AdvancedSetup

Root Admin
  • Content count

    65,252
  • Joined

  • Last visited

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    US

Recent Profile Visitors

329,218 profile views
  1. I'm running out for a bit. Will check back and reply later. If I miss you send me a PM Bill Thanks
  2. Something wrong with the FRST log. It only has like 4 lines in it. Can you re-run and post again please. Thanks
  3. How is the browser looking now? Andy redirects? Are you able to set it back to blank?
  4. You missed @exile360 post #22 - he already explained. Okay, this is dragging on and is no longer a productive discussion. I'm going to close this topic now as I believe all real questions have been answered already. Rehashing the same question over and over does not benefit anyone. Thank you
  5. Hello @MikeAustin Please try the following and let us know if it improves performance for you. 1. Open a CMD Window as an Administrator on the computer and enter the following commands: cd %windir%\system32\ lodctr /R cd %windir%\sysWOW64\ lodctr /R Note: This command resyncs the counter values. 2. Open up Regedit and navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance 3. Make sure that the value (if it exists) for the Disable Performance Counters is not 1. If the entry does exist and the entry is 1, change it to 0 or delete that entry within the key. ** PLEASE NOTE ** make sure you contact your system administrator before making changes to the registry, and make sure that you back it up before you delete it. 4. Restart the computer. Thanks Ron
  6. Hello @fafa By any chance are you using a RAM drive or have your %temp% folder redirected to another drive besides the OS drive? Are you using any type of file or drive encryption programs?
  7. Yes, if you're running the Premium version of Malwarebytes 3 its protection module will block this and others. https://www.malwarebytes.com/premium/
  8. Chrome now if you like and let me know if the homepage redirects returns. For the USB, please open the device manager and see if there are any yellow or red items there and let me know.
  9. Hello @longbeachlouise Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Next, please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet Explorer How to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. Chrome I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. . Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. . Close Chrome and restart it and check it out for me please Next, please run the following steps. STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks
  10. Please download and run the following Shortcut Cleaner
  11. Thanks, @Don12 - Yes, AdwCleaner is a great product. Glad we were able to merge them in with our products.
  12. https://www.malwarebytes.com/ Cybercrime | Malware WanaCrypt0r ransomware hits it big just before the weekend Posted: May 12, 2017 by Pieter Arntz Reports of a massive, worldwide ransomware attack are dominating the news. As workers in Europe headed home for the weekend, ransomware started shutting down their systems. It soon spread to many other countries across the globe. Here’s what we know so far. Big targets National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware called WanaCrytp0r, which Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan. Method The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet. The demanded ransom of $300 per device and the potential risks to the public that come with the targets being big utility and healthcare companies seem to be in shrill contrast. We can only hope that the companies that were hit will be able to get their backups deployed quickly and can start the recovery from this cyberattack. Other Infection Vectors While WanaCrypt0r has been observed spreading across local networks by utilizing the above exploit, its initial infection into a network is still being discovered completely. However, we tested one of the infection vectors, described earlier by Fox-IT, against our Anti-Exploit technology. In doing so, we discovered another part of the attack chain we were able to stop. This attack method relies upon a malicious phishing email, that includes a link to (or attached) PDF document, which when opened will download an ‘.HTA’ file that leads to eventual infection of the system that opened the e-mail. We suspect there are possibly even more infection vectors spreading this malware and as we discover and analyze them, we will update this post. Protection Consumers and businesses alike should be sure their systems and software are updated with all current patches in order to stop the spread of infection. Both our consumer product, Malwarebytes, and our business product, Malwarebytes Endpoint Security, protect against this threat, since we detect this ransomware. And our anti-ransomware technology will stop any future unknown variants. Here are a few screenshots of our products stopping this threat:
  13. Look great. Just an FYI that we have released Malwarebytes 3.1 https://forums.malwarebytes.com/topic/200634-malwarebytes-31-now-available/ You can either manually download and update it or wait for it to be pushed out to you. Cheers Ron
  14. Yeah, that is a fake BSOD screen trying to trick you into calling them so they can scam you out of hundreds of dollars on your Credit Card. Please save your bookmarks in Chrome. Then login and delete all cache as it says above. Then uninstall Chrome but DO NOT reinstall it. Then run FRST again and post back both new logs. Thanks Ron
  15. Well, RAM is pretty cheap these days. If you do replace the RAM and it fixes the issue, please let us know. Thank you Ron