dpwoodpecker
-
Posts
36 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dpwoodpecker
-
-
Thank you, @AdvancedSetup. Just a quick message that I've meeting this morning so will reply with more details later with my dilema as I'm at a crossroad: 1) transfer main data to 2nd laptop that's running on Windows 10, 2) on current laptop running Windows 7, attempt to upgrade or else upgrade to Windows 10 (possible incompatibility as this machine was made in 2013).
-
Uploading the SecurityCheck log file. I remembered that I've ran sfc /verifyonly on W7 machine on 7/27 with result as "Windows Resource Protection did not find any integrity violations." (At the time I didn't have a working bootable USB to make / restore backup images.)
So does the ESET scan results mean that the W7 machine is not infected with virus? That I can use Outlook on W7 and finish preparation to clone data over to W10 machine?
-
The ESET scan has finished with 7 resolved detections of possible unwanted applications. A few are programs I've downloaded but hadn't had time to test while the rest are 'false findings' - just older versions that should have been deleted anyway. The scan log file is uploaded and I'll proceed with the SecurityCheck by glas24.
-
[I was in the middle of this reply when the notification came in...don't know how to safe an-in-progress reply to check so will send in before reading your message.]
Hi again - I'd forgotten to also ask whether it's safe to use Outlook now and not have it zapped as before? The 1st scan report is uploaded and I have appointments in the two hours so won't be able to check / post till afterwards. Many Thanks!
2020-08-10 Malwarebytes after installation 1st scheduled threat scan report.txt
-
@AdvancedSetup I've reinstalled Malwarebytes and my uploaded screenshot shows the same info. I've scheduled for a threat scan to run five minutes ago and the "if missed scan at next opportunity" kicked in and will be scanning in another 2 minutes.
As for the "odd icons" in the previous post's uploaded image, it's the last two listed: the UniKeyNT.exe and Outlook were not running at the time of that screenshot - I've exited from all programs. And the icon "for Outlook" is the "mute volume" icon instead of the usual icon for Outlook.
So this is all MB related? Any way to be certain that there's no viruses etc., particularly in the Data partition? I want to be certain be for it's cloned to the W10 machine.
Also, I'd mentioned that Viber is a program (similar to Skype, WhatsApp) I use that need access to internet; do I need to add it to the "allowed list" of the Detection History category?
-
Okay, I'll download the installer & get updated component versions etc. Forgot to upload this image file earlier - when I was looking to see whether or not Malwarebytes icon would still be in the minimized tray...it's these little oddities that give the sense something has gone awry!
-
I the clean function and the computer restarted. But it did not do any of the steps stated after the restart. What do I need to do next?
-
Thank you, @AdvancedSetup! Please note, your instructions are for Windows 10 and the computer with which I'm having trouble is running Windows 7. So I'll skip the "Fast Startup" bit. I'll use the Malware Support Tool already downloaded and I assume that it will configure instructions for W7 instead of W10.
In the article link you gave, there's the caution: "Before the next step, make sure all your work is saved in the background." Does this mean I should make a backup image of all local drives or at least of my data partition (1/2 hr) before processing the clean function?
-
Recapping my situation: I have a XPS13 running W7 Professional (64bit) and MB premium (v4.1.2.73). I run Outlook, Firefox, and Chrome through Sandboxie. I got two MB alerts (In mid July and at end of July) with the RTP detection of “malware.ransomware.agent”. In the first instance, Outlook.exe outside of Sandboxie was zapped to 0kB and in the 2nd instance, Firefox.exe outside of Sandboxie didn’t get zapped but the Sandboxes I created for Firefox and for Chrome had both malfunctioned. Viber Desktop is another program that I run (but not through Sandboxie) which needs internet connection that also had got wiped out just before I had the incident with Outlook and that program also had to be reinstalled.
Does all these problems I have fit with the situation for which the following temporary solution has been suggested?
https://forums.malwarebytes.com/topic/261368-microsoft-office-blocked-by-ransomware-protection/
Secondly and more disturbing, Malwarebytes itself crashed two days ago. I have only screenshots of the crash dialog window that popped up and I did export the crash dump file & took screenshot of the location but didn’t look for it till today and now I can’t find it. As I kept on getting the Windows dialog box that Malwarebytes wasn’t running properly, through task manager I’d clicked “end task” to close Malwarebytes. It crashed yet again after I tried running it from Start menu I’m also uploading the 2nd set of screenshots of the crash dialog window “after end task”.
AlexSmith had given me links of two topic pages to help me get detailed logs for uploading. In the topic page “I'm infected - What do I do now?”, it was recommended to post the threat scan report. Today’s daily scheduled threat scan report is odd (wrong dates, Malwarebytes version incorrect, etc.) I have threat scan report of the 2 RTP detections (Jul 16 & Jul 28) downloaded before Malwarebytes’ crash. I started downloading scan reports 30 days back including the one for Jul 16 and the reports of the same day aren’t the same!
As guided by the topic page “Having problems using Malwarebytes? Please follow these steps”, I’ve downloaded and the Malwarebytes Support Tool to gather logs (uploaded).
As this current post hasn’t gotten a reply yet, I’m not comfortable to the repair process portion on my own without direct support of an expert helper, which hopefully will happen soon.
2020 Jul16 Malwarebytes RTP detection report #1.txt 2020 Jul28 Malwarebytes RTP detection report #2.txt 2020 Jul19 Malwarebytes full scan local drives report.txt 2020-07-16 Malwarebytes schedule Threat scan report - downloaded after MB crash.txt mbst-grab-results.zip
-
I have a XPS13 running W7 Professional (64bit) that had a MB (v4.1.2.73) alert of successfully stopping a "Malware.Ransomware.Agent" threat as I was using Outlook 2007 in Sandboxie. Outlook had immediately closed itself after the MB alert. In summary, Outlook.exe was zapped to 0kB but I eventually was able to reinstall the program & restore all my emails etc.I also have installed WinPatrol (* I’ve uninstalled it after learning that it’s no longer updated or supported) on W7 laptop and after those incidents, WinPatrol also started to give various alerts (of WerFault.exe service being added/removed from starting at Startup). I’ve used Macrium Reflect to make a backup image of all local drives of W7 laptop and started to setup another XPS13, running W10 Professional (64bit) to transition over.
I had posted on another forum for support with Macrium Reflect free edition to make the backup image, one forum member had advised to scan with MB, HitmanPro (which I’ve used before), and Emsisoft Emergency Kit. Scans using all three of these programs did not find any threats.
I also run Firefox in Sandboxie and just under 2 weeks after getting the 1st alert, had another MB alert of “successfully blocked a malware.ransomeware.agent threat”, when I used W7 laptop to search online as I setup the W10 machine. Sandboxie also gave error dialogs of not being able to properly run the Sandbox for Firefox program. Since getting this 2nd alert from MB, I’ve limited my use of W7 laptop, particularly not running Outlook to sync further emails etc. and concentrated on getting W10 machine up and running. I’ve screenshots of MB’s notifications of these alerts (but no files were listed as quarantined on dates associated with these alerts) – let me know if I need to upload them.
I then realized that I needed to send this post using the W7 laptop since all my screenshots and MB reports are on it. While I using W7 laptop last night, Malwarebytes ran its scheduled 2 custom scans (with no threats found) and as I clicked on ‘view’ to see the report, Window dialog box popped up that MB wasn’t running properly and either close program or allow it go online to try fix the problem and then close the program. The icon in the minimize tray was gone and clicking Start menu to run MB would bring me back to the same Windows dialog box that MB wasn’t running properly. I checked task manager and saw that MB was listed as one of programs I had currently running. I right-clicked and chose “end task” – it ended without incident. But when I tried again & clicked Start menu to run MB, this brought me back to the same Windows dialog that MB wasn’t running properly. I’d shutdown both W7 & W10 laptops for the night.
While I was using W7 machine this morning to continue with this post, MB had apparently recovered and had ran two of the scheduled scans I saved (one of C with ‘scan rootkit’ enabled and one of D(data partition) – ‘scan rootkit’ option wasn’t allowed) – a dialog box came up when it finished with these scans. Both scans didn’t find any threats. [**For some reason, my 8am scheduled threat scan didn’t run (even though option to ‘if missed, run at next opportunity’ was checked).]
Please help me with figuring out and removing the program (?) that is causing these problems on the W7 machine as I want to be certain that the backup image of the data partition is clean of malware/ransomware/viruses before I clone the image to the W10 machine. I also want to clean the OS partitions before I get it updated and be able to continue using it, mostly offline. Regrettably, the W7 machine is only updated to Dec 2017 (Group B). With much appreciation for all the guidance to be offered so that the W7 OS is soon fixed and I have clean data partition to clone over to W10 in next few days!
-
The Pro version on the website (https://store.malwarebytes.org) is an annual subscription but from various other sites, there are also the option for "lifetime" license - how valid are those offers? Also, when programs subch as Kaspersky or Malwarebytes etc are scanning, I should not be running any work programs, right? Lastly, how do I copy the Firefox settings I've done on the standard user account (with Noscripts, AdBlock etc.) to use in setting up Firefox on the admin account? or would I need to the setup manually again? Many thanks!
-
Thank you...I've repeated the key questions in that last post so your last reply had addressed them. The security system I have now installed is MS Essentials (and still have free edition of Malwarebytes to do manual scans) and will look into WinPatrol and the other programs you've share in earlier post. Your help have been tremendous in cleaning the embedded autorun files on the external HDDs along with additonal links / information on security and protection programs to prevent future infections! Good to know that this forum is available in case the laptop does act up later!
-
Thank you for all the help to clear up the isues on my laptop and external HDDs....I'd appreciate if you could comment on the last few questions posted earlier before considering this thread as 'solved':
should I also delete all the exe files downloaded to run those tests - no need to keep for future use?
I had chosen to use Ixquick search engine instead of google but briefly saw one of the tests deleted something associated with firefox.- what was wrong with this? could you explain the possible unwanted items so I know which ones I had installed that made the laptop more vulnerable?
what about when I plug in someone else's flash drive or USB HDD - should I vaccinatw all devices by default or already vaccinating my laptop would be enough to protect me - as I don't want to cause permanent effect to legitimate autorun programs on others' devices?
-
Also, could you explain more about these deleted items (ESET log)?
G:\autorun.inf Win32/AutoRun.ZB worm cleaned by deleting - quarantined
H:\autorun.inf Win32/AutoRun.ZB worm cleaned by deleting - quarantined
Is it possible to know whether it was due to whaich program, or in particuar the program FoxitReader620.0429_enu_Setup.exe, (which again came from link give on reputable forum)?
-
Yes, Delfix completed ok and I've installed MSE for now since Kaspersky 2014 add-ons are no longer compatible with current Firefox version. In addition to uninstalling ESET, should I also delete all the exe files downloaded to run those tests - no needed to keep for future use? they are still in the folder on the desktop - I'll archive the log files for now.
I had chosen to use Ixquick search engine instead of google but briefly saw one of the tests deleted something associated with firefox.- what was wrong with this? could you explain the possible unwanted items so I know which ones I had installed that made the laptop more vulnerable?
Firefox bookmark toolbar keeps getting "invisible" even with the choice checked - I'd have to uncheck and re-check for it to be visible and my Ixquick homepage doesn't get loaded anymore. How do I go about fixing this?
I plan to use USBVaccine on the laptop and on my two external HDDs but what about when I plug in someone else's flash drive or USB HDD - should I vaccinatw all devices by default or already vaccinating my laptop would be enough to protect me - as I don't want to cause permanent effect to legitimate autorun programs on others' devices?
By the way, for some reason, some of the tools you had me downloaded showed up as having "malware, trojans", or "suspicious" etc when scanned with VirusTotal or Anubis....similarly with the FreeFileSync program recommended by similar forum as this.
-
Uh oh....when I downloaded the programs for this process, it was on a non-admin account but ran it as administrator whenever prompted for it or as instructed to right-click. Hope doing it that way still had the tests vet out all possible malware or viruses!
Ok...onto downloading the clean up tools and running them.
As for the USBVaccine, I haven't plugged in either of external HDDs as yet but have marked 'vaccine computer' for now.
Thank you for all your help and I'll check the links provided to hopefully ensure no infection. What would be good indication on the log to show that all is well?
-
Here are two snips of the task manager processes tab on non-admin account with "show processes from all users" selected; SYSTEM is now shown as username and there is a description but the right-click selection to open file location still does nothing. However, when log on admin account, then it does take me to the SYSTEM32 folder.
Also attached is the log of FSS run on admin account with LAN ethernet plugged in.
Sorry but I need more detailed instructions as how to "give access to other users as deem suitable" after installing programs on admin account. I felt that it was safer to install on the standard account as this is the user I'd be using most of the time and will only log on to admin for diagnostic work (versus using programs to do work) so had only installed Macrium and the drivers under the admin account (if my memory serves me right) and installed the remainder of programs so far as standard user. (Is there a way and a place (within the registry?) to check under which user a program was installed?
I had planned to add shortcuts to the installed programs to a folder in the Public Documents for the admin account be able to access those shortcuts and I can run the programs from there as needed. But Windows 7 seems to segegrate each account despite the higher level of permissions on admin accounts (versus In XP, the admin account has access to all users' accounts data.) This line of thinking does not seem to work as I have found just now - I've had downloaded all the programs you listed to a folder on the destop and to run FSS on the admin account, I thought I just needed to put a shortcut of that program in the public folder, which should be accessible to all users on this laptop. But after logging on the admin account, I could not run FSS through that shortcut....finally had to copy the program itself to the public folder. Why did this not work?
As for the external HDDs, I cannot wipe them since they hold all the backups of my main work data. I will use Panda USB vaccine (on both the laptop and the HDDs, right and not just the HDDs?)
Is there a small and simple flashplayer program other than AdobeFlash? or it that program safe enough and to just enable only when I want to see a particular video? ---Many thanks!
-
This issue is that when I right click on each entry then select "open file location", nothing happens (that I can see), even when I tried doing this logged in on the admin account. Manually going to System32 folder, I do see these two exe files located there, however. Would this behavior indicate malware or some other sort of infection of major concern?
Is my system okay now for me to continue with core program installation? Would you recommend to continue to do this on the standard user account (and only give UAC permission when requested and for programs I know is safe)? Or should I installing programs from the admin account? As the logs show, I've only installed a handful.
FYI: I just realized that through this whole process, I wasn't checking to see if any of the steps taken had any effect on these two task manager items. also, I was using the infected laptop to access this forum to uploaded the logs etc. Additionally, my POP3 emails continued to be downloaded into Outlook and I did download 2 Word documents that were attached to an email from a friend....hmmm, Kaspersky was still not reinstalled (only Window Defender and Firewall were on) - all this was before running FSS again. So was this last log "clean" and that none of the above didn't re-infect my system?
Secondly, are the HDDs now considered 'clean'? I will definitely check into Panda USB vaccine.
Thank you for explaining on cautiously using freeware - I've been doing those particular steps and checking through teh EULA in case there are default check boxes embedded within. Foxit and FreeFileSync links came from similar forum as this and I was further advised to change the name of dowloaded executable to .disable as extra precaution to prevent it from running automatically.
Greately appreicate your sharing your system's security and browser protection - I had started using noscript after having signs of infections on laptop running XP....I haven't used Flash Block but also haven't installed Adobe Flash either (to see tutorial videos on this forum and similar ones, would VLC be sufficient or I do need to install Adobe Flash then disenable after watching the videos?
-
I just checked the processes tab of the task manager and the two executable files are still with no username and no description.
Please note that I still have not reinstalled Kaspersky, only Window Defender & Firewall are on. Since I have to install a security program, what would you recommend for security protection? do you have any experience with Comodo Antivirus & Firewall?
Also, would you mind explaining the log results of the steps done? So I would understand better on how to maintain the 'healthy' readings as well as knowing what was done to possiblly cause the errors. Much appreciation for your continued help!
-
The file didn't get attached for some reason
-
Here's the fresh log of FSS (FYI: laptop has access to internet and Window Defender is turned on):
-
Sorry, I only have a few minutes to check for a reply - will need to run the test later. I am still logging in on the standard user account so assume that I will need o run the services as an administrator, right?
-
I thought I had checked box "Uninstall application on close" for ESET but apparently not since there's still a ESET folder within which is a Quarantine folder along with the onlinescanner activeX control file, the OnlineScannerApp.exe and OnlineScannerUninstaller.exe - should I run the uninstaller?
-
Here's the results of the security check program (and as of riht now, Kaspersky is still uninstalled). I'd also appreciate if you could share links to safe freeware downloads for programs that were quarantined (FoxIt reader, VLC, etc. - all on external HDDs' partitions) and how to better protect the external HDDs from gettng infected again. Many thanks!
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
ransomware agent threat alerts + programs not running properly
in Resolved Malware Removal Logs
Posted
@AdvancedSetup, terribly sorry that I wasn't able to reply sooner...energy got zapped with vaccination shot!
I've put some work on hold as I had thought my W7 machine was infected by virus/ransomware. The 2nd machine running W10 is a newer machine so with all the scans we've done on the W7, is it safe to clone the data portion image made from W7 over to the W10 machine? I've used Macrium Reflect v7 to make the backup image.
After I've taken care of top priority work, then I'll check compatibility of the W7 machine for running W10; if it's not upgrade-able, then will it okay that I check back with you (via message) for help to get the necessary updates for W7?