Jump to content

seagreen

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by seagreen

  1. I've "kinda" fixed the issue by temporarily uninstalling Glasswire. AdwareCleaner scans have turned up clean through several reboots. It appears that Glasswire was putting those registry back after each cleaning probably from it's database. I *think* a clean reinstall should solve the issue. The problem that remains is Adware Cleaner flagging those registry items as coming from a trojan. There are legitimate programs that require Java to be installed and if I re-install it I expect those entries will return.
  2. Done and once again those registry entries return after the reboot. Fixlog.txt AdwCleaner[S19].txt
  3. AdWare Cleaner says those 4 trojan.agents still exist after fixing and a reboot. Fixlog.txt
  4. These are the reports from Windows Defender Firewall -file: C:\Users\Martha\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0016ed -file: C:\$Recycle.Bin\S-1-5-21-2486084818-4069358932-3362996075-1003\$RE7OHKH.crdownload webfile: E:\Downloads\FRST.exe| https://download.bleepingcomputer.com/dl/668c4593ed6df08a95380276b700406c/5d46193d/windows/security/security-utilities/f/farbar-recovery-scan-tool/FRST.exe|pid:8760,ProcessStart:132093485805631550 -file: E:\Downloads\35994407-c4ff-4e52-8499-2bd3e2b9c300.tmp -file: C:\Users\Martha\Desktop\Unconfirmed 235135.crdownload
  5. Thank you. Before I do anything else, I'm getting multiple trojan warnings from Windows Defender about FRST.exe. [Reported as Trojan:Win32/Wacatac.B!ml] Malwarebytes shows nothing. Are you all sure that that .exe file is OK?
  6. Got FRST from another location and got it to download. These are the log files FRST.txt Addition.txt
  7. I'm here after a lengthy thread in the AdwareCleaner forum. Adware finds 4 items in the registry that it has termed trojan.agent. These are the 4 items: v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_85}|Desc=GlassWire|EmbedCtxt=GlassWire v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_85}|Desc=GlassWire|EmbedCtxt=GlassWire| They are all firewall rules that allow Java to communicate. Long story short - no matter what I've done including AdwareCleaner quarantine/removal, Uninstalling Java and manually editing both the registry, glasswire and windows firewalls to remove ALL references to Java, those entries return after each reboot (with different number strings). Malwarebytes Premium threat scan shows nothing. [Log attached]. Farbar Recovery Scan Tool won't download and fails with the following message: "Failed - Virus detected" - so I can't run that. Malwarebytes.txt
  8. Did that. Adware reported them gone in a scan right after. They were right back after a reboot. (different numbers but the strings were the same) I have also gone through Glasswire and removed all mentions of Java/JavaUpdate/JavaSched etc. Those have stayed gone through multiple reboots. I checked C/Program Files (x86) and the java folder being referenced no longer exists.
  9. I said above that I did that already and saw no remaining mentions of Java anywhere. The image below is where I checked to see if there were any Java mentions in the firewall rules. There were none as I removed them last night. I rechecked again this AM after AdWare found those same entries.
  10. Can't find a way to edit the above post so here's an addendum: I meant to add I have also removed any mention of Java in the firewall settings using Option 3. I just checked and there is no mention of Java in the firewall rules now. Using the Command Prompt method of examining the firewall rules. "Find" finds no instance of java in the text file
  11. After Java was removed AdWare Cleaner keeps finding these 4 items. They have been removed multiple times but keep returning after each reboot. Any suggestions?
  12. I seem to remember that something on my system "needs" Java but can't remember what it is. I'll go ahead and remove Java and those entries and see what complains. Thanks for the help.
  13. As mentioned in my original post all of these flagged registry entries have to do with Glasswire: These are the 4 most recent ones: v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_85}|Desc=GlassWire|EmbedCtxt=GlassWire v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=Out|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.out_192}|Desc=GlassWire|EmbedCtxt=GlassWire| v2.28|Action=Allow|Active=TRUE|Dir=In|App=c:\program files (x86)\common files\java\java update\jusched.exe|Name={Glasswire.app.in_85}|Desc=GlassWire|EmbedCtxt=GlassWire|
  14. This is the most recent log file from a scan done just now. Once again AdWareCVleaner found 4 of what it called Trojan.Agent traces. mbst-grab-results.zip
  15. This is the most recent log file from a scan done just now. Once again AdWareCVleaner found 4 of what it called Trojan.Agent traces. AdwCleaner[S03].txt
  16. Long-time user of Malwarebytes Premium & new user of Adware Cleaner Win 10 Pro PC (up-to-date) First use of Adware Cleaner 3 days ago showed 4 registry items it called a Trojan.Agent. Items were quarantined and removed. They were all located here: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {xxxxx} The program whose entries being flagged is Glasswire Second use of AdWare Cleaner this AM and those items are back. Scan after cleaning and reboot shows two items are back (then numbers vary but the location in the registry is the same) Malwarebytes Premium shows nothing. So who is right - Malwarebytes finding nothing or AdWare Cleaner finding what it terms as a Trojan.Agent. The program whose entries being flagged is The program whose entries being flagged is Glasswire
  17. Mbamchameleon has been throwing thousands (and I DO mean THOUSANDS) of messages into Windows system log. THis has been going on only since 8/03/14. A sampling of the error messages: Mbamchameleon Failed to obtain file name information - C00000BE Mbamchameleon Failed to obtain file name information - C0000034 Failed to verify the digital signature for \Device\HarddiskVolume3\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTEMUPDATE.EXE Failed to verify the digital signature for \??\E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Failed to verify the digital signature for \??\E:\Program Files\AVAST Software\Avast\AvBugReport.exe Failed to verify the digital signature for \Device\HarddiskVolume3\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVBUGREPORT.EXE Failed to verify the digital signature for \??\E:\Program Files\AVAST Software\Avast\setup\instup.exe Mbamchameleon Failed to obtain file name information - C0000039 Mbamchameleon Failed to obtain file name information - C0000022 Mbamchameleon Failed to obtain file name information - C000000D Failed to verify the digital signature for \??\E:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe Mbamchameleon Failed to obtain file name information - C00000FB Mbamchameleon Failed to obtain file name information - C01C0005 At least one time there were 128 identical messages with the exact same time stamp. This is crazy behavior. I have changed NOTHING with malware bytes since I installed it which was probably back in May, 2014. Windows 7 Ultimate 64 bit Malwarebytes Premium 2.0.2.1012 Is there anything I can do to stop this crazyness?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.