nasdaq

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === These attacks may be stopped by Malwarebytes and you are notified accordingly. Chech the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If the problem persists please run this Farbar program and post the logs for my review. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. ===

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === I have identified a bad SmartService infection. You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC... Let me know if you have this access. I need to know first if you can enable the Recovery Environment... Open FRST on the compromised computer: copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply. Wait for further instructions. <<<>>>

Hi, I was waiting for the Fixlog.txt that was created from running the fix.

Hi, Is the problem still persisting?

Hi, This should fix the issue. This is part of the application hardening in the Anti-Exploit component of Malwarebytes. To enable VBScript in IE you must open Malwarebytes and go to Settings>Protection and beneath Real-Time Protection click the Advanced Settings button below the [Exploit Protection[/b] section. Within the Anti-Exploit Settings window that opens, uncheck the box next to Disable Internet Explorer VB Scripting under Browsers in the Application Hardening tab (the first tab). Keep me posted.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === You should not reply to that message. === I undertand that Yahoo Messenger was DISCONTINUED on July 17,2018 You cand remove this program in bold via the Control Panel > Programs > Programs and Features. Your call. Yahoo Messenger (HKU\S-1-5-21-570971111-144817335-405987693-1001\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc) === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === If not all ready done, you should change your passwords. Any remaining issue? fixlist.txt

Glad we could help.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === ATTENTION: System Restore is disabled Turn System Restore On for Drives in Windows 10 http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === Other than the System restore issue your logs are clean. == Could this be just notifications from Malwarebytes that these attacks were done with. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === Keep me posted.

stargirl29 I'm listening.

Lets proceed: Preparing the USB Flash Drive Boot up your spare PC: Plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate. Next, On that same PC download the right version of Farbar program for your system to Desktop or the Flash drive. 64-bit or 32 bit version. Select the one you need. https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ If the files were saved on the Desktopl Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive Do not plug Flash Drive into sick PC until booted to Recovery Environment. === Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 Select in this order "Troubleshoot" > "Advance Options" > "Command Prompt" Once in the command prompt Plug your USB Flash Drive in the infected computer In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Scan button and wait for the scan to complete A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply. p.s. If at any time you need additional information please ask before proceeding. Wait for further instructions.

Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Please let me know if the problem persists. fixlist.txt

Hi, Your PATH looks good. Run the CMD.EXE as an Administrator. Type or copy this line at the prompt bcdedit.exe /set {bootmgr} displaybootmenu yes next Type or copy this line at the prompt bcdedit.exe /set {default} recoveryenabled yes For both commands you should see this reply. The operation completed successfully. Can you confirm this? Or is booting the (bootmgr) still a problem?

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === The program should be removed. There could be many traces of this application on your computer. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. I will submit a fix to remove all traces.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === There are cases when software installers mess up our Windows environment variables. When the environment variables get messed up, it could lead to trouble with other programs that share the same environment variable. One such symptom is the following error: We have to take care of this error. 1. Right-Click on My Computer icon 2. Select the Advanced tab 3. Click on Environment Variables 4. Under "System Variables" locate Path and choose 'EDIT'. 5. Copy this entire string and paste it into Notepad for safe keeping. Safe the file as My_Path.txt Attach the file for my review.

Glad we could help.

Hi, Yes I know just look at the Notifications as I have suggested. Set it to Off. If you want me to check the status of your computer run this program and post the logs for my review. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === DAEMON Tools driver. https://www.computerhope.com/forum/index.php?topic=97279.0 If DAEMON tool is no longer on your computer you can clean it.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Your logs are clean. This looks like a Notification issues. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === Restart the computer when completed. Let me know if the problem persists.

Hi, If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === ATTENTION: System Restore is disabled Turn System Restore On for Drives in Windows 10 http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === Did you install these programs? They may generate Ads. Your call if you want to keep them. To remove these programs in bold via the Control Panel > Programs > Programs and Features. PrinceCoupon (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "") <==== ATTENTION ProShopper (HKLM-x32\...\{8F213470-964F-4092-6B31-BC7570F31B5A}) (Version: - ProShopper) <==== ATTENTION === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Let me know if all is well. fixlist.txt

Hi, I have identified a bad SmartService infection. You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC... Let me know if you have this access. I need to know first if you can enable the Recovery Environment... Open FRST on the compromised computer: copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply. Wait for further instructions. <<<>>>

No problems keep me posted.

Hi, Your logs are clean. Is this still an issue? === Is Windows Defender up to date or do you have problems with it. What other issues are pending?

Has the problem been solved?

Hi, Is this a notifications from Malwarebytes and the computer is running OK? Check this out. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png ===

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Malwarebytes may be working well. These could be just Notifications of it. Check this out. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If the problem persists execute the program. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review.