All Activity

After you have completed the steps above, please also do the following Please uninstall, update, or otherwise address the following as appropriate for your system Discord v.1.0.9005 Warning! Download Update Google Chrome v.123.0.6312.123 Warning! Download Update Node.js v.20.12.2 Warning! Download Update Sandboxie-Plus v1.13.3 v.1.13.3 Warning! Download Update ---------------------------- [ UnwantedApps ] ----------------------------- Bonjour (this program is rarely needed on Windows but often causes networking issues, please uninstall) Then RESTART the computer and check for Windows Updates and install any found Let me know if there are still any signs of infection or any other unresolved issues Thank you

Microsoft Windows Defender believes this to be a Crypto injector. Please delete C:\Users\Malthe\Downloads\Pianoteq.zip This one is a Trojan as well that should be deleted if it has not been already E:\Plugins\VST\Nexus3.4.4.dll What is this for? Strange location to run a System Service S3 EchoDrv; \??\C:\Users\Malthe\Desktop\EchoDrv.sys [X] [ 1 ] Please create a NEW System Restore Point Turn On or Off System Protection for Drives in Windows 11 https://www.elevenforum.com/t/turn-on-or-off-system-protection-for-drives-in-windows-11.3598/ Create System Restore Point in Windows 11 https://www.elevenforum.com/t/create-system-restore-point-in-windows-11.3602/ [ 2 ] Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled. CHR Notifications: Default -> hxxps://traderoom.forexsignals.com; hxxps://www.metroopinion.com https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ Turn notifications on or off - Google Chrome Web Push notifications in Firefox [ 3 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\Malthe\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks

here is the log. msert.log

Hi - my eSet scan came back clean. The log is attached. Thanks! ESet_Log.txt

Hi, I am the developer of a vpn software. My file is incorrectly detected as suspicious. Report: https://www.virustotal.com/gui/file/1bddf19534aee07e5a11afb46e224dad3982b68f8e73a91ca16669f4e92329e9?nocache=1 Please check my attached vpn installer files and exe and add my software to your white list. Please confirm that my application is clean and allow your customers to utilize my vpn. The vpn and installer are attached to this thread with the password "infected". Please remove the attachment from this thread when the file is approved as clean. Your help is greatly appreciated with regards to this matter. Kind regards, archive.zip

Oops, here you go SecurityCheck.txt

OK. Found I should check all FSS options . So here is corrected FSS log FSS.txt

Well, your system is infected or at least damaged from a previous infection. Let me review further and write a script to see if we can fix it.

Do you have the log from the first scan?

Wasn't sure which option should I choose , and took default (Internet services) FSS.txt Addition.txt FRST.txt

Great pics

@AdvancedSetup @Porthos I cleaned, desynced, and wiped Chrome on both the infected PC and my uninfected Laptop. I created a new system restore point. I did not disable my anti-virus or SmartScreen because they didn't interfere with any downloads or scans. I disabled fast startup. I enabled hidden folders and file extensions. I scanned with AdwCleaner, Malwarebytes, restarted my PC, then scanned with Farbar Recovery Scan Tool. I'll attach the related files. Thank you for your very quick response! Would I be able to still use the PC while this process continues? Or should I refrain from using it until this is resolved? Addition.txt AdwCleaner[C02].txt FRST.txt Malwarebytes Scan Report 2024-04-18 201714.txt

Here you go! Addition.txt FRST.txt FSS.txt

I would since it is obviously not malware. Just something being called from a non-standard location.

@tam1236 Well done. Windows Resource Protection found corrupt files and successfully repaired them. I would like you to run FRST and FSS to check the results. Please note: It's time for me to go to bed now, I'll be back tomorrow. 1️⃣ Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. 2️⃣ Please follow these instructions and attach the requested logfile FSS.txt:

Done. Fixlog attached Thank You very much for Your help. I really appreciate it and if I didn't thank at once it was because I was too embarrased Fixlog.txt

I have sent you a Private Message @kaung24 Please follow up in my message

Any thoughts?

Spring well underway. Cloudy days and rain bring out the beauty.

@tam1236 Thanks for your feedback! Your system is infected with a lot of malware. First, we will use FRST to run a fix. Please be very patient during the fix, it may take some time. More steps will follow after this fix. Thank you! Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\EMJ\Desktop\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

No. I didnt

Hello, thanks for bringing this to our attention. We've reviewed the data from the site again and have determined it no longer warrants being blocked so we've disabled the block in our database. Removal should be reflected in the next database update going out in a few hours or so.

I will submit a request to have Support reach out to assist. Please note you will have to provide proof of purchase

Thank you for the logs @Wisper Please clean up Google Chrome. Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues Then AFTER you have cleaned Google Chrome, please run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you