Jump to content

SQx

Trusted Advisors
  • Posts

    198
  • Joined

  • Last visited

Reputation

4 Neutral

1 Follower

Profile Information

  • Location
    Searching ...
  • Interests
    CyberSecurity, Network Security, Database Security, Threat Detection and Response

Recent Profile Visitors

2,239 profile views
  1. Then it's better to work with your ISP to find the right solution. If bad actor gains access to your router and manipulates routes (like dns spoofing, cache poisoning, etc) the second (intermediate) router will not help in this case. Please ensure that you follow the guidelines provided above.
  2. Hello _hv, No malware was found, just leftovers. 1. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\21MUdbtLYt C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\jklKe C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\kmPxbS C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\zs2trQF69 C:\WINDOWS\system32\Drivers\etlhMkW04 C:\WINDOWS\system32\Drivers\bSjD0l C:\WINDOWS\system32\Drivers\VPfvJcrgRY C:\WINDOWS\system32\Drivers\btLYtVYV End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. 2. please run AV scanner just to be sure. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply
  3. Greetings, 1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/crack&threatid=2147734096&enterprise=0 Name: HackTool:Win32/crack 2. I found torrent app in your logs. Please note, almost all of the Torrent Clients have multiple detections and should not be installed on your system. However, if you choose to do so, you're increasing your system's attack surface area, which can increase the risk of infection. 3. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions File: C:\WINDOWS\System32\drivers\hanvonugeemfilter.sys Folder: C:\Windows\System32\Tasks_Migrated Folder: C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning Folder: C:\WINDOWS\system32\Drivers\etlhMkW04 Folder: C:\WINDOWS\system32\Drivers\bSjD0l Folder: C:\WINDOWS\system32\Drivers\VPfvJcrgRY Folder: C:\WINDOWS\system32\Drivers\btLYtVYV End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply.
  4. Perfect, thank you for the details. We can proceed with cleanup of tools we used. 1. To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. 2. Any other download file I had you download, you may delete. 3. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
  5. Please confirm that you don't have other devices and you have followed the following instructions? 1.Sign out & turn off sync. To delete synced info from your Google Account: On your Android device/computer, open Chrome Chrome. Go to chrome.google.com/sync. Scroll to Clear Data and click it. Please note: that all sync data will be deleted from your Google Account. 2.Reset the Chrome setting and clean the data in Chrome if you don't need them, otherwise ignore this.
  6. Yes, if you are using the same account (email) and most likely because of this, sync restores data on the computer, so you could check this by temporarily disabling sync on your phone, clearing the sync data in google account and checking if the issue returns. 1. Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following: Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.3.0 - IObit) 2.Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: Task: {FADBF632-2756-44CD-A9D6-C0721504FF02} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.3.0\AutoUpdate.exe [2525160 2024-02-27] (IObit CO., LTD -> IObit) File: C:\Windows\System32\drivers\BthA2dp.sys File: C:\Windows\System32\drivers\bthhfenum.sys 2024-03-08 15:03 - 2024-03-08 15:04 - 000002356 _____ C:\Users\Public\Desktop\Driver Booster 11.lnk 2024-03-08 15:03 - 2024-03-08 15:03 - 000003272 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (SMD) 2024-03-08 15:03 - 2024-03-08 15:03 - 000003150 _____ C:\Windows\system32\Tasks\Driver Booster Update 2024-03-08 15:03 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 11 2024-02-26 17:37 - 2024-03-15 04:04 - 000000000 ____D C:\Users\PCZONE.GE\AppData\Roaming\IObit 2024-02-26 17:37 - 2024-03-08 15:03 - 000000000 ____D C:\ProgramData\ProductData 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\ProgramData\IObit 2024-02-26 17:37 - 2024-02-26 20:20 - 000000000 ____D C:\Program Files (x86)\IObit 2024-02-26 17:37 - 2024-02-26 17:37 - 000000000 ____D C:\Users\PCZONE.GE\AppData\LocalLow\IObit End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop Post the log in your next reply.
  7. Thank you for the fixlog.txt log. Please reply this: it's a PUP(potentially unwanted program), that may negatively affect to the computer's performance. Could you please provide new FRST logs (frst.txt and addition.txt)?
  8. Greetings, Please let me know if you are using sync in your android smartphone as well? 1. Malwarebytes forum does not support piracy, please remove all piracy software, otherwise our help will be useless. See example below: Name: HackTool:Win32/Keygen!MSR Severity: High Category: Tool Path: file:_C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe; process:_pid:28068,ProcessStart:133538071495232311 Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EDRW v13 Activator v2.1 - De!.exe 2. Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following: IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.3.0.2 - IObit) 3. Please check this article: Turn notifications on or off - Google Chrome 4. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: CloseProcesses: ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Task: {2C958C1F-3B49-4402-AF03-C9E47B6A91E1} - System32\Tasks\GoogleUpdateTaskMachineCore{A530A92D-B741-45C3-B0B2-FD7BA8701B92} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File) Task: {B949BF25-AA58-47AD-A793-55C858C103B7} - System32\Tasks\GoogleUpdateTaskMachineUA{6073D170-6BB9-42DF-A852-D169510A02DC} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File) S3 2BNO5Wpm; C:\Users\PCZONE.GE\AppData\Local\Temp\2BNO5Wpm [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 CXFl7xm2; C:\Users\PCZONE.GE\AppData\Local\Temp\CXFl7xm2 [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 MBK8elxp; C:\Users\PCZONE.GE\AppData\Local\Temp\MBK8elxp [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S3 xmIkHRNt; C:\Users\PCZONE.GE\AppData\Local\Temp\xmIkHRNt [43216 2024-03-08] (PassMark Software Pty Ltd -> ) <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop Please note: The computer will reboot after execution Post the log in your next reply.
  9. Hello Henry, Please can you provide any examples to be sure that we have necessary guide/strategy that can help you. Could you please provide the model and vendor name of your router if you are using one. Have you contacted Consumer Support as was recommended before? https://support.malwarebytes.com/hc/en-us/requests/new Thank you.
  10. Greetings, Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Thank you
  11. Greetings, It is preferable to attach logs to the forum to get transparent assistance. As you have been told before, the only private information would be if you used your real name for your profile name. You can send me the logs via Private Message if you like @Resssss
  12. Greetings, Yeah, according your log Windows Resource Protection found corrupt files and successfully repaired them. So should be ok now. Please let me know otherwise. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal
  13. Hello Toastedsnow, Thank you for the info, please let's try the following. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: CloseProcesses: cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: sfc /scannow cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\quick\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\resource\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\results\system\*.*" StartPowershell: Set-MpPreference -ScanPurgeItemsAfterDelay 1 Update-MpSignature Get-MpComputerStatus Get-MpPreference EndPowershell: ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions Folder: C:\Windows\System32\Tasks_Migrated End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. Please note the computer will reboot.
  14. Please clarify if the Windows Defender is still showing detection?
  15. Hello Toastedsnow, It looks like the defender's history needs to be cleaned up. Please do the following to run a FRST fix. NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Start:: CreateRestorePoint: CloseProcesses: cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\*.*" cmd: del /s /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" End:: Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer. Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your Desktop. Post the log in your next reply. Please note the computer will reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.