Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Ron
  3. That doesn't appear to be possible. If anything was found in your calendar, then then that entire calendar would be quarantined. Exactly what file and infection name was quarantined? It should show up in the Quarantine tab or the folder itself unless you deleted it.
  4. Today
  5. What is TopShape?The Malwarebytes research team has determined that TopShape is a potentially unwanted program that behaves like adware adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by TopShape?You may see this warning during install:and this entry in your list of installed Programs and Features:How did TopShape get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed from their website.How do I remove TopShape?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of TopShape? No, Malwarebytes removes TopShape completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the TopShape adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: (Keen Internet Technologies) [File not signed] C:\Users\{username}\AppData\Roaming\TopShape\SoftwareUpdate.exe R2 TopShape Service; C:\Users\{username}\AppData\Roaming\TopShape\SoftwareUpdate.exe [917504 2015-10-09] (Keen Internet Technologies) [File not signed] C:\Users\{username}\AppData\Roaming\TopShape (Keen Internet Technologies) C:\Users\{username}\Desktop\topshape-hp.exe TopShape (HKLM-x32\...\TopShape) (Version: 1.0.0.5 - Keen Internet Technologies) Changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\TopShape Adds the file SoftwareUpdate.exe"="10/9/2015 2:09 PM, 917504 bytes, A Adds the file uninstall.exe"="4/24/2019 9:08 AM, 265903 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TopShape] "DisplayIcon"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\TopShape\SoftwareUpdate.exe"" "DisplayName"="REG_SZ", "TopShape" "DisplayVersion"="REG_SZ", "1.0.0.5" "EstimatedSize"="REG_DWORD", 896 "Publisher"="REG_SZ", "Keen Internet Technologies" "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\TopShape\uninstall.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TopShape] "Install_Dir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\TopShape" "Install_Params"="REG_SZ", "" "timestamp"="REG_DWORD", 1556176112 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TopShape_mo] "Install_Count"="REG_SZ", "1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TopShape Service] "DisplayName"="REG_SZ", "TopShape Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\Users\{username}\AppData\Roaming\TopShape\SoftwareUpdate.exe" /run "/aff_id=2000" "/app_id=1"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1 Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/24/19 Scan Time: 9:17 AM Log File: 05d7462a-6661-11e9-899f-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10306 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236638 Threats Detected: 11 Threats Quarantined: 11 Time Elapsed: 5 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.TopShape, C:\USERS\{username}\APPDATA\ROAMING\TOPSHAPE\SOFTWAREUPDATE.EXE, Quarantined, [1586], [247108],1.0.10306 Module: 1 PUP.Optional.TopShape, C:\USERS\{username}\APPDATA\ROAMING\TOPSHAPE\SOFTWAREUPDATE.EXE, Quarantined, [1586], [247108],1.0.10306 Registry Key: 4 PUP.Optional.TopShape, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TopShape Service, Quarantined, [1586], [247108],1.0.10306 PUP.Optional.TopShape, HKLM\SOFTWARE\WOW6432NODE\TOPSHAPE, Quarantined, [1586], [247107],1.0.10306 PUP.Optional.TopShape, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TopShape, Quarantined, [1586], [180967],1.0.10306 PUP.Optional.TopShape, HKLM\SOFTWARE\WOW6432NODE\TopShape_mo, Quarantined, [1586], [306585],1.0.10306 Registry Value: 1 PUP.Optional.TopShape, HKLM\SOFTWARE\WOW6432NODE\TOPSHAPE|INSTALL_DIR, Quarantined, [1586], [247107],1.0.10306 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.TopShape, C:\USERS\{username}\APPDATA\ROAMING\TOPSHAPE, Quarantined, [1586], [180967],1.0.10306 File: 3 PUP.Optional.TopShape, C:\USERS\{username}\APPDATA\ROAMING\TOPSHAPE\SOFTWAREUPDATE.EXE, Quarantined, [1586], [247108],1.0.10306 PUP.Optional.TopShape, C:\Users\{username}\AppData\Roaming\TopShape\uninstall.exe, Quarantined, [1586], [180967],1.0.10306 PUP.Optional.TopShape, C:\USERS\{username}\DESKTOP\TOPSHAPE-HP.EXE, Quarantined, [1586], [83574],1.0.10306 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. Pls guide me. Tia. Addition.txt FRST.txt
  7. Thanks, the block will be reviewed.
  8. Thanks, the block will be reviewed.
  9. Hello @Farrukh: Your informative screenshots would seem to point at the ransomware called GandCrab v5.2 Please study the posted reference below by @quietman7, our very knowledgeable colleague at BleepingComputer: https://www.bleepingcomputer.com/forums/t/693056/gandcrab-52/#entry4736624
  10. Found an add-on on Firefox I did not install. program is labeled as "Smartd Defender" with a page on the Firefox website. Scanned with Malwarebytes and while I quarantined and deleted few files including some from my Firefox profile folder, the add-on still appeared with no option to "remove". Went nuclear and did a total uninstall and fresh reinstall. Issue still persisting. Need help.
  11. Started up firefox and noticed a smiley face along side my regular add-on icons on the toolbar. Upon investigation I an add-on called "Smartd Defender" with a page on the Firefox with a description of the program in Russian or something.
  12. Greetings, Yes, it appears you've been hit by a nasty ransomware infection. I'm not certain if the files can be recovered, however your best bet would be to work with one of our malware removal specialists to deal with the infection and they will advise you on how to proceed. To do so, please follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one becomes available. Good luck, and I hope that you are able to get your files back.
  13. Please review multilingualconnections[.]com The customer is reporting that it is still being flagged by their antivirus.
  14. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  15. Hi guys I am in big trouble i install some thing in my pc and he changed my all files in the pc and in my external hard drive The file name is changed to vkcpot file Some file kkskgrug file And two text file is in my pc related to them i take a photo and attached it can someone please help me I have lots of my family data but no beck up
  16. From time to time OsfInstaller.exe pops up in task manager as a running process, and causes high cpu load. I always know it loads cause than the fans of my Dell XPS 13 become very noisy. It's not a virus I think cause neither McAfee nor HitmanPro detect it as malware. When I stop the proces, after a while it always comes back even the same day. So what exactly is OsfInstaller.exe? The source path of the .exe is C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16 So it seems having something to do with MS Office, which I have, but can I uninstall or delete this OsfInstaller.exe file even when using MS Office like Word etc? What can I do best to stop this from popping up all the time and do I really need this exe? Hope people here can help! Thanks in advance.
  17. Let me review and get back with you later tonight. Thanks
  18. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/23/19 Protection Event Time: 10:58 PM Log File: f980e334-6612-11e9-99ee-fcaa140befd9.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10300 License: Premium -System Information- OS: Windows 10 (Build 17134.706) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.switchdoc.com IP Address: 69.195.124.206 Port: [51317] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  19. Here is the scan file from MB. I also ran AdwCleaner and Farbar Recovery Scan Tool. Any other suggestions? MB scan.txt FRST.txt Addition.txt
  20. Yesterday
  21. My chrome problem is solved thank you but one last thing, the virus locked me out of my windows defender settings so now I no longer have access to it. Here is a picture showing the problem.
  22. Be sure that you have made a Reply to the original automated one. And attach the document above (along into the same ticket).
  23. I been having a lot of trouble lately because of this one trojan. I delete it Malware Bytes and I just start my day. But everyday I have to go into safe mode to delete them to log on. But today I cant log on anymore. I have scanned a bunch of times including the first time removing 300 malware threats. But I have many logs of deleting this one trojan clicker.
  24. Hi @Stiles, Thank you for running the Support tool report. This system has definite signs of an infection. We need to have this thread moved to Malware Removal Help section. Please hold on until we get proper assist to get this moved over. By the way, I would be interested to know whether recently Avast antivirus was attempted to be installed & or uninstalled ? I did notice the Windows log showing a number of pending file rename operations for Avast.
  25. Hi, This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. 68F0BB5DA1AB8348CD6D6307449EA928
  26. Here are the files you asked for. It is very unlikely that this is normal Windows operation. I've done a lot of troubleshooting and I have a lot of experience in the field. I cleared out some of my caches, I cleanup the disk on a weekly basis including the system files, I've turned off indexing, I've checked my hard drive, I've defragged, I've deleted hundreds of gigabytes of data and the drive always fills right back up. In a matter of days or weeks. I had to delete nearly several hundred megabytes of data just to install what you wanted me to install because I was sitting a 0 bytes of free disk space again. Anyway, thank you so much for your help. By the way, after I selected clean and repair and then clean and reboot for AdwCleaner, it did not bring up the log file after the reboot. But I found them and attached them, then ran Farbar like you asked. Thanks again for the help, I'm getting really frustrated with this problem. Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt FRST.txt mwbThreadScanReport.txt
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.