Jump to content

AdvancedSetup

Root Admin
  • Content Count

    72,363
  • Joined

  • Last visited

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    https://www.malwarebytes.com

Profile Information

  • Location
    US

Recent Profile Visitors

343,128 profile views
  1. They are lying, but hey it's up to you as it is your computer. If you had the older infection then possibly, but the 2.0 version of this attack has no known public method to recover the data. You need the private key to do so.
  2. We can remove and clean the computer. That's not an issue. No one currently can restore your data files. Please run the following below and we'll clean the computer for you. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  3. Hahaha - I've been processing it that way now for at least a decade so not using that format is odd to me. DD--MM-YYYY does not sort by date correctly, MM-DD-YYYY does not sort by date correctly. Only YYYY-MM-DD sorts correctly.
  4. AdvancedSetup

    Not sure if a false positive pid.dll

    I've sent you a private message @concernedboi
  5. AdvancedSetup

    Cant get rid of virus gmaegames.pro

    Hello @PeterSeagull and Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  6. @SDM Here is where to check and update from within Malwarebytes
  7. Even ISO 8601 leaves too much room for ambiguity or burden on the user to know or understand offset times. It came out in 1988 which as you know is an eternity for the computer world and it's still not even close to a standard 30 years later. Not that it will fix the issue but I wish at least a baby step of using YYYY-MM-DD would become a World-wide standard for all computing. But I won't hold my breath waiting for that either ?
  8. AdvancedSetup

    pc slowed down

    How is the computer running now? Any better? Create an Autoruns Log: Please download Sysinternals Autoruns from here. Save Autoruns.exe to your desktop and double-click it to run it. Once it starts, please press the Esc key on your keyboard. Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish. When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns. Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder Attach the Autoruns.zip folder you just created to your next reply
  9. AdvancedSetup

    Powershell malware

    Please run the fix from post #23 and post back the log. Thank you again Ron
  10. AdvancedSetup

    Powershell malware

    Okay, here is the exact exploit for your version https://www.cvedetails.com/cve/CVE-2017-10198/ Here is a list of exploits between 4 and 4.99 https://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-19117/cvssscoremin-4/cvssscoremax-4.99/Oracle-JRE.html Common Vulnerability Scoring System 597 vulnerabilities since 2010 https://www.cvedetails.com/product/19117/Oracle-JRE.html?vendor_id=93 As you can see Java is very high on the attack list and methods to exploit it are very common and why everyone in Security recommends that you always keep it up to date. Myself I recommend for the average user to not even install it unless they really have a valid reason to have it installed. Most home users do not need it, but some do.
  11. AdvancedSetup

    Powershell malware

    I would have to go look and verify, but in almost all cases with Java one of the main reasons they update is someone has found an exploit in their code. It is out of date for sure and often times is one method of infiltrating a computer to gain rights.
  12. Closing this topic as it's been resolved.
  13. AdvancedSetup

    Not sure if a false positive pid.dll

    No you don't need that amount of spaces @concernedboi I put them in on purpose because I wanted to make sure you didn't miss them. The DOS box will ignore the extra white-space from the spaces but it has to have at least one space between the command and the switch DIR /a c:\windows\SysWOW64\pid.dll You can also copy/paste that command too if you want.
  14. Great, glad to hear all is well now. Thank you for using Malwarebytes and I hope you have a great weekend. Take care Ron
  15. No, that is not true. SpyHunter cannot decrypt the files either.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.