Leaderboard

You have been an enormous help. I didn't even know how to proceed and couldn't find the info on the website. Folks like you are very important to the average user of a product. Thanks again and have a good day!

It looks like you may have a router that can easily be compromised. Please try to update the firmware if it addressed this, or consider purchasing a new router as the one you have is not safe. https://www.malwarebytes.com/blog/news/2023/02/arris-vulnerability-found-in-commonly-used-router-could-result-in-complete-take-over Thank you to @SQx for pointing this out.

In certain cases, the hackers accessed accounts' stored financial information and purchased subscriptions. https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-buy-hardware/

@MKDB You helped me very much. I really appreciate it. The issue is gone. I am updating and removing the software you listed above. I ran KpRm based on the steps above as well. I am not very computer literate. I am learning a lot from this process though. However, how do I remove this file I do not see it within the control panel.

After you uninstall the old version, You would need to install version 4 first and then activate it if you have an original older license key with an ID Then install version 5 over the top if you wish to have the most current version. Version 4 https://downloads.malwarebytes.com/file/mb4_offline Then install Version 5 https://downloads.malwarebytes.com/file/mb5-windows

That version has gone end of life. The lifetime license is still valid for the 2 current versions of Malwarebytes and all future versions.

Well you were a great help for me. I just deleted the files and assumed that they were not malware as Malwarebytes did not find a threat when it scanned them after being restored (is that correct?). Thanks. It is obvious you are an expert in this.

Malwarebytes definitions update several times a day. That detection was an AI heuristic detection. AI detections can fix themselves in about 24 hours if the file is not bad. That's why I volunteer here on the forums. To help others and I have been a user of Malwarebytes before it was even called that and am also a reseller and computer tech and next to the staff, I have a good knowledge of the program and how it works.

Our web host provider is using a shared IP address for our hosting. It appears one of the other customers that share the IP are involved in some inappropriate activity and we are contacting our web host provider to see what they can do. We may have to switch to a dedicated IP. Graeme SweetScape Software

@markenti We are done. You should update your Windows 11 version, it's old: https://www.microsoft.com/en-us/software-download/windows11 You should update some programs (if your still need them) or uninstall them (if you don't need them anymore): NVIDIA GeForce Experience 3.27.0.112 v.3.27.0.112 Warning! Download Update Node.js v.18.17.1 Warning! Download Update Python 3.11.3 (64-bit) v.3.11.3150.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update OpenOffice 4.1.13 v.4.113.9810 Warning! Download Update Discord v.1.0.9010 Warning! Download Update Java 8 Update 351 (64-bit) v.8.0.3510.10 Warning! Download Update Uninstall old version and install new one (jre-8u401-windows-x64.exe). Audacity 3.4.1 v.3.4.1 Warning! Download Update Spotify v.1.2.3.1115.gd61a8f5c Warning! Download Update CCleaner v.6.22 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

@markenti I'll be back later, have to do some other stuff now. Waiting for your logfiles. Thanks!

@markenti Well done. 👍 Let's run FRST and SecurityCheck to check the results. Let me know how things are going. Thank you again! 1️⃣ Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. 2️⃣ I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

@markenti Please stay away from CheatEngine... it's bundled with other unwanted software and/or crap! I've seen that you have already tried a number of tools. Due to it's filesize, this malware is hard to detect. I recommend to change all passwords once we have finished here. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Marko\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

@markenti This detection is related to your infection. The fix that you have used, does not fit for your system. You have only removed the loading point of the malware, but it's still on your system. Please stand by, I'm preparing a fix.

@markenti Thanks. Please give me some minutes to analyse...

@markenti Please don't get me wrong. I completely understand your intentions, but the way you did it is dangerous. All good now, let's start. 😃 Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply.

Sorry, I am not really an IT guy, just do not want my socials go be hacked any longer. Tried to find a solution myself but seems like I messed something up? Could you guide me step by step to make sure my pc is clean, thanks.

Thank You so much, really! I've already updated some of the programs and I'll go through the rest of things today. Without your help I'd probably have to wipe the whole system clean ':).

I think so, since malwarebytes stopped sending me the detection message no longer. Used fixlist and later adwcleaner. I will add result of the fix here, could you see. Fixlog.txt

@IamAnIdiot ESET picked up only three elements. One of them was already moved into quarantine with FRST, so need to worry. The other both detections are only related to potentially unwanted programs. All fine. You should update some programs (if your still need them) or uninstall them (if you don't need them anymore): NVIDIA GeForce Experience 2.9.1.22 v.2.9.1.22 Warning! Download Update Google Drive v.1.0 Warning! Download Update Dropbox 25 GB v.3.1.18.0 Warning! Download Update Discord v.0.0.309 Warning! Download Update Adobe Shockwave Player 12.1 v.12.1.9.159 Warning! This software is no longer supported. Please uninstall it. swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it. Bonjour v.3.0.0.10 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

@Reggerane Thanks for your feedback. 👍 You should update some programs (if your still need them) or uninstall them (if you don't need them anymore): The elevation prompt for administrators disabled. You should enable it. ^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Malwarebytes version 4.6.10.316 v.4.6.10.316 Warning! Download Update Microsoft Visual Studio Code (User) v.1.81.1 Warning! Download Update Python 3.7.8 (64-bit) v.3.7.8150.0 Warning! Download Update Notepad++ (32-bit x86) v.8.1.1 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update WinRAR 5.80 (64-bit) v.5.80.0 Warning! Download Update Discord v.0.0.309 Warning! Download Update qBittorrent v.4.5.5 Warning! Download Update Java 8 Update 291 (64-bit) v.8.0.2910.9 Warning! Download Update Uninstall old version and install new one (jre-8u401-windows-x64.exe). Audacity 2.3.3 v.2.3.3 Warning! Download Update Adobe Acrobat Reader DC - Czech v.20.012.20048 Warning! Download Update ^Please run Acrobat Reader DC and go Help - Check for updates...^ Mozilla Firefox 88.0.1 (x86 cs) v.88.0.1 Warning! Download Update Driver Booster 8 v.8.2.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. IObit Uninstaller 13 v.13.3.0.2 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

Already did Farbar Recovery aswell, adding files to here. Addition.txt FRST.txt

Beautiful that we can live so close to a concrete jungle yet still experience wild life so close to home

For the PC we can scan it to see what we can find. @Henri123 Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Thank you

An iPhone is pretty secure and extremely difficult to breach. You can attempt to reset your router if you own it. If you own your own router and are not renting it from your Internet Service Provider Please ensure that you have the user manual for your router. Then perform a factory reset. How To Reset Your Router https://setuprouter.com/networking/how-to-reset-your-router/ Depending on one's preferences and the Router's capabilities please consider the following. Disable acceptance of ICMP Pings Change the Default Router password using a Strong Password Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option. Disable Remote Management Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another. Change the network name (SSID). Do not use your; Name, Postal address or other personal information. Make it unique or whimsical and known to your family/group. Is the Router Firmware up-to-date ? Updating the firmware mitigates exploitable vulnerabilities. Specifically set Firewall rules to BLOCK; TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034 Document passwords created and store them in a safe but accessible location.

@MKDB You were right this ESET scan did take a while. Hopefully that doesn't mean I have a bunch of junk I don't need, I'm sure it does though 🤦‍♂️. Seems it found some stuff. I've attached the files from both scans. SecurityCheck.txt ESET1.txt

@IamAnIdiot As a second opinion, I would like you to run ESET and SecurityCheck. Thanks again. 1️⃣ I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe". Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes. When prompted for scan type, Click on Full scan. Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. (e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” (in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner 2️⃣ I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

@IamAnIdiot No problem regarding those Microsoft updates. Please give me some time to analyse your newest logfiles in order to see what has to be done now. Thanks again!

Is this for your mobile device again? or for another device?

You should be able to use the following email address I believe Remove the spaces amo-featured @ mozilla.org

Hello Henry, Please can you provide any examples to be sure that we have necessary guide/strategy that can help you. Could you please provide the model and vendor name of your router if you are using one. Have you contacted Consumer Support as was recommended before? https://support.malwarebytes.com/hc/en-us/requests/new Thank you.

Tips to help protect from infection NOTE: Though most of these ideas and tips apply to all Windows computers most of it is geared for Windows 10 and 11. If you're on an older version of Windows make sure any updates, or changes apply to your system. The following information and links are provided to help ensure your computer and account remains safe. No rush but please take your time and read, review, and watch some of the videos which will help you to better manage your digital life both now and into the future. PrivacyTools - Encryption, and tools to protect against global mass surveillance - https://www.privacytools.io Privacy - Protecting Your Digital Footprint https://www.sans.org/newsletters/ouch/ouch-april-2021/ Please stop messing up your computer and read Do I need a Windows Registry Cleaner? Cybersecurity basics & protection https://www.malwarebytes.com/cybersecurity Help Secure your browsers If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. Are you're still using Google Chrome? You may want to consider using Firefox instead. For more advanced users you might also consider installing NoScript as well (it does have a higher learning curve though) You may be interested in using our new Malwarebytes Browser Guard to help protect your browser from items that uBlock or others don't target. Also, don't forget to visit the bottom of the page listed here to make some privacy settings in Firefox if you're using Firefox, but be careful. implementing all those changes will greatly change how Firefox works and may be too strict for many users. https://www.privacytools.io/browsers/#about_config How to disable WebRTC in Firefox? Set "media.peerconnection.enabled" to "false" in "about:config". Firefox now tells Mozilla what your default browser is every day In the Firefox address bar, you can type the following to check your settings: about:telemetry How to See (and Disable) the Telemetry Data Firefox Collects About You https://www.howtogeek.com/557929/how-to-see-and-disable-the-telemetry-data-firefox-collects-about-you/ Firefox users in the U.S. You are at risk of leaking DNS requests to Cloudflare, no matter which VPN setup you have. To prevent this, open Firefox Options > General > Network settings > Settings, then deselect "Enable DNS over HTTPS." Please install uBlock Origin for your browsers to better protect your system. FireFox, Chrome, Opera , Safari, Microsoft Edge AdBlock Plus for Internet Explorer How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018 This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings Delete Cookies Automatically Cookie AutoDelete plugin Chrome | Firefox ClearURLs ClearURLs will automatically remove tracking elements from URLs to help protect your privacy when browsing through the Internet ClearURLs for Firefox, Edge, & Chrome Browser push notifications: a feature asking to be abused HTTPS Everywhere NOTHING TO HIDE documentary If you're having unexpected behaviors in your Web Browser that you can't seem to fix then you may need to consider resetting to Default Settings. How to reset default settings in an Internet browser Review your email and Office choices Quit Gmail for free encrypted email - Tutanota Why ProtonMail Is More Secure Than Gmail LibreOffice - Free and open source office suite Use Password Management software Bitwarden KeePass Password Safe Make sure you use a strong master password Then set the key transformation settings (the link below helps provide information on how to choose good settings) https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing KeePass Password Manager: Full Detailed Setup (good YouTube video on setup and using Keepass but choose the Argon2 method for Key transformation) Password Managers Compared: LastPass vs KeePass vs Dashlane vs 1Password https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/ Encrypted Instant Messenger and Voice Calls Please review the following site for a breakdown of features of different Messenger applications. SafeSwiss Riot Signal Wire NOTE: Recent news of Wire having new investors and moving to the United States. Wickr Me NOTE: Amazon acquires secure chat app, June 25, 2021 https://www.cnbc.com/2021/06/25/amazon-acquires-wickr-secure-messaging-app-used-by-government-agencies.html Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Best Practices Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of Internet safety: Slow Down & Think before you "click" Never click links without first hovering your mouse over the link and seeing if it is going to an odd address (one that does not fit or is odd looking or has typos) Never open attachments that come in unexpectedly ( out of the blue ) email no matter how enticing. Even if from friends always be cautious. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with an antivirus program or upload to https://www.virustotal.com and allow them to scan it with multiple scanners. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Why You Shouldn’t Use an Admin Account as Your Main Account https://www.maketecheasier.com/why-you-shouldnt-use-admin-account/ Make certain that Automatic Updates are enabled. https://support.microsoft.com/en-us/help/12373/windows-update-faq Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. Thank you and Stay Safe Thank you for choosing Malwarebytes as your preferred security protection software and tell your friends and family too. We're here to help. For a much more extensive set of articles please visit Bleepingcomputer