dpwoodpecker

@AdvancedSetup, terribly sorry that I wasn't able to reply sooner...energy got zapped with vaccination shot! I've put some work on hold as I had thought my W7 machine was infected by virus/ransomware. The 2nd machine running W10 is a newer machine so with all the scans we've done on the W7, is it safe to clone the data portion image made from W7 over to the W10 machine? I've used Macrium Reflect v7 to make the backup image. After I've taken care of top priority work, then I'll check compatibility of the W7 machine for running W10; if it's not upgrade-able, then will it okay that I check back with you (via message) for help to get the necessary updates for W7?

Thank you, @AdvancedSetup. Just a quick message that I've meeting this morning so will reply with more details later with my dilema as I'm at a crossroad: 1) transfer main data to 2nd laptop that's running on Windows 10, 2) on current laptop running Windows 7, attempt to upgrade or else upgrade to Windows 10 (possible incompatibility as this machine was made in 2013).

Uploading the SecurityCheck log file. I remembered that I've ran sfc /verifyonly on W7 machine on 7/27 with result as "Windows Resource Protection did not find any integrity violations." (At the time I didn't have a working bootable USB to make / restore backup images.) So does the ESET scan results mean that the W7 machine is not infected with virus? That I can use Outlook on W7 and finish preparation to clone data over to W10 machine? 2020-08-10 SecurityCheck.txt

The ESET scan has finished with 7 resolved detections of possible unwanted applications. A few are programs I've downloaded but hadn't had time to test while the rest are 'false findings' - just older versions that should have been deleted anyway. The scan log file is uploaded and I'll proceed with the SecurityCheck by glas24. 2020-08-10 ESET scan log.txt

[I was in the middle of this reply when the notification came in...don't know how to safe an-in-progress reply to check so will send in before reading your message.] Hi again - I'd forgotten to also ask whether it's safe to use Outlook now and not have it zapped as before? The 1st scan report is uploaded and I have appointments in the two hours so won't be able to check / post till afterwards. Many Thanks! 2020-08-10 Malwarebytes after installation 1st scheduled threat scan report.txt

@AdvancedSetup I've reinstalled Malwarebytes and my uploaded screenshot shows the same info. I've scheduled for a threat scan to run five minutes ago and the "if missed scan at next opportunity" kicked in and will be scanning in another 2 minutes. As for the "odd icons" in the previous post's uploaded image, it's the last two listed: the UniKeyNT.exe and Outlook were not running at the time of that screenshot - I've exited from all programs. And the icon "for Outlook" is the "mute volume" icon instead of the usual icon for Outlook. So this is all MB related? Any way to be certain that there's no viruses etc., particularly in the Data partition? I want to be certain be for it's cloned to the W10 machine. Also, I'd mentioned that Viber is a program (similar to Skype, WhatsApp) I use that need access to internet; do I need to add it to the "allowed list" of the Detection History category?

Okay, I'll download the installer & get updated component versions etc. Forgot to upload this image file earlier - when I was looking to see whether or not Malwarebytes icon would still be in the minimized tray...it's these little oddities that give the sense something has gone awry!

I the clean function and the computer restarted. But it did not do any of the steps stated after the restart. What do I need to do next?

Thank you, @AdvancedSetup! Please note, your instructions are for Windows 10 and the computer with which I'm having trouble is running Windows 7. So I'll skip the "Fast Startup" bit. I'll use the Malware Support Tool already downloaded and I assume that it will configure instructions for W7 instead of W10. In the article link you gave, there's the caution: "Before the next step, make sure all your work is saved in the background." Does this mean I should make a backup image of all local drives or at least of my data partition (1/2 hr) before processing the clean function?

Recapping my situation: I have a XPS13 running W7 Professional (64bit) and MB premium (v4.1.2.73). I run Outlook, Firefox, and Chrome through Sandboxie. I got two MB alerts (In mid July and at end of July) with the RTP detection of “malware.ransomware.agent”. In the first instance, Outlook.exe outside of Sandboxie was zapped to 0kB and in the 2nd instance, Firefox.exe outside of Sandboxie didn’t get zapped but the Sandboxes I created for Firefox and for Chrome had both malfunctioned. Viber Desktop is another program that I run (but not through Sandboxie) which needs internet connection that also had got wiped out just before I had the incident with Outlook and that program also had to be reinstalled. Does all these problems I have fit with the situation for which the following temporary solution has been suggested? https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/ Secondly and more disturbing, Malwarebytes itself crashed two days ago. I have only screenshots of the crash dialog window that popped up and I did export the crash dump file & took screenshot of the location but didn’t look for it till today and now I can’t find it. As I kept on getting the Windows dialog box that Malwarebytes wasn’t running properly, through task manager I’d clicked “end task” to close Malwarebytes. It crashed yet again after I tried running it from Start menu I’m also uploading the 2nd set of screenshots of the crash dialog window “after end task”. AlexSmith had given me links of two topic pages to help me get detailed logs for uploading. In the topic page “I'm infected - What do I do now?”, it was recommended to post the threat scan report. Today’s daily scheduled threat scan report is odd (wrong dates, Malwarebytes version incorrect, etc.) I have threat scan report of the 2 RTP detections (Jul 16 & Jul 28) downloaded before Malwarebytes’ crash. I started downloading scan reports 30 days back including the one for Jul 16 and the reports of the same day aren’t the same! As guided by the topic page “Having problems using Malwarebytes? Please follow these steps”, I’ve downloaded and the Malwarebytes Support Tool to gather logs (uploaded). As this current post hasn’t gotten a reply yet, I’m not comfortable to the repair process portion on my own without direct support of an expert helper, which hopefully will happen soon. 2020 Jul16 Malwarebytes RTP detection report #1.txt 2020 Jul28 Malwarebytes RTP detection report #2.txt 2020 Jul19 Malwarebytes full scan local drives report.txt 2020-07-16 Malwarebytes schedule Threat scan report - downloaded after MB crash.txt mbst-grab-results.zip

I have a XPS13 running W7 Professional (64bit) that had a MB (v4.1.2.73) alert of successfully stopping a "Malware.Ransomware.Agent" threat as I was using Outlook 2007 in Sandboxie. Outlook had immediately closed itself after the MB alert. In summary, Outlook.exe was zapped to 0kB but I eventually was able to reinstall the program & restore all my emails etc. I also have installed WinPatrol (* I’ve uninstalled it after learning that it’s no longer updated or supported) on W7 laptop and after those incidents, WinPatrol also started to give various alerts (of WerFault.exe service being added/removed from starting at Startup). I’ve used Macrium Reflect to make a backup image of all local drives of W7 laptop and started to setup another XPS13, running W10 Professional (64bit) to transition over. I had posted on another forum for support with Macrium Reflect free edition to make the backup image, one forum member had advised to scan with MB, HitmanPro (which I’ve used before), and Emsisoft Emergency Kit. Scans using all three of these programs did not find any threats. I also run Firefox in Sandboxie and just under 2 weeks after getting the 1st alert, had another MB alert of “successfully blocked a malware.ransomeware.agent threat”, when I used W7 laptop to search online as I setup the W10 machine. Sandboxie also gave error dialogs of not being able to properly run the Sandbox for Firefox program. Since getting this 2nd alert from MB, I’ve limited my use of W7 laptop, particularly not running Outlook to sync further emails etc. and concentrated on getting W10 machine up and running. I’ve screenshots of MB’s notifications of these alerts (but no files were listed as quarantined on dates associated with these alerts) – let me know if I need to upload them. I then realized that I needed to send this post using the W7 laptop since all my screenshots and MB reports are on it. While I using W7 laptop last night, Malwarebytes ran its scheduled 2 custom scans (with no threats found) and as I clicked on ‘view’ to see the report, Window dialog box popped up that MB wasn’t running properly and either close program or allow it go online to try fix the problem and then close the program. The icon in the minimize tray was gone and clicking Start menu to run MB would bring me back to the same Windows dialog box that MB wasn’t running properly. I checked task manager and saw that MB was listed as one of programs I had currently running. I right-clicked and chose “end task” – it ended without incident. But when I tried again & clicked Start menu to run MB, this brought me back to the same Windows dialog that MB wasn’t running properly. I’d shutdown both W7 & W10 laptops for the night. While I was using W7 machine this morning to continue with this post, MB had apparently recovered and had ran two of the scheduled scans I saved (one of C with ‘scan rootkit’ enabled and one of D(data partition) – ‘scan rootkit’ option wasn’t allowed) – a dialog box came up when it finished with these scans. Both scans didn’t find any threats. [**For some reason, my 8am scheduled threat scan didn’t run (even though option to ‘if missed, run at next opportunity’ was checked).] Please help me with figuring out and removing the program (?) that is causing these problems on the W7 machine as I want to be certain that the backup image of the data partition is clean of malware/ransomware/viruses before I clone the image to the W10 machine. I also want to clean the OS partitions before I get it updated and be able to continue using it, mostly offline. Regrettably, the W7 machine is only updated to Dec 2017 (Group B). With much appreciation for all the guidance to be offered so that the W7 OS is soon fixed and I have clean data partition to clone over to W10 in next few days!

The Pro version on the website (https://store.malwarebytes.org) is an annual subscription but from various other sites, there are also the option for "lifetime" license - how valid are those offers? Also, when programs subch as Kaspersky or Malwarebytes etc are scanning, I should not be running any work programs, right? Lastly, how do I copy the Firefox settings I've done on the standard user account (with Noscripts, AdBlock etc.) to use in setting up Firefox on the admin account? or would I need to the setup manually again? Many thanks!

Thank you...I've repeated the key questions in that last post so your last reply had addressed them. The security system I have now installed is MS Essentials (and still have free edition of Malwarebytes to do manual scans) and will look into WinPatrol and the other programs you've share in earlier post. Your help have been tremendous in cleaning the embedded autorun files on the external HDDs along with additonal links / information on security and protection programs to prevent future infections! Good to know that this forum is available in case the laptop does act up later!

Thank you for all the help to clear up the isues on my laptop and external HDDs....I'd appreciate if you could comment on the last few questions posted earlier before considering this thread as 'solved': should I also delete all the exe files downloaded to run those tests - no need to keep for future use? I had chosen to use Ixquick search engine instead of google but briefly saw one of the tests deleted something associated with firefox.- what was wrong with this? could you explain the possible unwanted items so I know which ones I had installed that made the laptop more vulnerable? what about when I plug in someone else's flash drive or USB HDD - should I vaccinatw all devices by default or already vaccinating my laptop would be enough to protect me - as I don't want to cause permanent effect to legitimate autorun programs on others' devices?

Also, could you explain more about these deleted items (ESET log)? G:\autorun.inf Win32/AutoRun.ZB worm cleaned by deleting - quarantined H:\autorun.inf Win32/AutoRun.ZB worm cleaned by deleting - quarantined Is it possible to know whether it was due to whaich program, or in particuar the program FoxitReader620.0429_enu_Setup.exe, (which again came from link give on reputable forum)?