Jump to content

jklcpa

Honorary Members
  • Posts

    92
  • Joined

Everything posted by jklcpa

  1. Hi Kevin, I really appreciate all the help, extra information provided, and for making the solutions so easy for me. Everything seems to be working well at this point and I've deleted the files and cleaned up the disk. Thanks again, Judy
  2. Oops, sorry I forgot to attach the picture to go with above post.
  3. If you don't mind one last question - I typed in "Temp" in the search box and allowed Windows to create a list of files that are supposed to be safe to remove. The first item is the previous Windows installation files that have been renamed as "Windows.old". Is it safe to delete these and should I? It's over 31 GB of data and would speed up my scans if it is safe to remove them. I don't need the space, just following the advice in that link you shared about cleaning up Temp files. Is there anything else in this list that I should NOT delete?
  4. Hi Kevin, I also have the VEW and AdwCleaner on the machine. Do I just delete those, or should I use the process of renaming each of them "uninstall.exe" also? Also, I have a folder called "LocaleMetaData" that contains one file named "Application Error & Critical_1033.MTA". Can I simply delete this folder and its file?
  5. It is running well now and no other hiccups. Thank you for all of the help.
  6. kevinf80, I ran the elevated command prompt from c:\users\owner instead of \system32 Log is attached. CHKDSK log.txt
  7. No, only that one freeze. No BSOD. I never have those but had one or two in the week prior to installing the latest major Win 10 update, the one that came out late last Fall. None since then. Code was DPC_Watchdog_Violation. Isn't that usually related to having an outdated driver?
  8. I ran the VEW to create an event viewer log and included it here. The application section appears to not include all 24 hrs ago when I turned the computer on and started using it because limiting to 15 or 20 instances - it is filled with multiple error warnings from QuickBooks program during a 4 hr session last night for some missing print driver. With that in mind, I went directly to the Event Viewer and created a log for you from the Application section and filtered to include only the Error and Criitical and included that ,txt file also. I can't explain the all of the Quickbooks errors because I didn't have any issues working in that program at all, including not having any errors entering the password to access the one company file I worked in. I also don't know anything about the missing a print driver for a printer that must be built into the system or program. VEW.txt Application Error & Critical.txt
  9. Hi Kevinf80, I've been able to use my system today and it seems to be mostly operating normally with the exception that it did freeze today. At the time, the only thing that would respond was the mouse pointer on the screen and even the clock in the tray stopped at the moment of freeze up. Finally after ~ 12 minutes of waiting I performed a hard shutdown & reboot. The only thing I was doing at the time was deleting some old Word, Excel and pdf files in the Documents folder. I'd accessed that folder through File Explorer, deleted the files, and emptied the recycle bin. I can't figure out what caused it, and I didn't have any other programs running at the time. Other than that, I've been able to use all my main work programs and the internet today. I'm not sure that's saying much though since everything was normal before I discovered the trojan. Is there anything else to do?
  10. Sophos - "number of threats found: 0". Within the path you specified, this program did not create a Log folder or any log reports. The other logs you requested are attached. Fixlog.txt AdwCleaner[C00].txt AdwCleaner[S00].txt
  11. Hi Kevin, I wanted to let you know that I am still working through the steps you provided. I've run both the "Fix" through FRST and the AdwCleaner. The Sophos scan is currently in progress. It was stuck for about 4 hours and hardly completed any of the scan at all because Kaspersky was either checking everything that Sophos was doing or was actually blocking it. I finally unplugged my ethernet cable (WiFi connection has always been disabled on this machine) and completely paused the protection through Kaspersky and the scan is now ~ 60% complete after an additional 5 hours. I hope it was safe to do that. Thanks for your detailed instructions and links. I'll attach all of the results tomorrow.
  12. Win 10 machine, running MBAM Premium 4.3.0 and Kaspersky Internet Security. Kaspersky identified HEUR:Trojan.VBS.SAgent.gen with the message "cannot disinfect the detected object." MBAM scan reported no detections. I'd like help removing the trojan and any other malicious items that may be lurking undetected. Thank you. MBAM scan report.txt FRST.txt Addition.txt
  13. Hi Maurice, I ran scans in both MBAM and Kaspersky and didn't find any threats. I feel more confidence in my machine again and will continue to monitor the AV reports and activities. Thank you for the help and your patience! At your suggestion, all notifications are turned off other than those coming from my anti-virus softwares or windows itself. I'll take a look at the browser guard in more depth and decide whether or not to install that for Chrome. My use of Chrome is extremely limited and installed for only two sites that won't accept Firefox: one is a secure IRS site and the other for Rx drug insurance to pay its premium and to order medicines. Knowing that, do you still feel the browser guard is needed? What about the browser guard for Firefox?
  14. Fwiw, I do think Kaspersky was blocking something malicious from that tax forum. As of this morning, that forum was inaccessible and shut down without explanation, and none given when I called the company. Thanks for all of the explanations and help with adding MBAM as a trusted app. I think I have Kaspersky all set. I did have two more files than you showed. One is a .dll file, and the other is the setup file in C:\WindowSysWOW64. Should I include those also? There was one other file in the Malwarebytes Anti-Malware subdirectory that was for the Adware cleaner that you had me download. I didn't include that either. Should I? I planned to delete that and the ESET freeware when we are done and when you are satisfied that my machine is clean. I also think Kaspersky was blocking the MBAM update because I can see several hundred (more than 300) instances of these entries on 9/23 and 9/24 where the MBAMService.exe was being blocked. That activity stopped and I don't know why there either. Was the latest version released on 9/23?
  15. Firefox hasn't crashed, and I changed browser home page to a blank tab. I also updated Win10 to v. 1903 as suggested. Thank you! The ESET screen looked a little different than described and "scan" was not presented at the right side. I ran the ESET online free scan, not the trial version. Did I choose the correct one, and if not, is the one I ran adequate? It found one item to clean that was a driver navigator listed as a potentially unwanted application. Nothing else. Log is attached. When we are finished I have a question about why MBAM wasn't notifying me that an update was available. All of my other programs are set to update automatically, and MBAM was set to notify me whenever an update was available but from the logs, it looks like Kaspersky was blocking that function. I now have MBAM set to update automatically, and Kaspersky shows the current MBAM version as "trusted", but this isn't the first time my MBAM wasn't up-to-date, so when we are finished I'd like to add the MBAM updater function to Kaspersky's exclusion list...if you think that is wise. I don't know what that file or app is called to add it myself. Can we revisit this later? ESET scan log 9-30-19.txt
  16. Firefox browser & no other programs were open at that time. Immediately prior to this I had just finished deleting the cache and history using the function built into Firefox in the "Options" section and I also then deleted the history/cache using the Control Panel. I was going to reboot but then remembered one more thing to do online, and as soon as I reopened the browser and my Comcast home page was still loading, Kaspersky said it blocked an attempt to access a malicious website that is a forum for tax preparers run by a company as an adjunct site to their research materials. It also blocked some sort of download attempts and about 14-15 other items that all referenced that company's website's address. I did not attempt to access that site at all, and I haven't visited that site in months. That is what I thought was strange, and at first I thought it was a bookmark causing the issue because of the web address that appeared so I deleted the bookmark, again deleted cache & history, exited out of the browser, and rebooted the machine. I started looking at AV reports and saw these 2 line entries on a Kaspersky report on 9/27 at 9:43 pm that says this that I think are the first time this all happened: Deleting cache & rebooting did not help and all and the same 14-16 warnings from Kaspersky happened 2 more times yesterday as soon as I opened the Firefox browser without any other action on my part other than starting Firefox. I'm also seeing a lot of activity on Kaspersky yesterday around lunchtime related to driver updates and trusted applications, and I'm not sure about some of it. I don't know why there are *.exe files in there, including ThunderboltRegModule and other things I don't recognize. They could be legit; I'm sorry but I'm not knowledgeable enough to be sure. After speaking with a fellow tax preparers that were using the tax forum without any issues, I did try to access that site and all the warning bells started again with Kaspersky blocking me and blocking some sort of download attempts.
  17. I hope that I let it finish its processes properly and am wondering because when it got to the section for preinstalled software you said to skip that, so that that screen I clicked "cancel". Was that the proper action at that point?
  18. Done, and it didn't find anything and there is no "Clean" report listed. Attached are the other two reports that it did produce: AdwCleaner[S00].txtAdwCleaner_Debug.log
  19. Hello Maurice and thank you for helping me. I updated Malwarebytes to the latest version and verified that all settings are as you specified. The scan did not find any threats and nothing is in quarantine. Attached is the log of that scan. 9-29 Malwarebytes scan report.txt
  20. I may be infected with a trojan. When I open my internet browser, my AV program blocks a forum for business professionals, its headers, footers, etc, and I am not even trying to access this site. I get the same messages and blocking when I do try to visit the site, and other professionals I've spoken with are not having this issue. I'm using the premium version of Malwarebytes and have run scans in it and my AV program. Both show no threats but Kaspersky shows "detected object (file) cannot be disinfected in its report that appears to be the web address of the forum. In addition to the required reports, I've included the Kaspersky report of detected objects and also the detailed report of activity for the last 24 hrs. On that detailed report, it appears that something happened at 17:43:11 pm this afternoon that says suspicious activity was allowed, and I definitely did not allow this. Please help! Addition.txtFRST.txtMalwarebytes scan report.txtDetected objects.pdfDetailed AV report-last 24 hrs.txt
  21. Yes, it does help answer my question. It's the first popup I've seen from MBAE, so I was not aware that would happen. I generally don't like to see those popups and prefer to update from within the programs or have them set to automatic. I'd closed the popup before noticing any checkboxes, so I will wait for the next one to appear and set it for automatic updating. Thanks!
  22. I have the same question about how to update the program, except I purchased the premium version about 1 month ago. Is there no way to update within the program? Or, is there no update unless one pays again to get the upgrade, because that's all I can find on Malwarebytes.org website?
  23. Thanks, done. Fixlog.txt We never did any cleaning up of any scans that started wtih post #64 on 11/22 since I'd revived the thread. Thx.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.