Leaderboard

@MKDB Vielen Dank für Ihre kompetente Hilfe/Thank you very much for your competent help. The tools has been deleted and I am gonna act on all your recommendations. I cannot express my gratitude enough and Malwarebytes will from now on be with all my PC's. Now and future. Once again big thanks from Denmark. /Cheers

Thank you for your cooperation. You can use KpRm to remove FRST and other tools @Wonza Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations: Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/ https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

Hi @1PW I made some changes before the data was gathered, which I then undid afterwards. I am sorry if that ruins it. I've followed the steps from your first response and the new data is attached. mbst-grab-results.zip

RamMap is a program that can be used to analyze memory. It is from SysInternals/Mark Russinovich. File is benign. I have not seen this program being used nefariously in the wild, like a process killer. If you are seeing it in the wild, could you please rename the threat name to PUA/PUP/HackTool instead of Malware.Sandbox.54 Password: infected Thanks, Dodi Glenn rammap.zip falsepositive.txt

Thanks for reporting, this has been whitelisted.

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you

I am glad to have worked with you. Delete mb-support-1.9.2.nnn.exe Delete mbst-grab-results.zip on the Desktop. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice

Log for staff review. -Website Data- Category: RiskWare Domain: www.anidraw.net IP Address: 142.250.138.121 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe

Fixlog.txt

@MKDB Ah yes, I missed it. Sorry about that. No new blocks from the Malwarebytes except the one from earlier today before your help. 😎

Hi once again @MKDB Step 1 and 2 has been followed and attached you will see the txt files. FRST.txt Addition.txt SecurityCheck.txt

Eset comes back clean, that are good news @Wonza. Malware mis-used the explorer.exe and that is what MBAM was blocking. But we removed the malware. Does MBAM still show you new blocks since ESET scan? Please run FRSTenglish from your download folder to do another check as well as SecurityCheck. Step 1 Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Step 2 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Thank you so much for your speed in replying and solving problems. Best regards

Hi, Thanks for reporting. The block will be removed in the next database update.

Google extends security update support for Chromebooks to 10 years https://www.bleepingcomputer.com/news/security/google-extends-security-update-support-for-chromebooks-to-10-years/ https://blog.google/outreach-initiatives/education/automatic-update-extension-chromebook/

These are not generated from malware on one's PC. They are a kind of of Malicious Advertisements (aka; malvertisement) that either exist as a web page that may be presented when visiting various web sites or may exist as Push Notifications. Since they alert one to a condition that does not exist, they are called FakeAlerts and are a kind of Tech Support Scam. Did you call the number and did you provide a Credit Card, etc. ? Please reference the below Malwarebytes Labs article on Browser Push Notifications. Look for the section "How do I disable them?" Browser push notifications: a feature asking to be abused Google Chrome: Turn notifications on or off - Google Chrome Mozilla Firefox: Web Push notifications in Firefox Microsoft Edge: Manage website notifications in Microsoft Edge Apple Safari Customize website notifications in Safari on Mac FakeAlert Examples:

Windows 7. Windows 11, I think , on my new Alien Software, 2 TB. ( can't wait !! ) And no, I'm not very computer savvy but I'll be 74 years old this Sept. 18th and hope to get alot better, God helping. ( smiling here )

If you're having issues creating a forum account, Logging into your account, or Posting, please see the steps below. Error Creating Account Error, You are not permitted to register a user account with this site. Error code: 2S129/1 Make sure the Display Name you've chosen only uses valid characters. Spaces, periods are not allowed. Only Aa-Zz 0-9 and the dash - and underscore _ In many cases, this error is due to your current IP address being on one or more block lists. Typically this happens when using VPN (Virtual Private Network) as spammers or other threat actors also use VPN If you are using a VPN either try to connect without a VPN to create the account and then in many cases, you can use the VPN to connect after the account has been created. If you continue to get blocked try connecting to a different VPN server which will normally provide you with a different IP address. You can check to find your current public IP IPv4 from the following link: https://www.whatismyip-address.com/ Error, Unable to use your email address to create an account. In many cases, it's due to the use of a known disposable, temporary mail server. Please try using either your real ISP email or a more well known free email server. If you're using your ISP or a well known free email server and still being told it cannot be used then please contact our Helpdesk and create a ticket providing the details of your issue. Error, Username is already in use You will need to choose another account name to proceed creating an account Error, Logging in or having to log in again each time you visit In most cases, if you already have an account and either cannot log in or keep having to log in in again it is probably due to your cookie settings in your browser. Please see the following articles for help with correcting or resetting your cookie settings If correcting your cookie settings did not help you may need to consider doing a browser reset Please try a different browser Mozilla Firefox Websites say cookies are blocked - Unblock them https://support.mozilla.org/en-US/kb/websites-say-cookies-are-blocked-unblock-them Refresh Firefox - reset add-ons and settings https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings Google Chrome Clear, enable, and manage cookies in Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en Safari Manage cookies and website data in Safari on Mac https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac Error, unable to create or reply to post Please try a different Web browser If you receive the following reply from the system it may be due to specific wording when trying to create an account or a word used while trying to create a topic or reply to one. Please ensure you've not used any type of words that might be construed as spamming and try again. It could also be that your current IP is blocked due to VPN as shown above. We’re sorry but our system has detected wording in your post consistent with spam, It may be by accident, please try changing the wording and try to post again. If you’re still unable to, then please contact our Helpdesk at the following link: https://support.malwarebytes.com/hc/en-us/requests/new If you're still having issues creating a forum account, Logging into your account, or Posting After having followed the advice above please contact our Helpdesk and create a support ticket providing the details of your issue. (please note that a support ticket may take 3-5 business days for a reply due to heavy volume) Account name you tried to use: The email address you tried to use: Public IP IPv4 address at the time: Date and Time the issue occurred The error or issue encountered

Hello @Wonza: If any changes are made to the computer, it may invalidate the data you posted above in the mbst-grab-results.zip archive.