anniyan
Honorary Members-
Posts
47 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by anniyan
-
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
i upgraded my OS to Windows 10 home x64 v.1909 recently. and today tried AdwCleaner 8.0.2. it runs fine without problems. :) -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
no problem. i will try it. thank you. -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
i sincerely hope that i was of the required help to malwarebytes to fix this bug in adwcleaner 8.0.1. it was a pleasure. -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
-1073741819 -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
ok sir, but i am not much of a geek, so let me clarify this. i should execute this code as a bat file and post back the error code it returns, right? as for the help about the dumps, thanks a lot -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
i found that there are no crashdumps created by adwcleaner in that location. only those by nahimicsvc32.exe. can you tell me what they mean by? i have PMed GoatCheez the link to the file by wetransfer. -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
sorry about the late reply, i was quite held up. yes i would do the crash dumps thing and report back soon. thanks for your patience -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
is there anything else needed from my machine? -
AdwCleaner 8.0.1 will not run in Windows 10 home x64 v.1903
anniyan replied to anniyan's topic in Malwarebytes AdwCleaner
adwcleaner 8.0.1 will not run in safe mode with networking. here is the get-hotfix output: Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- DELL Update KB4533002 NT AUTHORITY\SYSTEM 14-12-19 12:00:00 AM DELL Security Update KB4497727 1-4-19 12:00:00 AM DELL Security Update KB4498523 NT AUTHORITY\SYSTEM 4-9-19 12:00:00 AM DELL Security Update KB4516115 NT AUTHORITY\SYSTEM 7-11-19 12:00:00 AM DELL Security Update KB4521863 NT AUTHORITY\SYSTEM 7-11-19 12:00:00 AM DELL Security Update KB4524569 NT AUTHORITY\SYSTEM 18-11-19 12:00:00 AM DELL Security Update KB4525419 NT AUTHORITY\SYSTEM 7-11-19 12:00:00 AM DELL Update KB4530684 NT AUTHORITY\SYSTEM 14-12-19 12:00:00 AM -
i have been redirected to here from https://www.bleepingcomputer.com/forums/t/709723/new-laptop-infected-mouse-pointer-alternates-betn-normal-and-working/page-3#entry4930134 my original symptom regarding the mouse pointer is no more but adwCleaner 8.0.1 will not run. when i double-click on it from my standard account as well as my administrator account, UAC dialog box opens up and then after enter the administrative password and click on YES, nothing happens. i found a similar thread here, but did not want to post this there coz it may mean hijacking that thread.
-
the main reason i use 360-AV is that it has 5 engines including bitdefender and avira unlike other AV products. anyways, this is not the right place for me to talk about it. i have been using 360-AV and lastpass for ages but never have had this issue. but i am really thankful to you for everything. the next option i have is to re-install windows and see if the symptom persists. any suggestion is most welcome .
-
UPDATE: the cmd process occurs for LASTPASS too when its NATIVE MESSAGING feature in the binary component of LASTPASS is activated. i emailed LASTPASS.COM support about this as follows: SUBJECT: cmd.exe runs with lastpass for chrome hi,i am using windows 7 home-premium 64 bit edition. i have installed lastpass in my windows for managing passwords in all my browsers. but everytime i run my chrome 64 bit browser, a cmd.exe process runs. it does not run if the lastpass chrome extension is disabled. is this normal, ie., does lastpass extension for chrome use a cmd process to run everytime? if it is abnormal i should consult a malware removal expert. thanks in advance. and here is what they replied: Hello, Thank you for reaching LastPass Support! We are happy to assist you! Please remove or uninstall your LastPass extension completely on your device (https://helpdesk.lastpass.com/uninstalling-deleting-lastpass/) and reinstall it again using our universal installer here https://lastpass.com/dl Please test the issue again. Thank you. Regards.
-
hi sir, bad news: i installed chrome. then i installed the 360-AV's browser extension. immediately a cmd process started in the taskmanager and there was a popup from my AV asking whether to allow it. i did nothing so it got blocked by default. i closed chrome. next time i started chrome, the same thing happened. to check whether the same behavior happens, i installed vivaldi, another browser based on chromium and my then installed my AV's browser extension. the same thing happened here too. so the inference is that it affects all chromium-based browsers. then when i disable the extension in chrome, the cmd process terminates. the funny thing is that when i re-enable the extension in CHROME, the cmd process again starts and tries to affect the 360-AV extension in VIVALDI too, even when VIVALDI is not running. ie., everytime i enable the extension in CHROME (NOT VIVALDI), i get this warning that the cmd process is trying to infect VIVALDI: if the cmd process is blocked by my AV, the cmd process terminates in the taskmanager. {sorry about the many screenshots (just coz a picture can speak much more than a thousand words).} this was how things were too, the last time when i re-installed chrome. first this behavior was exhibited only with the 360-AV's extension. then after some days another cmd process that started running with lastpass's extension for chrome started appearing. that was when i sought help here. if the only option left is repaving my windows installation, i am ready to do that too, PROVIDED, the infection wont return back. waiting for your guidance, thank you.
-
the full system scan is over. it found some PUPs and removed them. but there are some problems still: 1. i cant remove the USB drives using the safely remove method coz windows shows that the disk is in use, even though they are not. so i have to shut down the PC every-time before unplugging them. so i tried the software from http://safelyremove.com/ but even that cant stop whatever process that is running and shows the following screen:
-
i did as per your instructions. TFC did not ask for a reboot, but i rebooted to be on the safer side. i have not re-installed chrome. i have attached the logs of TFC and FRST. after uninstalling chrome, IE opened automatically asking for google's feedback. at that time IE displayed a message: i clicked on "fix settings for me" but i did not respond. i then closed IE. now i am posting here using cyberfox tfc.txt Addition.txt FRST.txt
-
hi, my laptop has been infected through skype. i sought help at BLEEPINGCOMPUTER.COM and i was helped, yet he could not solve the issue fully. for a detailed overview of what my issue is and what had happened after that, please take a look at (many thanks for your patience) : http://www.bleepingcomputer.com/forums/t/630794/got-infected-through-skype/ http://www.bleepingcomputer.com/forums/t/631260/logs-got-infected-through-skype/ since the topics had been locked, and the person who was helping me was out of options (which he conveyed directly), i tried to investigate further as to what type of infection it could be. i installed system explorer from systemexplorer.net. from that, i found out that whenever google chrome starts, 2 cmd.exe processes load into memory - one piggybacked onto my AV's browser extension for chrome "360 Internet Protection" and the other cmd loads through "lastpass for chrome". if i disable these 2 extensions, the cmd processes stop running and if i enable these 2 extensions, the 2 cmd processes start running. one of them has the following parameter: C:\Windows\system32\DllHost.exe /Processid:{53362C64-A296-4F2D-A2F8-FD984D08340B} other has this parameter: C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\LastPass\nplastpass.exe" --parent-window=0 chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/ < \\.\pipe\chrome.nativeMessaging.in.c399b4121a0bed8f > \\.\pipe\chrome.nativeMessaging.out.c399b4121a0bed8f where the random string of characters varies from one browsing session to another. so my hunch is that the hacker is trying to record my online activity using the trusted file - cmd.exe.the module-details of the 2nd cmd process is attached as screenshot. i tried to clean the infection by installing immunet-5, but it did not detect it too. i ran SFC to know if the infection has corrupted any system files. it returned that some files had been corrupted but were successfully repaired. i am even ready to re-install windows, PROVIDED, the malware WON'T re-infect the new windows installation. what should i do now? or should i try to scan my laptop using any AV's recovery disc USB? or use combofix under guidance? somebody please help me. :'( please find attached the FRST.TXT and ADDITION.TXT Addition.txt FRST.txt
-
Unable to load the Anti-rootkit driver?
anniyan replied to anniyan's topic in Malwarebytes for Windows Support Forum
yes, thank you -
Unable to load the Anti-rootkit driver?
anniyan replied to anniyan's topic in Malwarebytes for Windows Support Forum
thanks a ton that worked i am really thankful