hard drive with 0s. dont do it if you have data you need on that drive. back it up.

[j.dirona]

damn i hoped someone else would come and be more serious. This one will just fill your entire hard drive with 0s. dont do it if you have data you need on that drive. back it up.

lol okay I was slightly confused what it was going to do, yeah but I can't find anything on how to get rid of this

[LukaP]

lol okay I was slightly confused what it was going to do, yeah but I can't find anything on how to get rid of this

I wish i could help you other than that. does the "remove" option in WD not work for you?

[j.dirona]

I wish i could help you other than that. does the "remove" option in WD not work for you?

nope it wasn't able to find the file, and I've gone searching and I can't find it either, also it doesn't even show up as a task so idk if its even running

[LukaP]

nope it wasn't able to find the file, and I've gone searching and I can't find it either, also it doesn't even show up as a task so idk if its even running

interesting. registry reference to it?

[j.dirona]

interesting. registry reference to it?

This is what WD gives me when it quarantines it:

 

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. 

 

Category: Password Stealer

 

Description: This program is dangerous and captures user passwords.

 

Recommended action: Remove this software immediately.

 

Items: 

file:C:\Users\Benjamin\Dropbox\.dropbox.cache\~4f447f5b.tmp

file:C:\Users\Benjamin\Dropbox\.dropbox.cache\~f15bf94a.tmp

 

I searched for it in my registry but I couldn't find any files associated with it.

[LukaP]

Well they are temp files, so they are gone already. you dont have to worry there. check Users\Benjamin\appdata\ and its subfolders for any related content

[j.dirona]

Well they are temp files, so they are gone already. you dont have to worry there. check Users\Benjamin\appdata\ and its subfolders for any related content

Nope searched appdata and couldn't find anything related (I also ran spyhunter and it wasn't able to find it). Is it possible that it's just temp files being created but the actual Trojan isn't there?

[LukaP]

Nope searched appdata and couldn't find anything related (I also ran spyhunter and it wasn't able to find it). Is it possible that it's just temp files being created but the actual Trojan isn't there?

maybe. I honestly dont know how else to help. try sniffing your connection to see if youre communicating with any weird IPs