Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. What is Smart Sys Care?The Malwarebytes research team has determined that Smart Sys Care is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with Smart Sys Care?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:How did Smart Sys Care get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove Smart Sys Care?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Smart Sys Care? No, Malwarebytes removes Smart Sys Care completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the Smart Sys Care installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain: Technical details for expertsYou may see these entries in FRST logs: (Econosoft Global Services PTE. LTD. -> Flawless Technology) C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.exe Task: {3FF373AE-09AD-4251-BE2A-B0DFAF8A0380} - System32\Tasks\Smart Sys Care PC Repair Online => C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.exe [3081544 2019-01-21] (Econosoft Global Services PTE. LTD. -> Flawless Technology) C:\Users\{username}\Downloads\Trojan.Worm.73242.msh C:\Users\{username}\Downloads\Trojan.Worm.432047.msh C:\Windows\System32\Tasks\Smart Sys Care PC Repair Online C:\Users\Public\Desktop\Smart Sys Care.lnk C:\Users\{username}\AppData\Roaming\Smart Sys Care C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Sys Care C:\Program Files (x86)\Smart Sys Care Smart Sys Care (HKLM-x32\...\{4792BD9F-7EB5-446B-A15D-382559FFD32F}}_is1) (Version: 1.0 - Smart Sys Care) Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online Adds the file Interop.NATUPNPLib.dll"="4/19/2018 12:25 PM, 7168 bytes, A Adds the file Interop.NETCONLib.dll"="4/19/2018 12:25 PM, 9728 bytes, A Adds the file Interop.NetFwTypeLib.dll"="4/19/2018 12:25 PM, 19456 bytes, A Adds the file Interop.Shell32.dll"="4/19/2018 12:25 PM, 36864 bytes, A Adds the file Interop.WUApiLib.dll"="4/19/2018 12:25 PM, 73728 bytes, A Adds the file ksb.bat"="1/6/2019 11:33 AM, 212 bytes, A Adds the file logo.ico"="1/7/2019 6:57 PM, 16958 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="4/19/2018 12:31 PM, 171008 bytes, A Adds the file SharpCompress.dll"="4/19/2018 12:35 PM, 418304 bytes, A Adds the file sscsetup.exe"="1/21/2019 7:55 PM, 3081544 bytes, A Adds the file sscsetup.vshost.exe"="1/21/2019 7:56 PM, 22688 bytes, A Adds the file Sys_Trace.xml"="4/19/2018 12:45 PM, 46 bytes, A Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file unins000.dat"="7/24/2019 8:42 AM, 42739 bytes, A Adds the file unins000.exe"="7/24/2019 8:42 AM, 728432 bytes, A Adds the file unins000.msg"="7/24/2019 8:42 AM, 11442 bytes, A Adds the file WpfAnimatedGif.dll"="4/19/2018 12:20 PM, 28160 bytes, A Adds the file WPFToolkit.dll"="4/19/2018 12:20 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Backup Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\de Adds the file sscsetup.resources.dll"="1/21/2019 7:55 PM, 28672 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\en Adds the file sscsetup.resources.dll"="1/21/2019 7:55 PM, 26112 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\ja-jp Adds the file sscsetup.resources.dll"="1/21/2019 7:55 PM, 32256 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni Adds the file System.Data.SQLite.dll"="4/19/2018 12:45 PM, 353280 bytes, A Adds the file System.Data.SQLite.xml"="4/19/2018 12:45 PM, 1051056 bytes, A Adds the file Uninstaller.exe"="1/14/2019 8:54 PM, 531272 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x64 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1534464 bytes, A Adds the folder C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x86 Adds the file SQLite.Interop.dll"="4/19/2018 12:45 PM, 1149440 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Sys Care Adds the file Smart Sys Care.lnk"="7/24/2019 8:42 AM, 1376 bytes, A Adds the file Uninstall Smart Sys Care.lnk"="7/24/2019 8:42 AM, 1376 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online\Backup Adds the folder C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online\setting Adds the file SmartSysCare_sett.ash"="7/24/2019 9:04 AM, 286720 bytes, A In the existing folder C:\Users\{username}\Downloads Adds the file Trojan.Worm.432047.msh"="7/20/2019 12:47 PM, 259 bytes, A Adds the file Trojan.Worm.73242.msh"="7/20/2019 12:47 PM, 259 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Smart Sys Care.lnk"="7/24/2019 8:42 AM, 1358 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Smart Sys Care PC Repair Online"="7/24/2019 8:42 AM, 3262 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Smart Sys Care\Activation] "Insdate"="REG_SZ", "r0a1n8o/1i0C0bWr3De4Is4Zl9S6dhe6krJCeDX5sbE=" "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "lap"="REG_SZ", "vYVDjGGIudKl1WqHwoZraPufGfV6kseHn30/qplZA0c=" "lbp"="REG_SZ", "vYVDjGGIudKl1WqHwoZraPufGfV6kseHn30/qplZA0c=" "lr"="REG_SZ", "Nky9ln7nb18ib/XxxLLIrEb0xZTIeCWu9sD1iGRI6Sg=" "lsp"="REG_SZ", "vYVDjGGIudKl1WqHwoZraPufGfV6kseHn30/qplZA0c=" "Program"="REG_SZ", "Smart Sys Care" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4792BD9F-7EB5-446B-A15D-382559FFD32F}}_is1] "Comments"="REG_SZ", "Smart Sys Care" "Contact"="REG_SZ", "0800-183-3940" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Smart Sys Care\PC Repair Online\logo.ico" "DisplayName"="REG_SZ", "Smart Sys Care" "DisplayVersion"="REG_SZ", "1.0" "EstimatedSize"="REG_DWORD", 13635 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Smart Sys Care\PC Repair Online" "Inno Setup: Icon Group"="REG_SZ", "Smart Sys Care" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20190724" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Smart Sys Care\PC Repair Online\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Smart Sys Care" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Smart Sys Care\PC Repair Online\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Smart Sys Care\PC Repair Online\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Smart Sys Care\Activation] "IsTrack"="REG_SZ", "1" "language"="REG_SZ", "en" "languageindex"="REG_SZ", "0" "Program"="REG_SZ", "Smart Sys Care" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Smart Sys Care PC Repair Online"="REG_SZ", ""C:\Program Files (x86)\Smart Sys Care\PC Repair Online\ksb.bat"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/24/19 Scan Time: 9:15 AM Log File: d6b9436a-ade2-11e9-9555-00ffdcc6fdfc.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.586 Update Package Version: 1.0.11694 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236584 Threats Detected: 72 Threats Quarantined: 72 Time Elapsed: 7 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.exe, Quarantined, [1539], [709245],1.0.11694 Module: 2 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x64\SQLite.Interop.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.exe, Quarantined, [1539], [709245],1.0.11694 Registry Key: 6 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Smart Sys Care PC Repair Online, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3FF373AE-09AD-4251-BE2A-B0DFAF8A0380}, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{3FF373AE-09AD-4251-BE2A-B0DFAF8A0380}, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4792BD9F-7EB5-446B-A15D-382559FFD32F}}_is1, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\Smart Sys Care, Quarantined, [1539], [709250],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\WOW6432NODE\Smart Sys Care, Quarantined, [1539], [709250],1.0.11694 Registry Value: 2 PUP.Optional.SmartSysCare, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Smart Sys Care PC Repair Online, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3FF373AE-09AD-4251-BE2A-B0DFAF8A0380}|PATH, Quarantined, [1539], [709248],1.0.11694 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.SmartSysCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART SYS CARE, Quarantined, [1539], [709247],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\ja-jp, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\x64, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\x86, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Backup, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\de, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\en, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\ja-jp, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x64, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x86, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\de, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\en, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\PROGRAM FILES (X86)\SMART SYS CARE, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online\setting, Quarantined, [1539], [709242],1.0.11694 PUP.Optional.SmartSysCare, C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online\Backup, Quarantined, [1539], [709242],1.0.11694 PUP.Optional.SmartSysCare, C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online, Quarantined, [1539], [709242],1.0.11694 PUP.Optional.SmartSysCare, C:\USERS\{username}\APPDATA\ROAMING\SMART SYS CARE, Quarantined, [1539], [709242],1.0.11694 File: 42 PUP.Optional.SmartSysCare, C:\USERS\PUBLIC\DESKTOP\SMART SYS CARE.LNK, Quarantined, [1539], [709243],1.0.11694 PUP.Optional.SmartSysCare, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART SYS CARE\UNINSTALL SMART SYS CARE.LNK, Quarantined, [1539], [709247],1.0.11694 PUP.Optional.SmartSysCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Sys Care\Smart Sys Care.lnk, Quarantined, [1539], [709247],1.0.11694 PUP.Optional.SmartSysCare, C:\PROGRAM FILES (X86)\SMART SYS CARE\PC REPAIR ONLINE\UNINS000.MSG, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\de\sscsetup.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\en\sscsetup.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\ja-jp\sscsetup.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\de\Uninstaller.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\en\Uninstaller.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\ja-jp\Uninstaller.resources.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\x64\SQLite.Interop.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\x86\SQLite.Interop.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\System.Data.SQLite.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\System.Data.SQLite.xml, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\uni\Uninstaller.exe, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x64\SQLite.Interop.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\x86\SQLite.Interop.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Interop.NATUPNPLib.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Interop.NETCONLib.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Interop.NetFwTypeLib.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Interop.Shell32.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Interop.WUApiLib.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\ksb.bat, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\logo.ico, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Microsoft.Win32.TaskScheduler.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\SharpCompress.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.exe, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\sscsetup.vshost.exe, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\System.Data.SQLite.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\System.Data.SQLite.xml, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\Sys_Trace.xml, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\unins000.dat, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\unins000.exe, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\WpfAnimatedGif.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Program Files (x86)\Smart Sys Care\PC Repair Online\WPFToolkit.dll, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\WINDOWS\SYSTEM32\TASKS\Smart Sys Care PC Repair Online, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Smart Sys Care.lnk, Quarantined, [1539], [709245],1.0.11694 PUP.Optional.SmartSysCare, C:\Users\{username}\AppData\Roaming\Smart Sys Care\PC Repair Online\setting\SmartSysCare_sett.ash, Quarantined, [1539], [709242],1.0.11694 PUP.Optional.PCBooster, C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\LOCALCOPY\{4CC56045-D346-4F1F-9C5D-26AF0A5313E7}-SSCINS.EXE, Quarantined, [566], [711523],1.0.11694 PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\IS-P0VU4.TMP\SSC.TMP, Quarantined, [566], [711523],1.0.11694 PUP.Optional.PCBooster, C:\USERS\{username}\APPDATA\LOCAL\TEMP\SSC.EXE, Quarantined, [566], [711523],1.0.11694 PUP.Optional.PCBooster, C:\USERS\{username}\DESKTOP\SSCINS.EXE, Quarantined, [566], [711523],1.0.11694 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  3. I received this Hi, dear user of ******.******.com We have installed one RAT software into you device For this moment your email account is hacked too. Changed your password? You're doing great! But my software recognizes every such action. I'm updating passwords! I'm always one step ahead.... So... I have downloaded all confidential information from your system and I got some more evidence. The most interesting moment that I have discovered are videos records where you masturbating. I posted EternalBlue Exploit modification on porn site, and then you installed my malicious code (trojan) on your operation system. When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device. After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose. For the moment, the software has harvrested all your contact information from social networks and email addresses. If you need to erase all of your collected data and video with your enjoy, send me $600(usd) in BTC (crypto currency). This is my Bitcoin wallet: 15Z4Y1q5QufvFPvRBKhwVhQyFTLwEQ5f4J You have 48 hours after reading this letter. After your transaction I will erase all your data. Otherwise, I will send video with your pranks to all your colleagues, friends and relatives!!! P.S. I'm asking you - not to answer this letter because the sender's address is fake, just to keep me incognito. And henceforth be more careful! Please visit only secure sites! Bye,Bye Certain statements within cause me to doubt its genuineness. I have Malwarebytes Premium ( free), and a scan is clear. Bitdefender free is my virus checker. Your advice please!
  4. Thanks for the information. Please enable enhanced event log data using the steps below: Open Malwarebytes. Click the Settings menu. Ensure the Application tab is selected. Scroll down to Event Log Data. Turn the Collect enhanced event log data for support setting On. Afterwards, generate an MBAMService memory dump. Note that this process is required due to MBAMService running as a protected service in Windows 10. Please download run_procdump.bat using the link below. → https://malwarebytes.box.com/s/e127cj2ppb2lq6njf67li2gls3kbfz24 Open your Downloads folder. Double-click run_procdump.bat. Click Yes if prompted by User Account Control. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A blue window will appear. When prompted to reboot, type Y into the window and press Enter on your keyboard. After your computer has rebooted, please do the following: Reproduce the issue state. Once done, open your Downloads folder and double-click the run_procdump.bat file once more. Upon completion, a file named memorydump.zip will be saved to your Desktop. Please upload the file to a file hosting service and provide the download link. Finally, please repeat the Malwarebytes Support Tool steps from post #2 so we can obtain the event log data. The event log data combined with the memory dump should help provide further insight into the issue.
  5. Today
  6. Hello, This issue is caused by a missing Windows Update. Refer to: https://support.microsoft.com/en-us/help/2922790/some-software-products-function-incorrectly-in-windows Ransomware and Malware Protection both utilise the Windows PsSetLoadImageNotifyRoutine API, which originally had a maximum of 8 concurrent uses. A Windows Update was released that increases this limit to 64. The article linked above references a hotfix for Windows 7. This was later included with a Windows Update. To resolve this issue, please run Windows Update, install all available updates and reboot the machine.
  7. The block will be removed on the next update.
  8. The block will be removed on the next update.
  9. Any idea if Exploit Protection in Malwarebytes guards against this vulnerability? I assume it does, but I don't know for certain. I do know that VLC is among the default media players/applications shielded by Exploit Protection in Malwarebytes 3.
  10. Greetings, Yes, it does. Whenever you go to run a scan, as long as ADWCleaner can connect to its update servers it should check for and download any new signatures. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  11. Greetings, Please do the following to see if it corrects the issue (I know you mentioned the clean tool in your first post, but I want to make certain you use the actual Malwarebytes Support Tool as it contains the latest clean removal script for the software): Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Next, if the issue still persists, please try setting UAC back to default settings. Malwarebytes, like most modern software, has been designed to be fully compliant and compatible with User Account Control. Instructions on doing so can be found on this page. Restart your system after resetting UAC and see if Malwarebytes now starts up normally. If it does not, then please try temporarily removing Avast AV to see if that makes any difference. The uninstall tool for Avast can be found here. If that last step helped, then please reinstall Avast and test again to see if the problem occurs again, and if it does, then please try configuring exclusions between Malwarebytes and Avast to see if that helps. To exclude Avast in Malwarebytes, add Avast's program folder(s) from C:\Program Files and/or C:\Program Files (x86) as well as Avast's data folder likely located under C:\ProgramData using the Exclude a File or Folder method described in this support article and exclude the files listed in this support article as best you can from Avast's real-time protection. Please let us know how it goes and if the issue still persists. Thanks
  12. My father did too. For the past three or four years I've on chemotherapy. The first round a while back had radiotherapy as well which caused my airway to swell and my vocal chords to thicken and paralyze. Cancer is a disease I don't recommend to anyone.
  13. ADWCleaner and Malwarebytes target different things; this is why ADWCleaner still exists as it has not yet been integrated into Malwarebytes but someday it may be. Are you still having any issues, or does the system seem to be running normally now? If the system still has any problems or you believe it may still be infected then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any remaining threats.
  14. Me too, it was a basic pass from years ago.I just wonder how these pos sleep at night?. My dad and grandpa had cancer btw.I'm sorry to hear that, honestly
  15. I'm not worried. I don't even know what two those passwords belong to so they may be from some website that still exists but aren't maintained. I remember them but have long since moved on to 12 and 16 character passwords with a mixture of all sorts of stuff.
  16. I made an account to say this.Ive gotten these before over the years, as well as this same one.Its scary at first, but I wouldnt worry, unless you use that pass alot.In which case you should stop using it and change those
  17. ***This is an automated reply*** Hi, Thanks for posting in the AdwCleaner Help forum. Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue: AdwCleaner user guide A malicious element isn't being detected? Submit the sample here! Need help with another Malwarebytes product or malware removal? Click here for home support Click here for business support Click here for malware removal help Thanks in advance for your patience. -The Malwarebytes Forum Team
  18. Hi folks, I know there's no update program version button but does Adwcleaner update its definitions when you run a scan?
  19. Malwarebytes Free 3.8.3, even if Premium Trial is currently active, as it has recently been updated.
  20. This is the issue: I've told everyone that I had use MB to always look at the System Tray for the 'M' bat icon and make sure there is nothing but the solid blue color. Because if real-time protection isn't on, it changes. I guess I never was using/recommending MB when it was free, and until recently I don't think MB did this silent reversion to Free version. So, while you can have Premium and get a warning that you don't have real-time protection, apparently you can't count on getting the warning as MB can decide to deactivate your Premium without any notice whatsoever, and the tray icon remains identical to all protections enabled. This is ridiculous.
  21. (I would add that on this machine where the software is totally gone, I have an 'instlrupdate' folder in the Malwarebytes Tree that has an mb3-setup----3.8.3... executeable sitting there, and it is impossible to delete even with administrator rights. This file has a date stamp of July 18, 2019, and I would guess that's when MB got uninstalled - probably as MB decided it should update itself (unattended?) and probably ran into some issue. This is unacceptable. But par for the course with MB.
  22. I have a machine (that is primarily unattended) that has had the same damn thing happen on more than 1 occasion. Utterly ridiculous. Completely disappeared from Desktop, System Tray, and Add/Remove Programs (Windows 7). I AM ROYALLY UPSET with this. This is totally unacceptable, and 1 of the reasons why I will not continue to recommend MB. Support is pretty worthless/useless at MB.
  23. If your machine is non-operable or the disc is not working, there is not a way to get it off the hardware. You did not mention who you purchased from. Was that on Malwarebytes site ? ( I kind of think you read some post that was very very one of a kind.)
  24. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.