Jump to content

AdvancedSetup

Root Admin
  • Content Count

    73,176
  • Joined

  • Last visited

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    https://www.malwarebytes.com

Profile Information

  • Location
    US

Recent Profile Visitors

344,028 profile views
  1. Log looks good. See how things go now and if the blocks die down any or not. Help Secure your browsers Please install uBlock Origin for your browsers to better protect your system FireFox, Chrome, and Safari Opera Microsoft Edge AdBlock for Internet Explorer Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Thank you for choosing Malwarebytes Ron
  2. AdvancedSetup

    Slimware cleaner PUP

    All good. When you can please post new FRST and Addition.txt log files. Thanks Ron
  3. The log looks pretty good. Let me have you rescan and give me all new logs again to rule out infections or other oddities. Then if still an issue we'll look at running some other tools to try to track down the issue. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  4. AdvancedSetup

    Check if computer is infected

    Please run a hard drive check on your system. Check in your Device Manager for what brand of drive you have and then get the correct test program based on that research. You can search online for the drive numbers to see which manufacturer it is. This site has links to most of the testing software http://www.tacktech.com/display.cfm?ttid=287 Let me know how the testing turns out please. Ron
  5. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron
  6. Let's clean your computer up some before we make any other decisions. Assuming you've not created the Alternate Data Streams yourself please run the following fix which will remove them as well as some other potentially invalid files that don't belong on the computer. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron
  7. Do you know what Alternate Data Streams are and do you use them on your own? I ask because the computer has some that are on the system and pretty big compared to what one normally sees in logs. Normally I just remove them but if you've created them yourself for some reason I don't want to blindly remove them. Your computer is also having the following issue according to the Event Logs. Something we need to check into further for resolution or explanation. Error: (01/18/2019 01:46:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. These are all very ancient program entries. Please confirm if you're still using any of them. Most are almost a decade old. HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-04-11] () HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] () HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [91432 2008-03-21] (cyberlink) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
  8. Okay, use this method then. Requires access to another clean computer. If your computer does not have the Windows Recovery Environment installed and available you can use the following method to run the Recovery Environment from a bootable USB disk. NOTE: This USB disk needs to be created from a clean computer. You cannot use an infected computer for this process NOTE: An 8GB USB 2.0 stick is required or at least recommended. In some cases a USB 3.0 disk can be used but some computers have issues booting from USB 3.0 disks. Example drive (no endorsement implied, example only) - This drive example has not been tested by me. It is an older 2015 model with many good reviews though. Amazon: Kingston 8GB DataTraveler 101 G2 USB 2.0 Flash Drive (DT101G2/8GBZ) NewEgg: Kingston 8GB DataTraveler 101 G2 USB 2.0 Flash Drive (DT101G2/8GBZ) STEP 1 Download a Windows 10 ISO image from Microsoft. Method A: Using the Microsoft Media Creation Tool https://www.microsoft.com/en-gb/software-download/windows10 Download the Media Creation Tool: https://go.microsoft.com/fwlink/?LinkId=691209 Follow the instructions displayed on the tool to download the Windows 10 ISO image. In my testing I was not prompted for a license key to download the latest Windows 10 ISO image. At the time of this writing 2017/12/21 there was only one ISO image offered. Windows 10 32-bit x86 or 64-bit x64 Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Method B: If Method A: above is not working for you then you can try the following method Microsoft Windows and Office ISO Download Tool (this is not an authorized Microsoft tool, but appears to be legal) https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool Download: https://www.heidoc.net/php/Windows%20ISO%20Downloader.exe STEP 2 If you were unable to use the Windows Media Creation Tool in STEP 1 to create a USB disk then you can use this tool to burn the Windows 10 ISO image from STEP 1 above. Download the Windows USB/DVD Download Tool from Gitbub and save to your computer. English version: https://github.com/mantas-masidlauskas/wudt/raw/master/Downloads/Windows7-USB-DVD-Download-Tool-Installer-en-US.exe Then install the Windows USB/DVD Download Tool and run it to burn a bootable USB disk from the ISO image. Browse to the location where you saved the Windows 10 ISO image in STEP 1 Note: This tool should work on XP, Vista, Windows 7, or Windows 10 - it is simply used to make a bootable USB disk. Remember, all of this needs to be done on a clean computer. STEP 3 Please download the Farbar Recovery Scan Tool and save it to your desktop or other location you know where it's saved to. Then copy it to the USB disk you just created. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit STEP 4 Shut down the infected computer. Do Not insert the USB disk you created until the infected computer has been shut down. Once the computer is shut down then insert the newly created Windows 10 USB disk into the infected computer and power it back on and press the appropriate key to bring up the boot menu. The link below will help show you which key for various computers manufacturers is used to bring up the boot menu. Most will be either USB or UEFI depending on hardware and settings. If the computer boots up into the Normal Windows instead of the USB stick it may become infected and need to be completely redone again. Make sure you select the correct boot option. How to Boot Your Computer from a USB Flash Drive STEP 5 Once the computer starts to boot up from the USB disk, follow the screens and directions below. You will need to open NOTEPAD.EXE to help find out which drive is your Windows drive and which drive is your USB disk drive you just created For the more advanced user, you could also use DISKPART to help locate which drive is mapped to your USB disk. In most cases the USB disk will be either 😧 or E: but depending on hardware the drive could be a much higher level such as H: or higher. Example only - your hardware will look different DISKPART> list volume Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 Z DVD-ROM 0 B No Media Volume 1 C NTFS Partition 931 GB Healthy System Volume 2 Q SEA-USB-4.0 NTFS Partition 3725 GB Healthy Volume 3 D NTFS Removable 7636 MB Healthy Go back to the DOS Command Prompt (if you used DISKPART type in Exit and press the Enter key) and type in the following and press the Enter key. CD /D 😧 (or E: or whichever drive letter the USB stick is on) Then type in CD\ and press the Enter key to get to the root or top of the USB disk. Then type in FRST or FRST64 (depending on which version your computer uses) and click the Scan button. A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply. If all went well you should now be able to boot into Normal Mode and run Malwarebytes and run a Threat Scan to have it finish the removal process.
  9. No problem. We'll go ahead then and do a full scan and see what is going on. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  10. Thanks @Osnail Give me some time to review your logs and get back with you. In the meantime, please uninstall all versions of Java as older versions contain compromised code. If possible I'd recommend not using Java but if you have to have it then after you've removed all versions and rebooted then go ahead and reinstall the latest version again from https://java.com Java 8 Update 161 Java 8 Update 161 Java 8 Update 171 Java 8 Update 171 Java 8 Update 172 Java 8 Update 172 Java 8 Update 181 Java 8 Update 181 Java 8 Update 191 Java 8 Update 191 Ron
  11. Thanks @RaphzPH The FRST log is missing and the Addition.txt log is truncated and not complete for some reason. Please restart the computer one more time. Then make sure you use an account with Admin rights when you run FRST and make sure you place a checkmark in the additions.txt checkbox and post back both new logs. Cheers Ron
  12. Hello @epik and Let me have you please try a clean removal and see if that corrects the issue for you. Let me have you try doing a clean removal and reinstall of Malwarebytes and see if that helps correct the issue or not. Please download the Malwarebytes Support Tool and use it to do a Clean Removal and reinstall of Malwarebytes Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a check-mark next to Accept License Agreement and click Next Click the Advanced menu on the left. Click the CLEAN button | A progress bar will appear and the program will proceed to remove Malwarebytes from your computer Upon completion, click OK Follow the onscreen prompts to reboot and reinstall Malwarebytes Then let me know if you're still having issues with Malwarebytes. Thanks Ron
  13. AdvancedSetup

    A weird virus infected my laptop

    Hello @SilentDepleter Yes, the .tRO file extension has recently been associated with the Djvu ransomware https://www.bleepingcomputer.com/news/security/djvu-ransomware-spreading-new-tro-variant-through-cracks-and-adware-bundles/ There is no way to recover your files for free at this time
  14. Hello @periandros and Removing the hard drive and attaching it to another computer to scan should be reasonably safe as hard drives don't typically launch AutoPlay. The registry, files, etc that were live on the computer don't work or run properly as a remote slave as long as you're not double-clicking on any bad files. You can start into Recovery Mode and use DISKPART to remove all partitions of the drive if you're certain that's what you want to do as that would delete all data and make it very difficult to get back. There is only one known UEFI infection that I'm aware of in the public sector and it was on a very old computer running a chipset from 2008. I am not aware of any successful UEFI infection on modern hardware. If there is data you want to keep then it might be best to physically take the computer into a repair shop that specializes in malware removal so they can try to recover your data and clean it at the same time. Please let me know what you'd like to do or how I can help assist you further. Thanks Ron
  15. Hello @Lilia and Please try the following Let me have you try doing a clean removal and see if that helps correct the issue or not. Please download the Malwarebytes Support Tool and use it to do a Clean Removal and reinstall of Malwarebytes Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a check-mark next to Accept License Agreement and click Next Click the Advanced menu on the left. Click the CLEAN button | A progress bar will appear and the program will proceed to remove Malwarebytes from your computer Upon completion, click OK Follow the onscreen prompts to reboot, you can select not to reinstall Malwarebytes if you like Then let me know if you're still having issues with removing Malwarebytes. Thanks Ron
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.