Jump to content

Android8888

Trusted Advisors
  • Content Count

    646
  • Joined

  • Last visited

About Android8888

  • Rank
    Elite Member
  • Birthday 08/25/1969

Contact Methods

  • Website URL
    http://android8888.comlu.com

Profile Information

  • Location
    Portugal
  • Interests
    IT, malware fighting, reverse engineering, electrical and electronic engineering, technology, cinema.

Recent Profile Visitors

1,236 profile views
  1. Android8888

    An unidentified malware

    Hello @silveringking That you for your time and patience. I do not see evidences of active malware in your logs. We will run a script fix using FRST just to tidy up. Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Now please perform this scan with ESET Online Scanner to search for leftovers. This is a very thorough scan but it's worth it. I suggest you run it when you are not working on the computer. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your Antivirus and Anti-malware programs to avoid potential conflicts, improve the performance and speed up the scan. Right-click on esetonlinescanner_enu.exe and select Run as administrator. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use. Click the Accept button. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Please attach this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Now re-enable your Antivirus and Anti-malware programs, please. To summarize, in your next reply attach the following logs, please: Fixlog.txt AdwCleaner clean log. This log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and the one I need to see). The ESET log (if it produced one). Also, let me know in detail which issues remain on the computer at this time. Thank you. Android8888 fixlist.txt
  2. Android8888

    An unidentified malware

    Olá @silveringking, No, this is not a problem. However let's keep the English language so that others can understand. I have been in the North but never in Fafe. Farbar Recovery Scan Tool (FRST) was developed to scan certain areas of the Operating System, therefore it only scans the partition where the OS is installed which in your case is C. Alright, first of all please tell me if you know or use this software: Chocolatey
  3. Android8888

    An unidentified malware

    Hello @silveringking and Forums. Please read the content of the topic I'm infected - What do I do now?, perform the scans and attach the requested logs for review. We need to see the information on those logs in order to help you. Thank you. Android8888
  4. Android8888

    Yelloader WMCagent folder

    Hi, Thanks for letting me know. Regards, Android8888
  5. Android8888

    Yelloader WMCagent folder

    Hello @ripclaw90000 Do you still need assistance with your computer?
  6. Hi riverm, It's been three weeks since your last reply. Do you still need assistance? Thank you. Rui
  7. Hello Rodolfo, Please read carefully the instructions of this post https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ and execute the requested actions in the order listed. Please let me know if the issue still persists. Thank you. Android8888
  8. Hello Rodolfo and I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear. Please read the instructions carefully and follow the directions in the order listed. Please proceed with this: Follow the instructions below to execute a fix on your system using FRST, and provide the Fixlog.txt log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST64 icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your computer Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Click Yes to accept the User Account Control security warning that may appear; Click on the blue button 'I AGREE'; Click on the Scan Now button; Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Open Malwarebytes; On the left pane select Settings; Select the Protection tab; Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both ON and leave all other settings to default. Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient. When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach the log in your next reply. To summarize, in your next reply please attach: Fixlog.txt; AdwCleaner clean log; Malwarebytes log. Let me know in detail what issues are you still experiencing on this computer. Thank you. Android8888 fixlist.txt
  9. Android8888

    Yelloader WMCagent folder

    Hello @ripclaw90000 You're welcome. That's odd. Since when is the SSD installed on the computer? Is it to old? Can you turn off the PC, then access your SSD and try to disconnect it and reconnect it again? Please keep me posted. Android8888
  10. Android8888

    Yelloader WMCagent folder

    @ripclaw90000 Thank you for the logs, patience and time. We have a bit more work to do yet. The next step is to read the instructions on the link below and enable your System Restore now. How to Turn On System Restore in Windows 10 Now re-run Malwarebytes and perform a new scan. When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please attach that log in your next reply. Next, re-run AdwCleaner and perform a new scan. Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button; Click on the Clean & Restart Now button; After the restart, a log will open when logging in. Please attach that log in your next reply. Next, Go to this site https://www.adlice.com/download/roguekiller/ and scroll down on the webpage until you reach the 'Download' box with 3 green download buttons. Then click on the DOWNLOAD green button for the Portable 64 bits version of RogueKiller by Tigzy and save it to your computer Desktop. Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan! Right-click on the file RogueKiller_portable64.exe and select Run as administrator to start the tool; Click Yes to accept the User Account Control security warning that may appear; Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button; Wait until the scan has finished. Note: This scan may take some time to complete; Once finished the results will be displayed; Check every single entry (threat found), and click on the Remove Selected button; Click on the Open Report button. It will open a new window. Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop. Close RogueKiller. Please attach the RKlog.txt to your next reply. Next, you will run another script fix using Farbar Recovery Scan Tool (FRST). NOTE: This fix will ask for a reboot and will run a 'System File Check' and a 'Disk Check'. Please let it complete both and DO NOT interrupt it under any circumstances. Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST64 icon and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; In summary, I will need to see the following logs attached in your reply: Malwarebytes log. AdwCleaner clean log. The log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and is the one I want to see). RogueKiller clean log. Fixlog.txt How is the system running now? Thank you. Android8888 fixlist.txt
  11. Android8888

    Yelloader WMCagent folder

    Hello @ripclaw90000 Thank you for your time and patience. Please read carefully the following instructions and if you don't understand something, please STOP and ask before proceed. First you will need to have access to a uninfected computer and a USB Flash Drive (4 GB size will do). Please note: The USB Flash Drive can only be inserted in the infected computer if it is either shutdown, or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB. Preparing the USB Flash Drive --- on a clean computer Plug-in the USB Flash Drive on a clean computer and format it before using it ('Quick Format' is enough). Access the Internet, download FRST 64-bit and save it to the USB Flash Drive (Don't use the FRST64.exe file used from the infected computer): Download the attached fixlist.txt file at the bottom of this post and save it in the same location the FRST64 is saved in the flash drive. Boot in the Recovery Environment (RE) --- on the infected computer To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Note: Once in the Windows RE, plug the USB Flash Drive in the computer. You will have to reach and select the Command Prompt icon in Advanced Options in the Recovery Environment. Once in the Command Prompt In the command prompt, type notepad and press on Enter; Notepad will open. Click on the File menu and select Open; Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad; In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter; Note: Replace the letter e with the drive letter of your USB Flash Drive; FRST will open; Click on Yes to accept the disclaimer; Click on the Scan button and wait for the scan to complete; That will deactivate the rootkit. Once the scan is finished, press the Fix button; These actions will make two files, a FRST.txt and a Fixlog.txt in the flash drive. Please attach both (FRST.txt and Fixlog.txt) files in your next reply. Once finished in the Recovery Environment, restart the computer in Normal Mode. Delete the current FRST64.exe file from the infected computer. Please download FRST 64-bit and save it to the Desktop. Double-click to run it and accept the UAC warning that may appear. When the tool opens click Yes to disclaimer. Make sure that under Optional Scans, there is a check-mark on Addition.txt. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The tool will also produce another log (Addition.txt ). Please attach it to your reply. In your next reply I will need to see: FRST.txt produced in the Recovery Environment; Fixlog.txt produced in the Recovery Environment; FRST.txt produced in Normal Mode; Addition.txt produced in Normal Mode. fixlist.txt
  12. Android8888

    Yelloader WMCagent folder

    Hello ripclaw90000 and Forums. I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear. Your computer is infected with a Smart Service Rootkit which is a very nasty infection but with the correct procedures we'll get your computer clean. For now, please DO NOT run any tools by yourself unless asked to do so. First, move FRST64 to your computer Desktop. In Normal Mode do this please: Right click on the FRST64 icon and select Run as administrator to start the tool; Highlight and copy the following text and paste it inside the 'Search' box area of FRST; Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Once done, click on the Fix button. A file called Fixlog.txt should appear in the same location as FRST64; Please attach it in your next reply and wait for further instructions. I will need to review your logs and will get back with more instructions as soon as possible. Thank you. Android8888
  13. Android8888

    Welcome to the Web Summit 2018

    Greetings to all and welcome to the Web Summit 2018 in Lisbon, Portugal. The Web Summit is one of the world's largest entrepreneurship and technology conference held annually since 2009. The company was founded by Paddy Cosgrave, David Kelly and Daic Hickey. The event started in 2009 in Ireland and was transferred to Portugal in 2016 where it will remain until 2028. This year the conference theme is centered on Internet technology and will count on the participation of more than 2000 companies and 70000 visitors. Cheers,
  14. Hi 3rdhope, First I apologize for the delay in responding. You're welcome. I had already thought about resetting the router in the next step. Anyway, I'm glad to know that you solved the problem by your own. 👍 However I still see some remnants of infection in your last FRST logs. Even if the system appears to be running well I strongly advise you to run these two last scans. Please do this: Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file! Right-click on the FRST64 and select Run as Administrator; Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Now I would like you to run one last scan with ESET Online Scanner to search for leftovers. This is a very thorough scan and therefore can take some time to complete but it's worth it. Please scan your computer with ESET Online Scanner. Click on this link to open ESET Online Scanner in a new window. Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop. Close all your programs and browsers and disconnect any USB flash drives from the computer. Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Right-click on esetonlinescanner_enu.exe and select Run as administrator. Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use. Click the Accept button. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your Antivirus program. In your reply please attach both the Fixlog.txt and the ESET log (if it produced one). Thank you. Android8888 fixlist.txt
  15. Thank you for the logs. Just let me analyze your logs. I'll try to respond as soon as possible. Thank you for your understanding and patience. Android8888
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.