richardhc

Thank you so much Cli. I recommend Malwarebytes to all my customers as the very best. I'd hate to have to tell them to whitelist my own cruising guides. The warning notice "MachineLearning/Anomalous.100%" would really scare anyone - it even scared me!

I received a MachineLearning/Anomalous.100% for two programs I created myself and know it is 100% NOT malware. This is a false positive. The files are NEWCALCRUISING.exe and VANUATUCRUISING.exe (attached as zip files). Both files were built with Adobe Flash and the exe files are protected from pirates with Software Passport and run with a library of sub-files for sailing and navigating in New Caledonia and Vanuatu. See https://cruising-newcaledonia.com and https://cruising-vanuatu.com. These guides have been widely used by thousands of sailors for more than 20 years and are 100% safe. Please correct this false positive as we depend on sales for buying our groceries. The same software was used to develop our travel guides but these are not being tagged. The only difference is that the cruising guide exe files are wrapped with Software Passport to protect them from piracy. They have the be activated and after activation can only be used on the one computer. But the files being tagged as malware have already been activated on the computer for several years so it was not the process of activation that triggered the malware alert. It might have been the software checking the computer hardware details to be sure it was on the same computer. Here is the Malwarebytes log. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/17/24 Scan Time: 6:43 AM Log File: 9d945378-fc29-11ee-baad-64bc58688fca.json -Software Information- Version: 4.6.12.323 Components Version: 1.0.2309 Update Package Version: 1.0.83525 License: Premium -System Information- OS: Windows 11 (Build 22000.1936) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 362687 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 3 min, 36 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 MachineLearning/Anomalous.100%, C:\USERS\FEDDIE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Cruising Vanuatu.lnk, No Action By User, 0, 392687, , , , , EA6E3EA725A04BD40573108C3B510195, 91CEECDA2300FB1306B06123221EF598C1121D61F77FFC452BCD8CFBA218C853 MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\CRUISING VANUATU\VANUATUCRUISING.EXE, No Action By User, 0, 392687, 1.0.83525, , shuriken, , 7B9F5A5A252834231A76A5577A35F04E, 678DDFBAD5F8A3A4746BE2D5B6DB38BC4BC3A73F611D689D41B45679E39D310B MachineLearning/Anomalous.100%, C:\USERS\FEDDIE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Cruising New Caledonia.lnk, No Action By User, 0, 392687, , , , , F39E19BAA17EE197741686F98D7CD964, 4F314C5DEC3DE21E3E250BC4CC89B3E7BA055A1430E7709056EC908EC7037B90 MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\CRUISING NEW CALEDONIA\NEWCALCRUISING.EXE, No Action By User, 0, 392687, 1.0.83525, , shuriken, , F3B6732764F9E9BEDAD4FA9BA49ED9B9, B72C460F3821EBF78B9E63DB68018C02B2DEDABC0275E7DA6C2B6BA6A1855BDF Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) NEWCALCRUISING.zip

I ran AdwCleaner and TDSSKiller as recommended on the bleepingcomputer.com forum and after rebooting the Chinese Connection was gone and the Gmail login page in English, as normal. I'm attaching the log files. I don't suppose there's anyway of knowing how the computer got infected but I'm assuming, now that the malware is gone, the computer is OK to use and won't infect any other computer. Thanks for your help, Richard Addition.txt AdwCleaner[S00].txt

Hi Kevinf80, No I don't know what it is. I searched it and found an older Malwarebytes forum post on it recommending to clean the computer with Malwarebytes AdwCleaner. I'll give that a try.

Hi Kevin, No, if you start at the top of this thread you'll see that was the very first thing I tried. The puzzle is much more complicated than that. Have a browse through the thread so far. Cheers, Richardhc

Hi KevinF80, Did as you instructed and the log files are attached. - I copied the "fixlist.txt file" in the USB key where I had installed FRST portable. - I ran FRST with the "fix" button checked - Obtained log "Fixlog.txt" (attached) - Downloaded RogueKiller and ran it - While it ran (quite a long time), I got a message from my other antivirus (Avast) telling me it had found a bit of malware called "IDP.ALEXA.53" (see attached screen shot). I clicked "Move to virus chest", whereupon RK finished its scan (see attached screen shot)). - Clicked the "Report" button, then the "export as text file". This generated "RKlog.txt" (attached). Fixlog.txt RKlog.txt

Ok, I ran FRST and am attaching the two logs. I didn't click the "fix" button at the end of the process, should I have? FRST.txtAddition.txt

OK, I'll give it a try. I don't use Chrome either - I use Vivaldi (love it) - but tried Chrome and Edge to see if there was any difference there. I do use a VPN at times (Astril) but the first time I noticed the Chinese characters it was connected to a US server. I turned it off, deleted all Gmail and google cookies and still got the same characters. As I said, using another Win10 computer with the same software (including Astril) the Chinese characters don't appear. And they don't appear on any other web page either. Only the Gmail select account and login - not on the email account once logged in. And English is the computer default. Not sure Farbar will show anything useful unless it will detect a malware hidden in a registry setting ; I thought Malwarebytes would discover the problem. But I'll give it a try. Meanwhile I changed my gmail password and am not using that computer to access my email until I either do a fresh complete reinstall of Win10 or find another antivirus that does detect the problem. Thanks for your help, Richard

Here is the Malwarebytes scan of the Chinese Infected computer: Scan Chinese Puzzel computer.txt

Thanks Kevinf80. I tried your suggestion and it worked! But when I logged out of gmail and logged in again it was in Chinese again. The scary part of the Chinese puzzle is: 1. How did it get changed to Chinese in the first place and then change back again? I didn't do it. 2. What would a hacker want to know ? The login name and password. I used my cell phone to change the password on my google account but am afraid to use my working computer for my email until I find out what's going on - and why Malwarebytes and Windows Defender are not finding any malware. Any idea how the hack could operate or how it could be found????

Hi Kevin80, No, that doesn't help. Checking the language settings was one of the first things I did and it is set to English. Only. Important: The Chinese characters ONLY appear on the select an account and login page. The mailbox is in English as it was before. And, if I had the language settings wrong anywhere - why would this problem be on any browser on only one computer and not any other computer? That's the Chinese Puzzle. 🤔

Here is a screenshot from the gmail intro - asking to select an account - same thing on the enter password page - then all is normal after logging in.

Here's the puzzle, 1. The intro page of my Gmail account is in Chinese or some other Asian characters - but the inbox etc are in English. 2. On any other computer there is no Chinese intro on my Gmail, it's only on one computer; Windows 10 3. Gmail and browser language is set to English and the computer is English (only). 4. On the infected computer the Chinese intro appears in Edge and in Chrome browsers; so it is limited to one computer and not browser dependent. 5. Malwarebytes free does not find any malware and neither does Windows Defender. Does anyone have any suggestions on how to find and get rid of the hack? Thanks very much RichardHC

I have a Samsung Galaxy Tab A 2019 running and up to date Android 10 IOS. After installing the trial Malwarebytes premium the tablet would only charge when connected to my Windows 10 PC with the USB cord. I had to start developer mode on the tablet and change the USB settings to USB debugging on, Default USB configuration Transferring files / Android Auto, USBSettings Installed. Then it would connect to the PC and allow data to be sent as normal. BUT I have a DJI drone and wanted to use the tablet with the drone controller. It connects to the drone controller with the USB cord. But the tablet will not allow data transfer with the controller. It works with the PC but not the controller. Other DJI users with the same tablet and controller have no problem at all and the only thing that differs between their tablet and mine was that I installed the trial Malwarebytes premium - which expired because I live in New Caledonia and can't pay for apps on the Google Play Store. I've uninstalled the Android Malwarebytes but the tablet still refuses to share data with the drone controller. Can anyone advise me how to get it working again without resetting to the original factory settings?

Oh, good point. You're right of course.