MKDB

@shmnn Do you still get any notifications from Malwarebytes?

@shmnn Well done! We will collect zip file now.... it's a very short fix. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\sarah\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. FRST will create a .zip file like < Date_Time.zip >, for example 20.02.2024_11.33.52.zip, on your desktop as well. Please attach this file as well with your next answer. fixlist.txt

@shmnn Your system was infected in December 2023 and April 2024.... two different infections. We will remove the crap. First, we will run a fix with FRST. This may take some minutes, please be very patient and do not interfere during the cleaning process. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\sarah\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. FRST will create a .zip file like < Date_Time.zip >, for example 20.02.2024_11.33.52.zip, on your desktop as well. Please attach this file as well with your next answer. Thank you! fixlist.txt

Hello @shmnn and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please give me some time to review your logfiles. Thank you!

Hi @bjaat, do you still need help? If so, please follow my instructions and post the logfiles. Thank you.

Due to the lack of feedback, I do not follow this topic any longer. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you.

Due to the lack of feedback, I do not follow this topic any longer. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you.

Hello @bjaat and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please attach the requested logfiles from FRST and we will be happy to assist you. Thank you!

@Azhdaha Well, according to your latest logfiles, there is a little bit more that needs to be done in order to say "your system is clean". My only regret is that you place more value on the continued use of illegal software than on a clean system. But that's your attitude and your system... and finally your decision which I fully accept. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care!

@Azhdaha I'm fine, thanks for asking. Let me know when you have uninstalled this software, I'll wait for your feedback. Happy Easter!

Hi @Lirian, do you still need help? If so, please follow my instructions and post the logfiles. Thank you.

Due to the lack of feedback, I do not follow this topic any longer. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you.

@Azhdaha Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall and remove all programs and all other products/folders/files for which you do not have a valid Product Key, including all "cracked" software. As already said in my first post: Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure as these software may interefere with the cleanup process. More information here:

@Azhdaha Please give me some time to review your logfiles. Thank you!

@Swaroop According to the logfiles... ... Adobe related folders and files were created at the same time like the malware. Therefore I cannot fully understand your statement. ... Malwarebytes detected most of the malicious entries, but not all. Do you still need help or not? If so, uninstall the mentioned adobe software. After that, reboot your system and run a fresh scan with FRST and attach FRST.txt and Addition.txt. If not, all good from my side. Just let me know. It's up to you. Take care!

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care!

@Swaroop Edit: Registered users have access to those logfiles, including experts and staff. Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall and remove all programs and all other products/folders/files for which you do not have a valid Product Key, including all "cracked" software. Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_2) (Version: 21.2.2.289 - Adobe Inc.) Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_3) (Version: 14.3 - Adobe Inc.) As already said in my first post: Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. More information here:

@Horizon10 Your system is clean. 😃 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care!

Hello @Swaroop and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please attach the requested zip file and we will be happy to assist you. Thank you!

@Horizon10 Well done! I've removed the "EmptyTemp:" command from your FRST script (as you've asked me to do so). This command would empty all temp files (including browsers) and can take some minutes as well. We often use this command as malware often puts it's files there. As there is no malware on your system, the fix was a quick one. You should update some programs (if your still need them) or uninstall them (if you don't need them anymore): Discord v.1.0.9026 Warning! Download Update Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care!

@Horizon10 Please follow those instructions from my last post and use the attached fixlist. Thank you! fixlist.txt

@MalwareVictim88 That are good news. You should update some programs (if your still need them) or uninstall them (if you don't need them anymore) or otherwise address these elements: Malwarebytes version 4.6.9.314 v.4.6.9.314 Warning! Download Update WinRAR 6.11 (64-bit) v.6.11.0 Warning! Download Update Discord v.0.0.309 Warning! Download Update Java 8 Update 351 (64-bit) v.8.0.3510.10 Warning! Download Update Microsoft Edge v.122.0.2365.92 Warning! Download Update Combo Cleaner v.1.0.58.0 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

@AdvancedSetup @Porthos @Horizon10 Please stand by... the admins will fix this. Did you try to attach the logfiles? Do NOT copy & paste.

@Horizon10 Only Experts and Staff (= very very limited persons) have access to your attachments, no other person. Your logfiles are only used to clean the system. 🙂 First of all, good news: There is no malware on your system. If you like, we can remove some orphans and check windows system files (Step 1). Moreover, we can check your programs if they are up to date by using SecurityCheck (Step 2). 1️⃣ We will use Farbar Recovery Scan Tool (FRST) to run a fix. FRST was downloaded together with MBST and should be located in your download folder: C:\Users\Adminn\Downloads\FRSTEnglish.exe The fix may take some time, please be very patient and do not interfere. Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\Adminn\Downloads\ in your case. You will find the file FRSTEnglish.exe (FRST) as well in this folder. Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. 2️⃣ Follow these instructions and attach the requested logfile called SecurityCheck.txt: