Sandor

March 26

@FranchescaXD, do you still need our help?

March 21

Good and thank you for logs.

You have Farbar Recovery Scan Tool downloaded in this place:

C:\Users\User\Downloads\FRSTEnglish.exe

Please run it and gather two logs in the same place - FRST.txt and Addition.txt by pressing Scan button. Attach them to your next message.

March 20

Hello and :welcome:

You have a miner at your system for the long time that blocks any antiviruses. We will try to remove it.

Please download AV block remover, unzip it and run.

If you possibly couldn't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use its random named version.
If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder).

If the virus still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.

March 14

Hello and :welcome:

Please download AV block remover, unzip it and run.

If you possibly couldn't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use its random named version.
If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder).

If the virus still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.

December 20, 2023

Please look into C:\KVRT2020_Data\Reports folder. Perhaps there will be *.enc1 file. If so, zip it and attach to your next message.

November 30, 2023

11 hours ago, AdvancedSetup said:

Almost no one uses Hijackthis now for almost a decade

Sorry for the intrusion, but the Hijackthis+ is still being updated and used. Here is a link to the current version. Version 2.0.5 is really very outdated

November 30, 2023

It's a pity that you were forced to reinstall the system. But this is a good way out. I would like to clarify that this particular infection occurs when the user installs a certain repack or activator, usually downloaded from a torrent.

November 29, 2023

Thank you.
I see Restore point date: 2023-11-23 21:56 - Is it created before the problem occured? If so, try to restore system from this point. And tell me what happens.

You have a well known infection that could be cured, but first you have to enter to the system at least in safe mode.

November 28, 2023

It is sad to hear that. Please clarify - you can't even boot to safe mode now?

Lets try this method: Download Farbar recovery scan tool at the another clean PC and save it to USB stick. Then go to Startup repair function and run Command promt. Print notepad in the Command promt and press Enter. Notepad will be open. Press - File - Open in file menu and go to your USB stick. In file types choose "All files" and find file named frst64.exe. Right click it and choose "Run as administrator". Tool will start, you have to press Yes to agree with the agreement and press Scan button. After end of scan you'll get FRST.txt log. Attach it to your next post.

November 27, 2023

OK, get them when you have a time.

November 27, 2023

Hello and :welcome:

Please read and do the instructions described in this topic:

If you encountered problems in starting tools, please run your system in Safe Mode and try again.

November 27, 2023

Thank you for the report @gamingbrain1

Please delete old and create new logs FRST.txt and Additon.txt.

November 20, 2023

@gamingbrain1 I'd like to see Fixlog.txt please:

On 10/25/2023 at 4:11 PM, Sandor said:

Run FRST64.exe and press Fix button. Wait until it ask to reboot and after that find file named Fixlog.txt in the same folder. Attach it to your next post.

November 8, 2023

Hello,

I'd like to bump up this topic because this tool is detected again. Here is the part from log:

Spoiler

Malwarebytes
www.malwarebytes.com

-Данные журнала-
Дата события защиты: 04.11.2023
Время события защиты: 18:43
Файл журнала: e50a93f2-7b28-11ee-b33e-001a7dda7113.json

-Информация о ПО-
Версия: 4.6.6.294
Версия компонентов: 1.0.2189
Версия пакета обновления: 1.0.76906
Лицензия: Ознакомительная версия

-Информация о системе-
ОС: Windows 10 (Build 19045.3448)
Процессор: x64
Файловая система: NTFS
Пользователь: System

-Сведения о заблокированном вредоносном ПО-
Файл: 1
MachineLearning/Anomalous.100%, C:\Users\test\Desktop\avz5\avz.exe, Помещено в карантин, 0, 392687, 1.0.76906, , shuriken, , 1D32522AACFECAF6D485E71C0453BE5D, F0BDCD66B9A3D80FE5F62339B500F11B604A602B87A724B2C00341D9B7953CB3

Thanks in advance.

November 1, 2023

@gamingbrain1, how is it going? Do you still need our assistance?

October 25, 2023

Hello and :welcome:

Please uninstall PUPs:

Quote

Adobe Flash Player 32 NPAPI
Bonjour

After that download attached file fixlist.txt and place it in same folder with FRST64.exe (M:\Downloads\FRST64.exe)
Run FRST64.exe and press Fix button. Wait until it ask to reboot and after that find file named Fixlog.txt in the same folder. Attach it to your next post.

Second step: you have Malwarebytes version 4.6.3.282 installed. Please do full system scan, save results to text file and attach it to your next post.

fixlist.txt

December 14, 2022

Thanks for the logs, looks good.

Now please download attached new Fixlist.txt, boot your system in Safe Mode and run this additional small fix the same way as you did previously.
After reboot show me new Fixlog.txt.

Next step:

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run.
The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

Fixlist.txt

December 13, 2022

Thank you for the logs. Lets do some cleaning steps.

These programs determined as PUP (potentially unwanted)

Quote

Driver Easy 5.7.3
Wondershare Filmora 11(Build 11.6.3.639)
Wondershare Helper Compact 2.6.0

So you should go to Parameters - Apps and uninstall them.

Next please download attached file Fixlist.txt and place it in your Download folder - C:\Users\gatet\Downloads\
Run the Farbar tool - C:\Users\gatet\Downloads\FRST64.exe, press Fix button and wait for a while. PC will reboot and after that please find in the same folder file named fixlog.txt and attach it to your next post.

Now I believe you'll get access to antivirus sites so you could do this:

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then Gather Logs

Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

Please attach mbst-grab-results.zip to your reply

Fixlist.txt

December 12, 2022

Hello and :welcome:

Please read this topic and try to get us at least logs from the Farbar Recovery Scan Tool.

November 22, 2022

Let me offer you following tool produced to cure definitely this infection.

Please download AV block remover, unzip it and run.

If you possibly couldn't run it, simply rename AVbr.exe -> AV-b-r.exe for expamle and run. At least run in in Safe mode with network if renaimed failed too. Follow the instructions. After reboot you should have AV_block_remove_date-time.log. Please attach it to your next post.

After reboot please get us new logs FRST.txt and Addition.txt

November 3, 2022

Thanks for clarification. Waiting for Virustotal to exclude its detection, that what I forget to mention.

Quote

If the problem persists after waiting a few days and submitting for re-scan, please post in this forum for a researcher to investigate further.

And I understand that you can't affect to VT' detect directly. Your collegue gave me full explanation here.

November 2, 2022

Hello,

I'd like to bump up this topic because all three detections on VT still not gone.

Thanks.

November 1, 2022

Can you please give us some details - how is it going?

Thanks in advance.

October 29, 2022

Quote

MachineLearning/Anomalous.100%, C:\USERS\ASUS2021\DESKTOP\AUTOLOGGER\AV\AV_Z.EXE, Проигнорировано пользователем, 0, 392687, 1.0.61645, , shuriken, , D112D058892D229ED6B6AF656634B8E5, 2E70F7B16B46BCE7C71353F153A2D0622DBAC3C04AB90197BF8E96D7EA9F414A

AVZ - is a well known AV tool (it simply renamed)

111.txt

October 24, 2022

Please pay attention to this

Quote

Malware.Sandbox.17, C:\USERS\USER\DESKTOP\AUTOLOGGER\AUTOLOGGER\RSIT\RSIT.EXE

RSIT is known tool named Random's System Information Tool.

mb-scanlog2.txt

Events

Profiles

Forums

Posts posted by Sandor

Important Information