-
Posts
63 -
Joined
-
Last visited
-
Days Won
1
Content Type
Events
Profiles
Forums
Posts posted by Sandor
-
-
Good and thank you for logs.
You have Farbar Recovery Scan Tool downloaded in this place:
C:\Users\User\Downloads\FRSTEnglish.exe
Please run it and gather two logs in the same place - FRST.txt and Addition.txt by pressing Scan button. Attach them to your next message.
-
Hello and
You have a miner at your system for the long time that blocks any antiviruses. We will try to remove it.
Please download AV block remover, unzip it and run.
If you possibly couldn't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use its random named version.
If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder).If the virus still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.
-
Hello and
Please download AV block remover, unzip it and run.
If you possibly couldn't run it, just rename AVbr.exe -> AV-b-r.exe for instance and run. Or you can use its random named version.
If this method doesn't work, run this tool NOT from your Desktop or Downloads folder (use any other folder).If the virus still blocks the utility, then try to run it in Safe Mode with Networking. Follow the instructions. After reboot you'll receive AV_block_remove_date-time.log. Please attach it to your next post.
-
Please look into C:\KVRT2020_Data\Reports folder. Perhaps there will be *.enc1 file. If so, zip it and attach to your next message.
-
11 hours ago, AdvancedSetup said:
Almost no one uses Hijackthis now for almost a decade
Sorry for the intrusion, but the Hijackthis+ is still being updated and used. Here is a link to the current version. Version 2.0.5 is really very outdated
- 1
- 1
-
It's a pity that you were forced to reinstall the system. But this is a good way out. I would like to clarify that this particular infection occurs when the user installs a certain repack or activator, usually downloaded from a torrent.
-
Thank you.
I see Restore point date: 2023-11-23 21:56 - Is it created before the problem occured? If so, try to restore system from this point. And tell me what happens.You have a well known infection that could be cured, but first you have to enter to the system at least in safe mode.
- 1
-
It is sad to hear that. Please clarify - you can't even boot to safe mode now?
Lets try this method: Download Farbar recovery scan tool at the another clean PC and save it to USB stick. Then go to Startup repair function and run Command promt. Print notepad in the Command promt and press Enter. Notepad will be open. Press - File - Open in file menu and go to your USB stick. In file types choose "All files" and find file named frst64.exe. Right click it and choose "Run as administrator". Tool will start, you have to press Yes to agree with the agreement and press Scan button. After end of scan you'll get FRST.txt log. Attach it to your next post.
- 1
-
OK, get them when you have a time.
- 1
-
Hello and
Please read and do the instructions described in this topic:
If you encountered problems in starting tools, please run your system in Safe Mode and try again.
- 1
-
Thank you for the report @gamingbrain1
Please delete old and create new logs FRST.txt and Additon.txt.
-
@gamingbrain1 I'd like to see Fixlog.txt please:
On 10/25/2023 at 4:11 PM, Sandor said:Run FRST64.exe and press Fix button. Wait until it ask to reboot and after that find file named Fixlog.txt in the same folder. Attach it to your next post.
-
Hello,
I'd like to bump up this topic because this tool is detected again. Here is the part from log:
SpoilerMalwarebytes
www.malwarebytes.com-Данные журнала-
Дата события защиты: 04.11.2023
Время события защиты: 18:43
Файл журнала: e50a93f2-7b28-11ee-b33e-001a7dda7113.json-Информация о ПО-
Версия: 4.6.6.294
Версия компонентов: 1.0.2189
Версия пакета обновления: 1.0.76906
Лицензия: Ознакомительная версия-Информация о системе-
ОС: Windows 10 (Build 19045.3448)
Процессор: x64
Файловая система: NTFS
Пользователь: System-Сведения о заблокированном вредоносном ПО-
Файл: 1
MachineLearning/Anomalous.100%, C:\Users\test\Desktop\avz5\avz.exe, Помещено в карантин, 0, 392687, 1.0.76906, , shuriken, , 1D32522AACFECAF6D485E71C0453BE5D, F0BDCD66B9A3D80FE5F62339B500F11B604A602B87A724B2C00341D9B7953CB3Thanks in advance.
-
@gamingbrain1, how is it going? Do you still need our assistance?
- 1
-
Hello and
Please uninstall PUPs:
QuoteAdobe Flash Player 32 NPAPI
BonjourAfter that download attached file fixlist.txt and place it in same folder with FRST64.exe (M:\Downloads\FRST64.exe)
Run FRST64.exe and press Fix button. Wait until it ask to reboot and after that find file named Fixlog.txt in the same folder. Attach it to your next post.Second step: you have Malwarebytes version 4.6.3.282 installed. Please do full system scan, save results to text file and attach it to your next post.
- 1
-
Thanks for the logs, looks good.
Now please download attached new Fixlist.txt, boot your system in Safe Mode and run this additional small fix the same way as you did previously.
After reboot show me new Fixlog.txt.Next step:
I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.
The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.
The download links & the how-to-run-the tool are at this link at Microsoft
Look on the Scan Options & select the FULL scan.
Then start the scan. Have lots of patience. It may take several hours.
- Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run.
- The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan.
This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.)
The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log
Please attach that log with your next reply.
-
Thank you for the logs. Lets do some cleaning steps.
These programs determined as PUP (potentially unwanted)
QuoteDriver Easy 5.7.3
Wondershare Filmora 11(Build 11.6.3.639)
Wondershare Helper Compact 2.6.0So you should go to Parameters - Apps and uninstall them.
Next please download attached file Fixlist.txt and place it in your Download folder - C:\Users\gatet\Downloads\
Run the Farbar tool - C:\Users\gatet\Downloads\FRST64.exe, press Fix button and wait for a while. PC will reboot and after that please find in the same folder file named fixlog.txt and attach it to your next post.Now I believe you'll get access to antivirus sites so you could do this:
Please download MALWAREBYTES MBST Support Tool
Once you start it click Advanced >>> then Gather Logs
Have patience till the run has finished.
Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.
- Please attach mbst-grab-results.zip to your reply
-
Hello and
Please read this topic and try to get us at least logs from the Farbar Recovery Scan Tool.
-
Let me offer you following tool produced to cure definitely this infection.
Please download AV block remover, unzip it and run.
If you possibly couldn't run it, simply rename AVbr.exe -> AV-b-r.exe for expamle and run. At least run in in Safe mode with network if renaimed failed too. Follow the instructions. After reboot you should have AV_block_remove_date-time.log. Please attach it to your next post.
After reboot please get us new logs FRST.txt and Addition.txt
-
Thanks for clarification. Waiting for Virustotal to exclude its detection, that what I forget to mention.
QuoteIf the problem persists after waiting a few days and submitting for re-scan, please post in this forum for a researcher to investigate further.
And I understand that you can't affect to VT' detect directly. Your collegue gave me full explanation here.
-
Hello,
I'd like to bump up this topic because all three detections on VT still not gone.
Thanks.
-
Can you please give us some details - how is it going?
Thanks in advance.
-
Quote
MachineLearning/Anomalous.100%, C:\USERS\ASUS2021\DESKTOP\AUTOLOGGER\AV\AV_Z.EXE, Проигнорировано пользователем, 0, 392687, 1.0.61645, , shuriken, , D112D058892D229ED6B6AF656634B8E5, 2E70F7B16B46BCE7C71353F153A2D0622DBAC3C04AB90197BF8E96D7EA9F414A
AVZ - is a well known AV tool (it simply renamed)
-
Please pay attention to this
QuoteMalware.Sandbox.17, C:\USERS\USER\DESKTOP\AUTOLOGGER\AUTOLOGGER\RSIT\RSIT.EXE
RSIT is known tool named Random's System Information Tool.
I can't install malwarebytes. (pls help)
in Resolved Malware Removal Logs
Posted
@FranchescaXD, do you still need our help?