[Malwarebytes scans reveal malware after removnig it and restarting the PC]

Hello @Cmoud24 and :

Thank you for the attached scan report. A successful removal of the persistent malware mechanism will require sequential execution of the steps that follow.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then sequentially follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention to the instructions in all the following links.

• If you have not done so already, Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads. Make sure to turn it back on once the scans are completed.
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed.
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention to the instructions in all the following links.

1. Click the following link and run a Scan with AdwCleaner Alternative AdwCleaner download
2. Click the following link and run a Scan with Malwarebytes Alternative MB5 download
      RESTART the computer
3. Click the following link and run a Scan with Farbar Recovery Scan Tool  
    

Example image of where to click to attach the 5 files when posting your reply

 

Thank you.

[Malwarebytes browser guard preventing logging in to various sites]

Hello @jsljustin and welcome back:

Although the MBG v2.6.27 extension's Download Debug Logs may be later requested, for now, please reply with the exact URLs with an issue.

In your reply, please Copy/Paste the URLs in question in a BBC Code tag box using the forum's [ <> ] code option from the reply's menu bar above.

Thank you.

[adwcleaner 8.4.2 aborts before completing - please fix it]

Hello @Jerry008:

Please let us know if you still with us.

Thank you.

[Malware situation]

Hello @slimez246:

Help will be here when you're ready. Please read carefully and reply when you have all 5 files.

Thank you.

[Bruce Schneier's Crypto-Gram]

 

Schneier on Security, August 15, 2024

Quote

In this issue:

1. Hacking Scientific Citations
2. Cloudflare Reports that Almost 7% of All Internet Traffic Is Malicious
3. Criminal Gang Physically Assaulting People for Their Cryptocurrency
4. Brett Solomon on Digital Rights
5. Snake Mimics a Spider
6. 2017 ODNI Memo on Kaspersky Labs
7. Robot Dog Internet Jammer
8. Data Wallets Using the Solid Protocol
9. The CrowdStrike Outage and Market-Driven Brittleness
10. Compromising the Secure Boot Process
11. New Research in Detecting AI-Generated Videos
12. Providing Security Updates to Automobile Software
13. Education in Secure Software Development
14. Leaked GitHub Python Token
15. New Patent Application for Car-to-Car Surveillance
16. On the Cyber Safety Review Board
17. Problems with Georgia’s Voter Registration Portal
18. People-Search Site Removal Services Largely Ineffective
19. Taxonomy of Generative AI Misuse
20. On the Voynich Manuscript
21. Texas Sues GM for Collecting Driving Data without Consent
22. Upcoming Speaking Engagements

 

 

[Blocked outbound powershell connections.]

Hello @Olav and

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[Sality.an trojan infected my main computer - and possibly router]

 

Hello @Nerdcore and :

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool  
    

Example image of where to click to attach 5 files when posting your reply

 

Thank you.

[Malware situation]

 

Hello @slimez246 and

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool  
    

Example image of where to click to attach 5 files when posting your reply

 

Thank you.

[Scan stuck and cannot cancel it in Malwarebytes version 5.4.1]

Hello @TonyHack:

Excellent! Updating your topic is greatly appreciated.

I'll request your topic be classified as Resolved.

Thank you.

[[ RESOLVED ] Suspected botnet malware still persists after complete zeroing of the disk.]

Hello @hawkactual and

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[Tails]

Tails 6.6 (stable) has been released. (13-August-2024)
Home | Downloads | Hashes | Changelog | Documentation | Support | FAQ | Known issues | News | 

Quote

Changes and updates

• Update Tor Browser to 13.5.2.

• Update Thunderbird to 115.14.0.

• Update many firmware packages. This improves the support for newer hardware: graphics, Wi-Fi, and so on.

• Detect new types of errors when resizing the system partition fails (the first time Tails is started) and report the following error message.

  Something went wrong when starting your Tails USB stick for the first time:
  resizing the system partition failed
  
  It will be impossible to create a Persistent Storage or apply automatic upgrades.

  Affected users can try to install Tails again or use a different USB stick.

Fixed problems

Persistent Storage

• Increase the maximum waiting time to 4 minutes when unlocking the Persistent Storage before returning an error. (#20475)

• Made the creation of the Persistent Storage more robust after starting a Tails USB stick for the first time. (#20451)

• Prevent the Persistent Storage settings from freezing after opening a link to the documentation. (#20438)

• Prevent Additional Software from crashing when installing virtual packages. (#20477)

Networking

• Fix connecting to the Tor network using default bridges. (#20467)

• Allow enabling multiple network interfaces again. (#20128)

Tails Cloner

• Remove 30 seconds of waiting time when installing by cloning. (#20131)

For more details, read our changelog.

 

[adwcleaner 8.4.2 aborts before completing - please fix it]

Hello @Jerry008 and :

Thank you for the Copy/Paste of the Malwarebytes AdwCleaner log, although an attachment of the entire log file is much more preferred.

Please follow-up with the above requested mbst-grab-results.zip as illustrated in the automated reply and attach to your next reply to this topic.

Thank you.

CC: @jboursier

[Firefox 130.0.1 release now available]

Version 129.0.1, first offered to Release channel users on August 13, 2024

Quote

Fixed

• Fixed playback issues on some websites with copyrighted video served via digital rights management. (Bug 1911283)

• Fixed a crash when dragging a video file onto some websites. (Bug 1910990)

   

 

[Scan stuck and cannot cancel it in Malwarebytes version 5.4.1]

Hello @TonyHack and welcome back:

The Apple device likely has mass storage (HDD/SSD) with built-in S.M.A.R.T. technology.

If the Apple device does not already have an optional utility for reporting the individual attribute status details for mass storage, please consider installing such a utility and reply to this topic with any individually numbered, non-zero, status attributes that may be alerting to present/future failures.

Although other fine utilities exist, Smartmontools/GGSmartControl are free but may have a steep learning curve for some.

Thank you.

 

[7-Zip]

 

7-Zip | Homepage | Downloads | History | FAQs | Support | Links | Forum |

The latest stable version of 7-Zip is v24.08 and was released on 11-August-2024.

Quote

 

7-Zip 24.08

• The bug in 7-Zip 24.00-24.07 was fixed:
  For creating a zip archive: 7-Zip could write extra zero bytes after the end of the archive, if a file included to archive cannot be compressed to a size smaller than original.
  The created zip archive is correct except for the useless zero bytes after the end of the archive.
  When unpacking such a zip archive, 7-Zip displays a warning:
  "WARNING: There are data after the end of archive".
• The bug was fixed: there was a leak of GDI objects (internal resources in Windows) in "Confirm File Replace" window, causing problems after 1600 displays of "Confirm File Replace" window from same running 7-Zip process.
• Some optimizations for displaying file icons in 7-Zip File Manager and in "Confirm File Replace" window.
• Some bugs were fixed.

 

 

 

[Malwarebytes for Mac Beta v.5.4.1]

Hello @Jlolly and :

Currently that is correct. No versions of MB5 for Mac have been made available to test with macOS 15 Sequoia yet.

Reference:

https://forums.malwarebytes.com/topic/314818-macos-sequoia-unable-to-install/

Please check back no earlier than next month.

Thank you.

[After pc opened, chrome browser randomly appears]

Hello  @cryobtye and :

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool  
    

Example image of where to click to attach files when posting your reply

 

Thank you

[System32 inbound connection]

For staff use.

https://www.abuseipdb.com/check/79.124.62.134

https://www.virustotal.com/gui/url/371639712a6d3d56330ab04d4cf0170f671f07a005447931f0486077584b19fb?nocache=1

 

PING @AdvancedSetup

[Windows Downdate: Downgrade Attacks Using Windows Updates]

Quote

Downgrade attacks—also known as version-rollback attacks—are a type of attack designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.

CVE-2024-21302 and CVE-2024-38202

More...

 

[1Password]

 

Wiki | 1Password | Downloads | Support | Release Notes | Blog | Newsletter | Password Generator | Username Generator |

1Password 8.10.39-2 for Windows has been released. (08-August-2024)

Quote

August 8, 2024

1Password for Windows 8.10.39

• We’ve temporarily removed the Setting Reset message to address edge cases.

August 6, 2024

1Password for Windows 8.10.38

• This release contains an important security update that enforces additional integrity protections for the setting file. 
• We’ve made visual improvements to the Wi-Fi sharing QR code. 
• We’ve fixed an issue where signing in with your Emergency Kit could take you out of the sign-in flow if the email address didn’t match, instead of prompting you to update the email address. 
• We’ve fixed an issue where search highlight could make links in items non-clickable. 
• You can now search “favorite” and “favorites” to find items. 
• Saving an item with the same password as before will no longer affect password history. 
• We’ve made accessibility improvements to tooltips. You’ll now be able to dismiss a tooltip without moving the mouse pointer, and they are readable to screen readers. 
• We’ve added a loading spinner after a 3-second delay for slow internet connections when generating a sign-in QR code. 
• We’ve made visual improvements to the search in lists. 
• We’ve fixed an issue where you’d see unrelated notes when you opened an item from a search result. 
• You’ll now see the correct error message when you try to sign in to an account that is already added to your app. 
• We’ve improved the accessibility of tooltips in the app. 
• You’ll now see the option to share when you right-click an item in the apps. 
• We’ve moved Developer settings up higher in the Settings sidebar. 
• We’ve updated the accessibility labels for sidebar options in the app. 
• We’ve fixed an issue where importing permissions from a LastPass account caused duplicate vaults in 1Password. 
• We’ve added a link to the documentation for browser connection security in Settings > Browser. 
• We’ve updated some wording in the Migrate from 1Password 7 prompt. 
• If you’re using a guest account, you’ll no longer see the Profile section. 
• We’ve updated the sidebar background color to work better when when Dark Mode is turned on or off. 
• When you install 1Password 8 for the first time, you’ll no longer be prompted to migrate from 1Password 7. 

 

 

[NoScript]

 

NoScript | Homepage | Changelog | Download | Usage | Community | FAQ | Forum | Versions | 

NoScript stable 11.4.34 has been released. (08-August-2024)

Autoupdate or Download

Quote

v 11.4.34
============================================================
x [nscl] Work around for
  https://bugzilla.mozilla.org/show_bug.cgi?id=1899786
  (issue #372)
x [L10n] Updated de, ru, tr
x Synchronize nscl git commits as needed before tagging new
  versions

 

[Mullvad Browser]

 

Mullvad Browser 13.5.2 has been released. (08-August-2024)

Mullvad Browser Homepage | Autoupdate or Downloads | Repository | GPG Verifying | Mullvad Blog | Release Notes | Help/FAQ

Quote

Mullvad Browser 13.5.2 Latest

 

 

All Platforms

• Updated Firefox to 115.14.0esr
• Updated NoScript to 11.4.31
• Updated uBlock Origin to 1.59.
• Bug 325: Rebase Mullvad Browser Stable onto 115.14.0esr [mullvad-browser]

 

 

[Microsoft PowerToys for Windows 10/11]

Home | Downloads, Hashes, and Release Notes | Introduction to PowerToys Video | What's Happening |

Microsoft PowerToys v0.83.0 has been released as of 30-July-2024.

Quote

Highlights

• Awake Quality of Life changes, including changing the tray icon to reflect the current mode. Thanks @dend!
• Changes to general GPO policies and new policies for Mouse Without Borders. The names for some intune policy configuration sets might need to be updated as seen in https://github.com/MicrosoftDocs/windows-dev-docs/pull/5045/files . Thanks @htcfreek!

General

• Reordered GPO policies, making it easier to find some policies. Thanks @htcfreek!

Advanced Paste

• Fixed CSV parser to support double quotes and escape delimiters when pasting as JSON. Thanks @GhostVaibhav!
• Improved double quote handling in the CSV parser when pasting as JSON. Thanks @htcfreek!

Awake

• Different modes will now show different icons in the system tray. Thanks @dend, and @niels9001 for the icon design!
• Removed the dependency on Windows Forms and used native Win32 APIs instead for the tray icon. Thanks @dend and @BrianPeek!
• Fixed an issue where the UI would become non-responsive after selecting no time for the timed mode. Thanks @dend!
• Refactored code for easier maintenance. Thanks @dend!
• The tray icon will now be shown when running Awake standalone to signal mode. Thanks @dend!
• The tray icon tooltip shows how much time is left on the timer. Thanks @dend!
• Added DPI awareness to the tray icon context menu. Thanks @dend!

Color Picker

• Added support to using the mouse wheel to scroll through the color history. Thanks @Fefedu973!

File Explorer add-ons

• Allow copying from the right-click menu in Monaco and Markdown previewers.

File Locksmith

• Fixed a crash when there were a big number of entries being shown by moving the opened files of a process to another dialog.

Installer

• Fixed the path where DSC module files were installed for the user-scope installer. (This was a hotfix for 0.82)

Mouse Without Borders

• Disabled non supported options in the old Mouse Without Borders UI. Thanks @htcfreek!
• Added new GPO policies to control the use of some features. Thanks @htcfreek!

Peek

• Allow copying from the right-click menu in Dev files and Markdown previews.

PowerToys Run

• Fixed a crash on Windows 11 build 22000. (This was a hotfix for 0.82)
• Blocked a transparency fix code from running on Windows 10, since it was causing graphical glitches. (This was a hotfix for 0.82)
• Accept speed abbreviations like kilometers per hour (kmph) in the Unit Converter plugin. Thanks @GhostVaibhav!
• Added settings to configure behavior of the "First week of year" and "First day of week" calculations in the DateTime plugin. Thanks @htcfreek!
• Fixed wrong initial position of the PowerToys Run when switching between monitors with different dpi values.
• Started allowing interchangeable use of / and \ in the registry plugin paths.
• Added support to automatic sign-in after rebooting with the System plugin. Thanks @htcfreek!
• Added suggested use example results to the Value Generator plugin. Thanks @azlkiniue!

Quick Accent

• Added support for the Bulgarian character set. Thanks @octastylos-pseudodipteros!

Runner

• Add code to handle release tags with an upper V when trying to detect new updates. Thanks @davidegiacometti!

Settings

• Fixed the UI spacing in the "update available" card. Thanks @Agnibaan!
• Fixed the information bars in the Mouse Without Borders settings page to hide when the module is disabled. Thanks @htcfreek!
• Improved consistency of the icons used in the Mouse Without Borders settings page. Thanks @htcfreek!
• Improved action keyword information bar padding in the PowerToys Run plugins section. Thanks @htcfreek!
• Fixed a crash in the dashboard when Keyboard Manager Editor settings file became locked.

Documentation

• Added the RDP plugin to PowerToys Run thirdPartyRunPlugins.md docs. Thanks @anthony81799!
• Added the GitHubRepo and ProcessKiller plugins to PowerToys Run thirdPartyRunPlugins.md docs. Thanks @8LWXpg!
• Fixed a typo in the 0.82.0 release notes in README. Thanks @walex999!

Development

• Disabled FancyZone UI tests, to unblock PRs. We plan to bring them back in the future. (This was a hotfix for 0.82)
• Fixed an issue where flakiness in CI was causing the installer custom actions DLL from being signed. (This was a hotfix for 0.82)
• Upgraded the Microsoft.Windows.Compatibility dependency to 8.0.7.
• Upgraded the System.Text.Json dependency to 8.0.4.
• Upgraded the Microsoft.Data.Sqlite dependency to 8.0.7.
• Upgraded the MSBuildCache dependency to 0.1.283-preview. Thanks @dfederm!
• Removed an unneeded /Zm compiler flag from Keyboard Manager Editor common build flags.
• Fixed the winget publish action to handle upper case V in the tag name. Thanks @mdanish-kh!
• Removed wildcard items from vcxproj files. Thanks @davidegiacometti!
• Removed the similar issues bot GitHub actions. Thanks @craigloewen-msft!
• Fixed CODEOWNERS to better protect changes in some files.
• Switched machines being used in CI and pointed status badges in README to the new machines.
• Fixed NU1503 build warnings when building PowerToys. Thanks @davidegiacometti!
• Use the MSTest meta dependency for running the tests instead of the individual testing packages. Thanks @stan-sz!
• Added missing CppWinRT references.

 

[M.B.G beta version caused my https://mailsuite.com/ extension to break]

Hello @icantchooseone:

Thank you for reporting the issue.

In the event you encounter an atypical MBG condition:

1. Open the MBG GUI.
2. Select the 3 vertical dots in the GUI's extreme upper-right corner.
3. In the pull-down menu, select Support.
4. Under the Product support heading, select Download Debug Logs.
5. The Debug Log text file, BG-Logs_v3.0.5_2024-MM-DD_HHMMSS.txt, will be written to the system's desktop to be attached to your topic's reply.

HTH

 

 

[M.B.G beta version caused my https://mailsuite.com/ extension to break]

Hello @icantchooseone and welcome back:

Without MBG v3.0.5 Debug Logs, while the issue is present, it will be quite difficult for staffers/developers to resolve the issue.

Have you updated Chrome to v127.0.6533.100 yet?  Only if requested, could you try again and well document the issue?

Thank you.

CC: @gatortail