nasdaq

Hi t1m89 Thank you for your comments. You may not be aware but you are not authorized to post in some else's topic. I strongly suggest that you start your own topic. The infection may not be the same on your system. You can follow this topic but do not post any additional information. We can find any advice you post in your own topic. ==== Heliton That is good news. Keep an eye on it for a few days and let me know if it returns. I read a topic this morning that this may be hidden in the PowerShell. I'm not well verse with thiis Script but we can get help if needed. Keep me posted.

Hi, I just look at your TdssKiller log and the compromised files were identified. I taught you knew about it so I let it be. Run the TDsskiller tool and fix these entries. Restart the computer normally. Run my last Farbar fix one one time. Let me know if the problem persists.

hi, The run keys are clean. Is this still reported by Mwalwarebytes? O Malwarebytes identifica ameaça, como Trojan.Agent.BTMGen localizado no Windows/Temp/Conhost.exe ?

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If the problem persists run this program. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Your logs are clean. Please navigate to this topic. Real Time Protection turning off Follow the instructions in post No. 3 on this topie. https://forums.malwarebytes.com/topic/219790-real-time-protection-turning-off/ Let me know if the problem persists.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know if the problems persists. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === What app are you talking about? === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Nothing malicious was found in your logs. Navigate to this topic. Real Time Protection turning off https://forums.malwarebytes.com/topic/219790-real-time-protection-turning-off/ Follow the instructions on the topic and let me know if the problem persists.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If the problem persists run this program. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === ATTENTION: System Restore is disabled Turn System Restore ON for Drives in Windows 10 - Immediately. http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.htm === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === If the problem persists change the setting. These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === Please post the fixlog.txt and let me know if the problem persists.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Yes, Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hi, That key is clean. There are 3 others run keys. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce. For each one of the search the Registry. export each key. Give each file a new name and post the results. Use more than 1 topic if you want.

Run Malwarebytes, scan the computer and post the log.

Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === I found this in you logs. It looks OK but I think I was wrong. If you know what it is DO NOT RUN THE fix as suggested. Let me know if the problem persists. fixlist.txt

Hi, I know why the log was long. I asked that you navigate to this key. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Run the Regedit.exe What you need to do is Click HKEY_LOCAL_MACHINE Click Software then, Microsoft, then Windows, then CurrentVersion, then Run[/b] Now that run key will be highlighted. Export the key and name it 2run.reg Exit the Registry edition. You should be able to copy the text and past it in your next reply.

Hi The files and folders are no longer on the hard disk. Lets see what we can find in the Registry. Run the Farbar program .exe as an Administrator. In the Search text area, copy and paste the following: Malwarebytes;MBAM Once done, click on the Search Registry button and wait for FRST to finish the search On completion, a log will open in Notepad. Copy and paste its content in your next reply ==== Run the Farbar program and post a fresh FRST.TXT log. I will check if any letf over items are reported.

Let's check your BIOS and Master boot record. Read carefully and follow these steps. TDSS Download TDSSKiller and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application. Then click on Start Scan. If a suspicious file is detected, the default action will be Skip, click on Continue. If an infected file is detected, the default action will be Cure, click on Continue. Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. === Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it. Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT Please paste the contents of that log in your next reply. There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply. === Wait for further instructions.

Open the My_Run.txt in Notepad file Copy half of the text to the clipboard. Click the File menu in Notepad. Select new file. Paste the contents in the new file, Save the File as My_run1.txt Copy the second half create a new file and paste the contents. Save the file as My_run2.txt Post or attach the files.

Break it in 2. Use 2 replays.

Can you Copy and paste the results. In this topic or in a personal message.

Hi, Sorry about that. When I opened your Personal message I was transferred to your topic. I taught I was posting in the PM environment. === Go for a clean install of Malwarebytes, see if that helps... Totally Remove Malwarebytes from your system: Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice. Close all open applications Double-click and run mb-clean.exe A prompt with an option to clean up the system will appear: Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended) No - will exit the utility Once the cleanup process is completed, a prompt will appear: Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended) No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended) We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s). Upon reboot, a prompt will appear: Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended) No - will exit the utility and the cleanup process is complete... Does clear the issue..? <<<>>>

Hi, Please post the MBAM log for my review.

Hi, Your logs are clean. Take care of this. ATTENTION: System Restore is disabled Turn System Restore ON for Drives in Windows 10 - Immediately. http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === I recommend that your delete these 2 Chrome extensions with are PUP (Potentionnally Unwanted Programs) CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-06-22] CHR Extension: (Popup Blocker Pro) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2018-09-13] Read about it. https://www.bleepingcomputer.com/news/security/chrome-extensions-android-and-ios-apps-caught-collecting-browsing-data/ === You will still be protected but you will not get a message from Malwarebytes. Your call. ===

Please post the log for my review.

Hi, Rename the file My_Run.txt I should be accepted.