Jump to content

seagreen

Members
  • Content Count

    18
  • Joined

  • Last visited

About seagreen

  • Rank
    New Member
  1. I've "kinda" fixed the issue by temporarily uninstalling Glasswire. AdwareCleaner scans have turned up clean through several reboots. It appears that Glasswire was putting those registry back after each cleaning probably from it's database. I *think* a clean reinstall should solve the issue. The problem that remains is Adware Cleaner flagging those registry items as coming from a trojan. There are legitimate programs that require Java to be installed and if I re-install it I expect those entries will return.
  2. Done and once again those registry entries return after the reboot. Fixlog.txt AdwCleaner[S19].txt
  3. AdWare Cleaner says those 4 trojan.agents still exist after fixing and a reboot. Fixlog.txt
  4. These are the reports from Windows Defender Firewall -file: C:\Users\Martha\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0016ed -file: C:\$Recycle.Bin\S-1-5-21-2486084818-4069358932-3362996075-1003\$RE7OHKH.crdownload webfile: E:\Downloads\FRST.exe| https://download.bleepingcomputer.com/dl/668c4593ed6df08a95380276b700406c/5d46193d/windows/security/security-utilities/f/farbar-recovery-scan-tool/FRST.exe|pid:8760,ProcessStart:132093485805631550 -file: E:\Downloads\35994407-c4ff-4e52-8499-2bd3e2b9c300.tmp -file: C:\Users\Martha\Desktop\Unconfirmed 235135.crdownload
  5. Thank you. Before I do anything else, I'm getting multiple trojan warnings from Windows Defender about FRST.exe. [Reported as Trojan:Win32/Wacatac.B!ml] Malwarebytes shows nothing. Are you all sure that that .exe file is OK?
  6. Got FRST from another location and got it to download. These are the log files FRST.txt Addition.txt
  7. I'm here after a lengthy thread in the AdwareCleaner forum. Adware finds 4 items in the registry that it has termed trojan.agent. These are the 4 items: v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_85}|Desc=GlassWire|EmbedCtxt=GlassWire v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_85}|Desc=GlassWire|EmbedCtxt=GlassWire| They are all firewall rules that allow Java to communicate. Long story short - no matter what I've done including AdwareCleaner quarantine/removal, Uninstalling Java and manually editing both the registry, glasswire and windows firewalls to remove ALL references to Java, those entries return after each reboot (with different number strings). Malwarebytes Premium threat scan shows nothing. [Log attached]. Farbar Recovery Scan Tool won't download and fails with the following message: "Failed - Virus detected" - so I can't run that. Malwarebytes.txt
  8. Did that. Adware reported them gone in a scan right after. They were right back after a reboot. (different numbers but the strings were the same) I have also gone through Glasswire and removed all mentions of Java/JavaUpdate/JavaSched etc. Those have stayed gone through multiple reboots. I checked C/Program Files (x86) and the java folder being referenced no longer exists.
  9. I said above that I did that already and saw no remaining mentions of Java anywhere. The image below is where I checked to see if there were any Java mentions in the firewall rules. There were none as I removed them last night. I rechecked again this AM after AdWare found those same entries.
  10. Can't find a way to edit the above post so here's an addendum: I meant to add I have also removed any mention of Java in the firewall settings using Option 3. I just checked and there is no mention of Java in the firewall rules now. Using the Command Prompt method of examining the firewall rules. "Find" finds no instance of java in the text file
  11. After Java was removed AdWare Cleaner keeps finding these 4 items. They have been removed multiple times but keep returning after each reboot. Any suggestions?
  12. I seem to remember that something on my system "needs" Java but can't remember what it is. I'll go ahead and remove Java and those entries and see what complains. Thanks for the help.
  13. As mentioned in my original post all of these flagged registry entries have to do with Glasswire: These are the 4 most recent ones: v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_85}|Desc=GlassWire|EmbedCtxt=GlassWire v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_85}|Desc=GlassWire|EmbedCtxt=GlassWire|
  14. This is the most recent log file from a scan done just now. Once again AdWareCVleaner found 4 of what it called Trojan.Agent traces. mbst-grab-results.zip
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.