Jump to content

Android8888

Trusted Advisors
  • Content Count

    653
  • Joined

  • Last visited

About Android8888

  • Rank
    Elite Member
  • Birthday 08/25/1969

Contact Methods

  • Website URL
    http://android8888.comlu.com

Profile Information

  • Location
    Portugal
  • Interests
    IT, malware fighting, reverse engineering, electrical and electronic engineering, technology, cinema.

Recent Profile Visitors

1,311 profile views
  1. Hello @msbhvn-1 Thank you for your time and patience. Please DO NOT run any tools on your own unless I ask you to do so. I see that you have multiple Antivirus programs installed on your system: AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} You should only have one Antivirus installed at all time on a computer. Reason being that having more than one installed can cause system instability and conflict due to the way these programs works and interact with the system. If you want to read more about these kind of issues, I suggest you to read the "IMPORTANT NOTE" in quietman7's post here. This being said, I'll ask you to choose the Antivirus program you want to keep, and uninstall the other(s). Usually, you would keep the program you pay for (if that is the case), and uninstall the free one(s). If you pay for multiple products, keep the one you prefer the most, and uninstall the other(s). Windows Defender (takes very few resources and runs in the background) is a good suggestion alongside with Malwarebytes Premium version. I will ask you to remove the programs listed below by using Revo Uninstaller (see instructions below). SereneScreen Marine Aquarium Lite WebDiscover Browser 4.28.2 If you don't use this one, remove it as well: Coupon Printer for Windows Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer Desktop. Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name); Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool; Click Yes to accept the UAC security warning that may appear; Click OK to accept the License Agreement and Copyright; Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process; Note: If it asks for a restart/reboot, select No/Later. In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers; Click on Select All and then on Delete and then Yes to delete the selected items; Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders); Click the Finish button and restart the computer to complete the removal process. Note: You will have to run Revo more than once to completely uninstall each program listed above. Remove these extensions from Google Chrome browser: Yahoo Web Watch TV Instantly InboxNow Search Privacy Easy Map Finder SearchLock FromDocToPDF Recipes Homepage To do that: Open Google Chrome; Type chrome://extensions in the address bar and press Enter; Click the trash can icon by the extension. A confirmation dialog appears, click Remove. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Note: I included a Disk Check in the fix. DO NOT interrupt it under any circumstances. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST64 icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both ON and leave all other settings to default. Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. In your next reply please let me know: What Antivirus program you decide to keep. If you were able to uninstall the programs listed by running Revo. If you were able to remove the Chrome extensions listed. And attach the following logs: Fixlog.txt Malwarebytes log (after quarantine the threats). AdwCleaner clean log. The log can be found in C:\AdwCleaner\AdwCleaner[CXX].txt (where XX is a number, the highest number is the most recent and the one I need to see). Also, let me know how is the computer running now. Android8888 fixlist.txt
  2. Hello @msbhvn-1 and I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear. I will need some time to analyze your logs and I will get back to you as soon as possible. Thank you. Android8888
  3. Hello Maurice. Good. I'm glad to know that! Are there any more issues to address on this computer?
  4. Hello MHY (Maurice) and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. First, I need you to move FRST64.exe to your computer Desktop. Next, Warning: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system. Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST64 and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, reset Google Chrome back to defaults. First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser. Scroll down until you see the button and then click it to clear your data from the server and remove your passphrase. Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information. Press the Windows key + R at the same time, to bring up the run dialog box. Type in (or copy/paste) the following and press Enter: %localappdata%\Google\Chrome\User Data\Default\ Press Ctrl + A to select all the files and folders. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them. This is what it should look like: With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders. Restart your computer now, then re-run AdwCleaner and check if the detection persists. Please attach the Fixlog.txt in your next reply and let me know if the detection persists. Thank you. Android8888 (Rui) fixlist.txt
  5. Hi Riverm, Thank you for trusting in our help. You're always welcome. Regarding your question: From what I can understand I guess you are thinking in using VMware to complement the protection of an antivirus product because VMware works in a virtual environment and as such it can't infect the host computer. Well, theory and practice are the same in theory, but often different in practice. There have been vulnerabilities in VM hypervisors that allow malware to breach the separation and infect the host computer. It's difficult to do, but it can be and has been done. If you want to have a safe surfing on Internet or even perform tests on a controlled environment without infect your computer I suggest you use a Sandbox. It's a different concept of VMware. Personally, I think a Sandbox becomes easier and more practical than a VM. But this also depends on your own purposes. Sandbox (computer security) What’s A Sandbox, And Why Should You Be Playing in One Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program Any further questions?
  6. Hi Riverm I'm glad to know that! If all is running well with the computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System and Antivirus up-to-date. Always! Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A complete guide on using MBAM can be found here A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is called "scareware" or Rogue programs. Rogue programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices: So how did I get infected in the first place Answers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing and stay safe. With my best regards. Android8888 (Rui)
  7. Android8888

    An unidentified malware

    Hello @silveringking That you for your time and patience. I do not see evidences of active malware in your logs. We will run a script fix using FRST just to tidy up. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Now please perform this scan with ESET Online Scanner to search for leftovers. This is a very thorough scan but it's worth it. I suggest you run it when you are not working on the computer. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your Antivirus and Anti-malware programs to avoid potential conflicts, improve the performance and speed up the scan. Right-click on esetonlinescanner_enu.exe and select Run as administrator. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use. Click the Accept button. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Please attach this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Now re-enable your Antivirus and Anti-malware programs, please. To summarize, in your next reply attach the following logs, please: Fixlog.txt AdwCleaner clean log. This log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and the one I need to see). The ESET log (if it produced one). Also, let me know in detail which issues remain on the computer at this time. Thank you. Android8888 fixlist.txt
  8. Android8888

    An unidentified malware

    Olá @silveringking, No, this is not a problem. However let's keep the English language so that others can understand. I have been in the North but never in Fafe. Farbar Recovery Scan Tool (FRST) was developed to scan certain areas of the Operating System, therefore it only scans the partition where the OS is installed which in your case is C. Alright, first of all please tell me if you know or use this software: Chocolatey
  9. Android8888

    An unidentified malware

    Hello @silveringking and Forums. Please read the content of the topic I'm infected - What do I do now?, perform the scans and attach the requested logs for review. We need to see the information on those logs in order to help you. Thank you. Android8888
  10. Android8888

    Yelloader WMCagent folder

    Hi, Thanks for letting me know. Regards, Android8888
  11. Android8888

    Yelloader WMCagent folder

    Hello @ripclaw90000 Do you still need assistance with your computer?
  12. Hi riverm, It's been three weeks since your last reply. Do you still need assistance? Thank you. Rui
  13. Android8888

    help with PUP.optional.reimage

    Hello Rodolfo, Please read carefully the instructions of this post https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ and execute the requested actions in the order listed. Please let me know if the issue still persists. Thank you. Android8888
  14. Android8888

    help with PUP.optional.reimage

    Hello Rodolfo and I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear. Please read the instructions carefully and follow the directions in the order listed. Please proceed with this: Follow the instructions below to execute a fix on your system using FRST, and provide the Fixlog.txt log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST64 icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both ON and leave all other settings to default. Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. To summarize, in your next reply please attach: Fixlog.txt; AdwCleaner clean log; Malwarebytes log. Let me know in detail what issues are you still experiencing on this computer. Thank you. Android8888 fixlist.txt
  15. Android8888

    Yelloader WMCagent folder

    Hello @ripclaw90000 You're welcome. That's odd. Since when is the SSD installed on the computer? Is it to old? Can you turn off the PC, then access your SSD and try to disconnect it and reconnect it again? Please keep me posted. Android8888
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.