Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Thanks for that however, regardless of whether it was intended or not when the product was purchased in 2012 which was then called Anti-Malware Premium, this was one of the main reasons I went with malwarebytes over the others. it did not have that in the EULA, I am going to be lodging a complaint with the better Better Business Bureau.
  3. The screenshot you've posted shows an error from the browser regarding the certificate, not a block from our software. They need to correct their TLS certificate to allow the browser to load it (alternatively, you can use a different browser (e.g. Firefox etc))
  4. Today
  5. What is Advance PC Solutions?The Malwarebytes research team has determined that Advance PC Solutions is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Advance PC Solutions?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see this warning during install:and this type of screens during "operations":and this one when you try to uninstall it:Cancel stops the uninstall procedureYou may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did Advance PC Solutions get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Advance PC Solutions?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Advance PC Solutions? No, Malwarebytes removes Advance PC Solutions completely. This PUP creates a scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Advance PC Solutions installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) C:\Program Files (x86)\Advance PC Solutions\advpcsolutions.exe Task: {498806A4-6594-4208-A5C8-AFEFACBC03C2} - System32\Tasks\Advance PC Solutions => C:\Program Files (x86)\Advance PC Solutions\advpcsolutions.exe [3197744 2019-06-07] (Econosoft Global Services PTE. LTD. -> Econosoft Global Services Pte. Ltd.) S2 COMServices; C:\Program Files (x86)\Advance PC Solutions\svc//COMServices.exe [X] C:\Windows\System32\Tasks\Advance PC Solutions C:\Users\{username}\AppData\Roaming\Advance PC Solutions C:\Users\{username}\Downloads\Trojan.Worm.766726.msh C:\Users\Public\Desktop\Advance PC Solutions.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Solutions C:\Program Files (x86)\Advance PC Solutions (Econosoft Global Services Pte. Ltd. ) C:\Users\{username}\Desktop\advpcsolutions.exe Advance PC Solutions (HKLM-x32\...\{487A114A-1C46-40A3-8528-E7BFA8DA23F5}}_is1) (Version: 1.0 - Econosoft Global Services Pte. Ltd.) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Advance PC Solutions Adds the file advpcsolutions.exe"="6/7/2019 6:35 PM, 3197744 bytes, A Adds the file Interop.NATUPNPLib.dll"="4/19/2018 12:25 PM, 7168 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 12:25 PM, 9728 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 12:25 PM, 19456 bytes, A Adds the file Interop.Shell32.dll"="4/19/2018 12:25 PM, 36864 bytes, A Adds the file Interop.WUApiLib.dll"="4/19/2018 12:25 PM, 73728 bytes, A Adds the file ksb.bat"="8/8/2018 9:05 PM, 208 bytes, A Adds the file logo.ico"="6/7/2019 5:40 PM, 38078 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 12:31 PM, 171008 bytes, A Adds the file SharpCompress.dll"="4/19/2018 12:35 PM, 418304 bytes, A Adds the file Sys_Trace.xml"="4/19/2018 12:45 PM, 46 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file unins000.dat"="7/16/2019 3:33 PM, 65210 bytes, A Adds the file unins000.exe"="7/16/2019 3:33 PM, 749360 bytes, A Adds the file unins000.msg"="7/16/2019 3:33 PM, 11581 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 12:20 PM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 12:20 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Advance PC Solutions\Backup Adds the folder C:\Program Files (x86)\Advance PC Solutions\de Adds the folder C:\Program Files (x86)\Advance PC Solutions\en Adds the file advpcsolutions.resources.dll"="6/7/2019 6:35 PM, 27136 bytes, A Adds the file sharkpcprotector.resources.dll"="6/6/2019 7:58 PM, 27136 bytes, A Adds the folder C:\Program Files (x86)\Advance PC Solutions\ja-jp Adds the folder C:\Program Files (x86)\Advance PC Solutions\uni Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file Uninstaller.exe"="6/7/2019 6:36 PM, 565552 bytes, A Adds the folder C:\Program Files (x86)\Advance PC Solutions\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\Advance PC Solutions\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Solutions Adds the file Advance PC Solutions.lnk"="7/16/2019 3:33 PM, 1239 bytes, A Adds the file Uninstall Advance PC Solutions.lnk"="7/16/2019 3:33 PM, 1209 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Advance PC Solutions\PC Repair Online\Backup Adds the folder C:\Users\{username}\AppData\Roaming\Advance PC Solutions\PC Repair Online\setting Adds the file pbp_sett.ash"="7/16/2019 3:38 PM, 102400 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file Trojan.Worm.766726.msh"="7/12/2019 7:38 PM, 259 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Advance PC Solutions.lnk"="7/16/2019 3:33 PM, 1221 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Advance PC Solutions"="7/16/2019 3:34 PM, 3252 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\FT\APS\Activation] "Insdate"="REG_SZ", "bT4B7QSKGCb4ucK62vNZOMHNveNFYjZ6nQbe74oEyQs=" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "51sws36QDBIEpDKEpyQ4sx2f9tVRgx9Of8bohj9PQ64=" "lbp"="REG_SZ", "51sws36QDBIEpDKEpyQ4sx2f9tVRgx9Of8bohj9PQ64=" "lr"="REG_SZ", "BK6W2BzUuxwDEqiqBeww2i6RrUgYZvNul7b4vvyk4+Q=" "lsp"="REG_SZ", "51sws36QDBIEpDKEpyQ4sx2f9tVRgx9Of8bohj9PQ64=" "PN"="REG_SZ", "+1(888)200-8889" "Program"="REG_SZ", "Advance PC Solutions" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FT\APS\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "Advance PC Solutions" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{487A114A-1C46-40A3-8528-E7BFA8DA23F5}}_is1] "Comments"="REG_SZ", "Advance PC Solutions" "Contact"="REG_SZ", "0800-183-3940" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Advance PC Solutions\logo.ico" "DisplayName"="REG_SZ", "Advance PC Solutions" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 13892 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Advance PC Solutions" "Inno Setup: Icon Group"="REG_SZ", "Advance PC Solutions" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190716" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Advance PC Solutions\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Econosoft Global Services Pte. Ltd." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Advance PC Solutions\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Advance PC Solutions\unins000.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMServices] "DisplayName"="REG_SZ", "COMServices" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Advance PC Solutions\svc//COMServices.exe" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Advance PC Solutions"="REG_SZ", ""C:\Program Files (x86)\Advance PC Solutions\ksb.bat"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/17/19 Scan Time: 8:58 AM Log File: 5051be92-a860-11e9-bd41-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11590 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236319 Threats Detected: 65 Threats Quarantined: 65 Time Elapsed: 6 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\advpcsolutions.exe, Quarantined, [4459], [708750],1.0.11590 Module: 2 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\x64\SQLite.Interop.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\advpcsolutions.exe, Quarantined, [4459], [708750],1.0.11590 Registry Key: 5 PUP.Optional.AdvancePCSolutions, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ADVANCE PC SOLUTIONS, Quarantined, [4459], [708758],1.0.11590 PUP.Optional.AdvancePCSolutions, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D9DB24FA-EB4C-4A3B-84D2-52829E523B2E}, Quarantined, [4459], [708758],1.0.11590 PUP.Optional.AdvancePCSolutions, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{D9DB24FA-EB4C-4A3B-84D2-52829E523B2E}, Quarantined, [4459], [708758],1.0.11590 PUP.Optional.AdvancePCSolutions, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSERVICES, Quarantined, [4459], [708757],1.0.11590 PUP.Optional.AdvancePCSolutions, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{487A114A-1C46-40A3-8528-E7BFA8DA23F5}}_is1, Quarantined, [4459], [708750],1.0.11590 Registry Value: 3 PUP.Optional.AdvancePCSolutions, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D9DB24FA-EB4C-4A3B-84D2-52829E523B2E}|PATH, Quarantined, [4459], [708755],1.0.11590 PUP.Optional.AdvancePCSolutions, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSERVICES|IMAGEPATH, Quarantined, [4459], [708757],1.0.11590 PUP.Optional.AdvancePCSolutions, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Advance PC Solutions, Quarantined, [4459], [708750],1.0.11590 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 14 PUP.Optional.AdvancePCSolutions, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADVANCE PC SOLUTIONS, Quarantined, [4459], [708752],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\ja-jp, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\x64, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\x86, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Backup, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\de, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\en, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\ja-jp, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\x64, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\x86, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\de, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\en, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\PROGRAM FILES (X86)\ADVANCE PC SOLUTIONS, Quarantined, [4459], [708750],1.0.11590 File: 40 PUP.Optional.AdvancePCSolutions, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ADVANCE PC SOLUTIONS\UNINSTALL ADVANCE PC SOLUTIONS.LNK, Quarantined, [4459], [708752],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC Solutions\Advance PC Solutions.lnk, Quarantined, [4459], [708752],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\WINDOWS\SYSTEM32\TASKS\ADVANCE PC SOLUTIONS, Quarantined, [4459], [708758],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\USERS\PUBLIC\DESKTOP\ADVANCE PC SOLUTIONS.LNK, Quarantined, [4459], [708754],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\PROGRAM FILES (X86)\ADVANCE PC SOLUTIONS\UNINS000.MSG, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\de\advpcsolutions.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\de\sharkpcprotector.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\en\advpcsolutions.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\en\sharkpcprotector.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\ja-jp\advpcsolutions.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\ja-jp\sharkpcprotector.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\de\Uninstaller.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\en\Uninstaller.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\x64\SQLite.Interop.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\x86\SQLite.Interop.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\System.Data.SQLite.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\System.Data.SQLite.xml, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\uni\Uninstaller.exe, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\x64\SQLite.Interop.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\x86\SQLite.Interop.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\logo.ico, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\advpcsolutions.exe, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Interop.NATUPNPLib.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Interop.NETCONLib.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Interop.NetFwTypeLib.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Interop.Shell32.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Interop.WUApiLib.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\ksb.bat, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Microsoft.Win32.TaskScheduler.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\SharpCompress.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\System.Data.SQLite.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\System.Data.SQLite.xml, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\Sys_Trace.xml, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\unins000.dat, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\unins000.exe, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\WpfAnimatedGif.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\Program Files (x86)\Advance PC Solutions\WPFToolkit.dll, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advance PC Solutions.lnk, Quarantined, [4459], [708750],1.0.11590 PUP.Optional.AdvancePCSolutions, C:\USERS\{username}\DESKTOP\ADVANCE PC SOLUTIONS.EXE, Quarantined, [4459], [708749],1.0.11590 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. Done and I'm still infected AdwCleaner[S07].txt Report.txt
  7. Hello again Ron, Shall I only do the steps regarding Chrome Secure Preference detection once we fully confirm that there are no more errors in Volume Shadow Copy Service? I ran Acronis but there were still errors detected and there was no option to have it fixed. I ran Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool, when the loading bar with the prompt "Registering VSS" is gone does it mean that the process is complete? I will post my Acronis logs and new FRST logs when i get back home. Thank you for your support.
  8. Note: domain was previously subject to phishing hack back in June but has been cleaned and has been clean for several weeks.. Please email if any issues delisting from here, thanks
  9. We are IT consultants acting for the domain owner. We have heard reports from some users of malwarebytes that the domain/website is blacklisted by Malwarebytes. Please contact us off forum if there are any problems delisting or if you need any further information. Thanks.
  10. Yes, the block was removed, thanks!!
  11. Any chance that you could include a mobile device admin in this chain to check out my phone? TIA
  12. I am in the same position... Many years ago I purchased 10 Lifetime products and now it says it is Blacklisted. How did you get it fixed?
  13. Can you please try the following clean removal and reinstall and let me know if anything improves or not. https://support.malwarebytes.com/docs/DOC-2674
  14. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks
  15. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  16. Excellent, I'm glad you were able to resolve the issue, thanks for letting us know.
  17. Turned out to be a corrupt \Program Files (x86)\Malwarebytes Management Server\PackageTemplate\SCComm.xml file on the management server. Copied from a working server and modified IP address.
  18. It probably has something to do with driver states and the config files. Mid-scan or even on the scan results screen, they don't want the user to be able to change anything since it could conflict with what is going on with the scan process. For example, if you've detected something during a scan and immediately exclude it manually, there's no way to tell the driver to honor the exclusions since exclusions in Malwarebytes work by having excluded items not be displayed in the list of detections for subsequent scans, which would mean that the detected items would end up getting removed if you left the checkboxes checked for those items at the end of the scan and proceeded with the remediation process even though those items might now be in exclusions from adding them during the scan or while on the scan results screen. It's similar to how Malwarebytes won't let your restore something from quarantine when a reboot is pending for DOR (Delete on Reboot) because the net result would be the item getting permanently deleted without a backup copy existing in quarantine (since the item is deleted from quarantine once it is restored, and DOR deletes the items detected from the previous scan from disk on system restart without any quarantine process since it has to assume that the item has already been quarantined and the driver and DOR script don't actually have access to copy anything to quarantine the way the main EXE and service do). Basically it's a convoluted way of saying that you're right, you can't modify settings during a scan or while the action at the end of a scan is still pending Anyway, I'm glad I could help and if there is anything else we might assist you with please let us know. Thanks
  19. Hi, @r0mb0 My name is Maurice. I will be helping and guiding you, going forward on this case. We need to get information from this machine in order to have the proper detail to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.4.0.615.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. [ 2 ] Go ahead and do this too. Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. Thank you.
  20. Thanks for the notes and the Malwarebytes scan reports. You indicate you ran these in Safe mode. I would like you to run this special scan tool in normal Windows. Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. . other NOTES: running FRST report is not a cure-all. It is a report & in the report mode does not make changes. On later rounds, I can see about guiding you to research on what Windows Defender detected & removed. The win32/ursnif (as classified by Microsoft) is a family of trojan that has several variations. My view is that Windows Defender snagged some item ( from the end result of the original clicking) and quite likely quarantined it on day 1.
  21. I discovered what the 'problem' was - not the UAC settings. If you do a Adwcleaner scan then immediately go to Settings > Exclusions to add the exclusions before doing anything else ie. Skip or Clean, the buttons are disabled. I made the assumption this was because I was not being allowed to add the exclusions as I did not have the correct permissions. Changing the compatibility setting to run as admin seemed to confirm that. But what I was actually doing was just relaunching Adwcleaner and that was all that is necessary to get the Exclusions buttons to function. Adwcleaner simply disables those Exclusions options after a scan, presumably for security reasons so no settings changes can be made before the notified threat from a scan has been addressed one way or the other. Anyway that is sorted now and the advice to add the exclusions directly via the right mouse click context menu, which I had not thought to try, does work and scans now report 'No Problems'. I guess you were correct about it being being a value data issue not the key itself. Good call. But is it not a bit strange that you can add exclusions via the context menu immediately after a scan but not do the same via the Settings > Exclusion screen.
  22. Greetings, Please refer to the information in this pinned topic. The ability to use the lifetime version across multiple (i.e. 3, and prior to that, 5) instances/installations was simply a form of grace built into the licenses to prevent them from being immediately blacklisted or disabled when a user moved their license from one device to another or reinstalled and reactivated the software after reformatting their system/reinstalling their operating system; it was never intended as a license to use the software in multiple instances simultaneously (even on the same device on multiple operating system installations or even within multiple virtual machines running in the same operating system) as the lifetime licenses were always sold as single seat licenses. You may refer to the End User License Agreement included in the installer (just click the link that says End User License Agreement in the installer just above the Agree and Install button) which states the following (bold added for emphasis; note where it says number of copies of the software; it doesn't just specify the number of devices):
  23. Sorry for the delay. The anxiety of being infected led to me just not using this computer. So, I booted into safe mode and did 2 Malwarebytes scans. Attached are my logs. I also just ran a Windows Defender offline scan, but I wasn't present to see the results, and my computer restarted. Some more information: When I first clicked the link, Windows Defender popped up that something was found, but then it immediately went away. I think whatever I downloaded was blocking Windows Defender from displaying the infection. I have since ran more Windows Defender scans. Tonight it finally found and removed: Trojan:Win32/Ursnif!MTB. I don't know if this is just one of multiple viruses I now have. I know other people who clicked this same link were told to run a FRST64 text file or something. Is there anything like that I should do? I am going to bed now, but I will check this thread again tomorrow and run any recommended procedures. Thanks so much for the help! Malwarebytessafemodescan.txt Malwarebytessafemodescan2.txt
  24. Thanks for the report. How is the situation at this point ? Let me know about that. also, I would suggest you make these tweaks: See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". . You use Firefox browser, install the Malwarebytes beta browser extension for Firefox. To get & install the Malwarebytes beta Firefox extension. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ Then proceed with the setup.. Let me know how things are after this.
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.