All Activity

I'm not sure if this is a false positive or not. However, I have had PEACE installed on my computer for quite some time. Is it common for there to be .exe files in the appdata local temp folder?

Malwarebytes has detected PEACESETUP.EXE in the appdata\local\temp folder (Peace Equalizer, interface Equalizer APO) Log attached & below: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/26/24 Scan Time: 8:29 PM Log File: 599ca740-0446-11ef-8182-50ebf626afa6.json -Software Information- Version: 4.6.13.324 Components Version: 1.0.2319 Update Package Version: 1.0.83930 License: Free -System Information- OS: Windows 10 (Build 19045.4355) CPU: x64 File System: NTFS User: \Emvy -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 382825 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 5 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.3955543604, C:\USERS\EMVY\APPDATA\LOCAL\TEMP\PEACESETUP.EXE, No Action By User, 1000000, -339423692, 1.0.83930, FC56F8BEB17225AFEBC4CE34, dds, 02798044, FB112A6877B0FBC83CAFD9AA8E4756DD, 9720D0D34F9FCFA8C9E545E3E0955B31BBD445AA090DE66C5A7C311B1EB703AC Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Malwarebytes PEACE.txt

It's pretty late here too, thank you so much, and a good night! (Luckily no errors or difficulties this time) Fixlog.txt

Hello, Please do the following to run a FRST fix, that will disable scheduler task (related to Autodesk). NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File) HKU\S-1-5-21-1913691612-628984878-397764100-1001\...\Run: [CiscoMeetingDaemon] => "C:\Program Files (x86)\Webex\CiscoWebExStart.exe" /daemon /from=autorun (No File) CMD: type C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.vbs CMD: type C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat CMD: schtasks /Change /TN "System32\Tasks\Microsoft\Windows\Autodesk\Autodesk" /Disable End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. Please let me know if this solved the issue.

It is too late in this part of the woods. Will check on you in the am.

Lets start blasting: Download the enclosed file Fixlist.txt Save it in the same location FRST64.exe is saved (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. If too large, use an online upload service and post the link. www.wetransfer.com is a good site.

Hope you are able to detect the issue at hand :( thank you so much for your time and assistance! Fixlog.txt

Upload the Fixlog.txt that must be next to FRST64.exe. If too large, use an online service such as www.wetransfer.com.

Managed to get back via restore point... what should I do now?

If you are not able to boot in Safe Mode, use the installation media and try a Restore Point.

Log for staff since it was not provided. -Website Data- Category: Phishing Domain: www.ticket2u.com.my IP Address: 172.67.38.139 Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Hello my website www.ticket2u.com.my is being blocked by malwarebytes only malwarebytes is blocking it

Hi James, Unfortunately a screenshot won't help us here. Could you please have the student visit https://downloads.malwarebytes.com/file/mbst and follow the instructions on how to gather logs? Once they've gathered them please share them so we can review. Thanks

Windows is asking me for a password but my profiles password doesnt seem to work (same pass works when i login via outlook though, I'll try to boot into safemode via win10 usb)

1. Boot Windows in Safe Mode To make changes in Windows, you must enable safe mode because you cannot log in due to the error message. The error often occurs because of duplicate entries, so we need to manually rename the entries to fix this error message. To do this, you need to boot into safe mode. Safe Mode is a mode in which the user diagnoses the cause of a problem, as it does not allow irrelevant services, third-party applications, and GPU drivers to load at startup, since these could cause issues. Therefore, follow the steps below to boot into Safe Mode: On the sign-in screen, click the power button in the bottom right corner. Hold the Shift key, and then click Restart. The Options Screen window will appear; click Troubleshoot > Advanced Options > Startup Settings Navigating to Troubleshoot Navigating to Troubleshoot And then, click ‘Restart‘ from the bottom right. Restarting Computer to Boot into Safe Mode Restarting the Computer to Boot into Safe Mode Once the computer restarts, press 5 or F5 on the keyboard to enable Safe Mode. (or Safe Mode with Networking) Once finished, see if you can obtain the Fixlog.txt and attempt to upload it. Run FRST64 once again and attach the logs.

That is very strange as the fix it is just a batch file and no system files are removed. Can you boot to the Recovery Console?

No there is not. You really need to stop digging around on your computer. You have no grasp of the inner operations of Windows and software on it and it is making you extremely paranoid. You are seeing issues where there are none.

i reinstalled windows 11 on my laptop and i saw in my app data roaming folder an adobe folder with flash player inside of it both the folders were empty and i was wondering if this was anything to worry about considering flash has been discontinued for a couple of years now

After the restart, I am unable to log in to my windows profile.. its giving me the error "The User Profile Service Failed the Logon"

I have never heard of one doing that.

Thanks for your quick responses - we'll see if it's possible to get a screenshot of what the student is seeing!

A screenshot of the block would help tremendously. I think it is a browser guard heuristic block. The access seems to be with Google Workspaces. I tried to reproduce but without an account there I got the following. @JPopovic@BjelakovicL

:Welcome: I'll be helping you with your computer. Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding. Please take note of the guidelines for this fix: Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated. First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer. Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me. Please read ALL instructions carefully and perform the steps fully and in the order they are written. If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean. Continue to read and follow my instructions until I tell you that your machine is clean. If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed. Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. Let's begin... Your computer is full of hidden files. Lets try to make a list of these. We will also remove files in specific folders. Download the enclosed file Fixlist.txt Save it in the same location FRST64.exe is saved (FRSTEnglish.exe) Start FRST (FRST64) with Administrator privileges This time around Press the Fix button and wait When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Please attach this file in your next reply. If too large, use an online upload service and post the link. www.wetransfer.com is a good site.

can rats use worms to spread across a network?

logs AdwCleaner[C02].txt Malwarebytes Scan Report 2024-04-25 150143.txt