All Activity

This stream auto-updates   

  1. Past hour
  2. I have encountered this social engineering attack on the web. The first time I saw it, I thought it might be legit, and I started to download (into a Sandboxie-protected folder), but didn't even complete the download, let alone recover the file and execute it. I am now well aware of the attack, but would still like to know how to configure MB3 to block these HoeflerText popups, or, for someone to explain to me why MB3 is not already blocking them?
  3. Ok I'll read through it. Windows defender told me it found a trojan last night after the windows reset so i think the virus is still on the hard drive. Btw the only programs i installed are things like steam discord mozilla and programs like that
  4. May of 2017 and I pretty much get the same error. Monet and sandpaper are definitely on the list. I ran it twice and after the 3 1/2 hour full scan which had these files (about 150 of them) with Monet and sandpaper listed many times along with others, they would not resolve. Not in the mood to run this again so if anyone has any ideas on how to resolve besides the above fix that probably won't do a thing... Windows 7, Desktop 64.
  5. when trying to run any malware/virus cleaning programs this error occurs, "The requested resource is in use".
  6. I have attached all the log files. Note I have attached two log files for MBAM The scan log and the real time protection, outbound connection blocking log. I have also attached the MBAR log AdwCleaner[C0].txt AdwCleaner[S0].txt AdwCleaner[S1].txt mbar-log-2017-05-22 (16-57-36).txt mbam-outbound.txt mbam-scan.txt JRT.txt
  7. Malheureusement, je ne comprends pas le français... I did the Windows Action Center setting as advised by Antec. Windows Defender now seems to have established itself as my "companion AV program", running alongside Malwarebytes Premium. See the attachment -- I can do a separate, additional scan with Windows Defender. Does that mean I am now sufficiently protected?
  8. Today
  9. Continue with the following: Right click on RogueKiller.exe and select "Run as Administrator" to start the tool, accept UAC.. In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes Checkmark (tick) the following against Registry entries, ensure that all other entries are not Checkmarked [PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Gefunden [PUP.Ghokswa] (X64) HKEY_USERS\.DEFAULT\Software\Firefox -> Gefunden [PUP.Ghokswa] (X86) HKEY_USERS\.DEFAULT\Software\Firefox -> Gefunden [PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-3057020106-1815723700-2404043271-1001\Software\Firefox -> Gefunden [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3057020106-1815723700-2404043271-1001\Software\OCS -> Gefunden [PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-3057020106-1815723700-2404043271-1001\Software\Firefox -> Gefunden [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3057020106-1815723700-2404043271-1001\Software\OCS -> Gefunden [PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-18\Software\Firefox -> Gefunden [PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-18\Software\Firefox -> Gefunden [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{33d62edf-c331-4349-890f-5c4855aab31d} | DhcpNameServer : 172.20.10.1 ([]) -> Gefunden [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2544E572-718C-4613-80B6-4249455E19FC}C:\windows\temp\files\bin\kmss.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\temp\files\bin\kmss.exe|Name=kmss.exe|Desc=kmss.exe|Defer=User| [x] -> Gefunden [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{03028063-ED4C-48DE-95B9-C6DA94979215}C:\windows\temp\files\bin\kmss.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\temp\files\bin\kmss.exe|Name=kmss.exe|Desc=kmss.exe|Defer=User| [x] -> Gefunden [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {53D087CD-84E8-48DB-8CA5-2D525799E32E} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Gefunden [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Gefunden [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Gefunden Checkmark (tick) the following against Tasks entries, ensure that all other entries are not Checkmarked [PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Gefunden [PUP.OtherSearch] \wmCojRoySy -- C:\Program Files (x86)\4RrM8Ulg0k\updengine.exe -> Gefunden Checkmark (tick) the following against File entries, ensure that all other entries are not Checkmarked [PUP.HackTool][Datei] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Gefunden [PUP.HackTool][Datei] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Gefunden [PUP.HackTool][Ordner] C:\Program Files\KMSpico -> Gefunden Checkmark (tick) the following against Web Browser entries, ensure that all other entries are not Checkmarked [PUM.SearchEngine][Firefox:Config] grzjttum.default : user_pref("browser.search.selectedEngine", "initialpage123"); -> Gefunden [PUM.SearchEngine][Firefox:Config] grzjttum.default : user_pref("browser.search.defaultenginename", "initialpage123"); -> Gefunden [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [mystarting123] -> Gefunden [PUP.Gen1][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://www.mystarting123.com/search/index.php?z=73e473f4eedf368a25798f4g5z9tdwbb9t5qboeoee&q={searchTerms}] -> Gefunden Hit the Delete button, when complete select "Open Report" in the next window select "Export txt" the log will open. Save to your Desktop for reference, also attach to next reply. Next, Emsisoft Emergency Kit Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment. Save EmsisoftEmergencyKit.exe to your Desktop. Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear: Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\). Once the extraction is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit. Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear: Choose Yes, then wait for EEK to finish updating. Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes. Wait for the scan to finish. If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected. If Emsisoft Emergency Kit asks to reboot, please do so immediately. The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop. Please Copy and Paste the contents of the scan log in your next reply. Let me see those logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin
  10. Can someone help me remove this annoying thing? I started getting it when I installed Minion, a gaming add on program for Elder Scrolls Online. I deleted Minion but it still pops up a lot. Any help would be appreciated, thanks.
  11. Okay: 1. SHA256:c0565b54cb02b72c368092c6f05aa3b6e8cb0bd8b7cc70869f2bd72781d5797b Dateiname:ntkrnlmp.exe Erkennungsrate:0 / 60 Analyse-Datum:2017-05-28 19:05:14 UTC ( vor 0 Minuten ) 2 SHA256:7f291d8d9b0eb0eac8d428b6f7ccd02f2c14c82a782f285434a3e5f6fb8a226b Dateiname:osloader.exe Erkennungsrate:0 / 61 Analyse-Datum:2017-05-28 19:09:32 UTC ( vor 0 Minuten ) 3. In the attachements. Thank you again for your help. Jan report.txt
  12. There must have been a demand for a registry cleaner, so they added such a component. If you don't need it (like me), just don't use it.
  13. You`re very welcome papertrails, comebak anytime... Regards, Kevin...
  14. Try option one at the following link to get chkdsk log.. https://www.tenforums.com/tutorials/40822-read-chkdsk-log-event-viewer-windows-10-a.html
  15. Hello DukeTa. Thank you for the logs. From what I can see your computer appears to be clean and free of malware. However, I would give it a day or two to see how it will behave. For now let's check for outdated programs. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to malware infections. Please download Security Analysis by Rocket Grannie from here Save it to your Desktop. Close your security software to avoid potential conflicts. Double click RGSA.exe Click OK on the copyright-disclaimer When finished, a Notepad window will open with the results of the scan. The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere. Please copy and paste the contents of that log in this topic. Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk. Thank you. Rui
  16. Why does such a reputable program have a registry cleaner component from my knowledge registry cleaners are awful and everyone i talked to say they awful as well why would they do that to their own program surely it tarnishes ccleaner name/product?
  17. Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Windows\System32\ntkrnlmp.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the results back here please. Repeat the above steps for the following files C:\Windows\System32\osloader.exe Next, Select the Windows key and X key together, from the menu select "Command prompt (Admin)" Copy/paste the following command at the prompt: Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab put cursor at the command prompt then Right click and select paste, hit enter. Two files will be saved to your Desktop. Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data Let me see VirusTotal results and report.txt Thank you, Kevin
  18. I have seen only those machines stuck on version 2, which did have problems with activation due to "key usage exhausted" after manually applying the new version. All the other machines I support did automatically get at least version 3.06. Best greetings from Germany Olaf
  19. Lifetime subscription keys work also with version 3. Although I recommend to screenshot the current license information before installing the update, since I experienced some cases in which I had to contact Malwarebytes support to get the key/ID combo getting activated again. Since I have no possibility to check, which computer name is still registered with a certain license, it is hard to figure out, what exactly is or was wrong. Best greetings from Germany Olaf
  20. Thank you so much once again! (:
  21. check this.. https://en.wikipedia.org/wiki/Windows_Registry use regedit.. A quick way to access Regedit that applies to Windows XP, Vista, 7, 8.x, and 10 is the following: Open the Run box with the keyboard combination Windows key + r. In the Run line, enter “regedit” (without quotes) Click “OK” Say “Yes” to User Account Control (Windows Vista/7/8.x/10) http://www.wikihow.com/Use-Regedit Do your backup and if anything have your OS kit on hand to re-install OS..
  22. I ran the " CHKDSK C: /R " twice and each time there were no wininit logs listed in the event viewer. When running the scan I got the message "Scanning and repairing drive(c:): #%. The # would start a 1 and only go to 11 and stop counting, after about 1.5 hours it would say 100% complete.
  23. There is no BEST solution. Just try a couple of apps, such as Avira, BitDefender Free, Avast etc. to find out what's best for YOU.
  24. I reinstalled Malwarebytes a few weeks ago because of the issues it had(turning all security off). I used the clean tool provided by your website. I reinstalled but I noticed in Task Manager that I don't have Mbamservice.exe in my Processes tab. Maybe this is because of the new version (3.1.2)? I have Windows 7. Or is it normal to only have mbamtray.exe and mbam.exe(when I open the program up).
  25. What is the best FREE full protection anti-virus out there?
  26. Take look at the video. Has Malwarebytes patched this exploit?
  27. Here we go. Sorry again for the second Topic and thank you for your help Kevin HitmanPro_20170528_2025.log rk_57DF.tmp.txt
  1. Load more activity