Jump to content

PoolManBaby

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks! Oh that's so funny. I redirect my Downloads to the desktop. So I like to keep my little utilities like this in the Downloads folder to... get this... 'protect' my programs folders. 😄
  2. If you can edit -- please remove user info.
  3. So there's no way for us visitors to edit our post once posted?
  4. I already uninstalled it. DRAT! Maybe I'll try an emulated environment.
  5. I want to add the author of this app suggests it is a false positive. The can only stay fixed with an exclusion. (Implying this has come up before.)
  6. I had uninstalled it but I kept this message.
  7. Sorry Porthos. I can't find a way to edit it and move it.
  8. Greetings, I installed the non-MS store version of TASKBARX -- https://chrisandriessen.nl/taskbarx It's a groovy app that allows you to center your taskbar and even make it transparent. Among other things. I've used it for years as FalconX (its prior name) and suddenly Malwarebytes isn't pleased with it. Considering the same app is in the Windows Store is there any chance this is a false positive? Because I'd really like to keep using this app. Thanks in Advance, The Pool Man
  9. I've been rebooting my brains out and believe the malware is gone, Ron. I can't tell if your recent fix did the trick or me icing that utility folder. Oh, and yeah, I iced the entire thing. Putting the pieces together it is now confirmed that Folder Colorizer installs malware. The malware IS that 'Utilities' folder and its contents. I'm not going to start your browser cleansing plan unless it comes back at this point. I want to THANK YOU for all your help Ron.
  10. Just found the article online that connects that Folder Colorizer program to this malware -- http://www.thewindowsclub.com/color-customize-windows-folders
  11. Sorry to trouble you so. I was hoping this would be a quick fix for the both of us, right? So let me update you -- 1. You made me a little nervous when you wanted to reset all my browsers. I was afraid I could lose certain things I don't want to lose. I felt it was a kitchen sink option and wanted to avoid it if I could. So read the rest and you can decide if I should hold off or not. 2. Based upon that thread above where the guy had the same folders with the same .dll files but a different issue -- I decided to borrow an idea of his. To rename that utilityservice.exe something else. For no reason I can explain I added 'BAK' to the name of this utility just like he did. The result was that it didn't rename the .exe but the entire folder. See pic below. On a semi-desperate lark I attempted to erase said .exe file -- and I moved it (as admin) the recycle bin. There I erased it as admin there.. So far that file hasn't come back. Neither has the related fix that keeps coming back. Question Ron -- what would you say if I tried to throw the others out while I'm at it? The ones all with the same date? Or would you say TRASH THEM ALL since none of your other PCs have these files anyway? 3. I did run that specific FRST. But the malware came right back upon reboot. And by the way -- I can tell if it's come back upon reboot because, like I said, the number keys cannot 'lift' the boot lockscreen. When the numeric keys do work the malware isn't there. Here's the log --
  12. I'm new to PC as of last year. Decades of Mac use. Remember this if you feel like I'm missing something painfully obvious to a seasoned PC user. To answer your question I have absolutely no idea what that is. But -- 1. -- it lives in the same folder that the BitCoinMiner keeps reappearing within. Even worse -- 2. -- this folder only exists on one of my three PCs. Which I set up almost identically. That is: the troubled PC has a Utilities folder that the other PCs do not have. So I would ask you, Ron: what do you make of the other contents of this folder? And that all almost all were installed on the same day? Hey Rom -- I Googled each .dll and got nowhere. But then suddenly I got lucky and found the link below. Someone in my exact situation but with a different symptom. And I'll do what you said in a few minutes. I had to share this before I lost it -- https://answers.microsoft.com/en-us/windows/forum/windows_10-power/after-restarting-my-desktop-from-hinbernate-or/5b8a5bf9-deb1-4aa3-9a9a-371bf2563d4d
  13. By the way the instructions you folks offer are excellent. This last set, however, comes off as mildly inaccurate. I'm offering these suggested edits for further clarity. Create an Autoruns Log: Please download Sysinternals Autoruns from here. Save Autoruns.exe to your desktop and double-click it to run it. Accept terms. Once it starts, please press the Esc key on your keyboard to stop scan. Cick on the Options button at the top of the program. Select Scan Options and then check Verify Code Signatures. If offered to Rescan do so. Or press the F5 key on your keyboard, this will start the scan again, this time let it finish. It takes under a minute.*** When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns. Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder Attach the Autoruns.zip folder you just created to your next reply *** I added this because the app does not indicate when it is finished.
  14. Thanks Ron. I wanted to show you this first. I did a scan this morning and found nothing. I rebooted at 12:30 PM my time and did another scan. It found nothing and I've attached it below. But then I looked in the MWB log and something had slipped in and had been quar'd minutes before the reboot. See pic.
  15. So this morning no activity. The scan found nothing. But I'll bet something will happen with a few hours or less based upon prior activity. (See attachment). By the way I watched other people go thru your process and normally you folks ask us to hit the 'fix' button. But you didn't ask me to do that. You merely asked how things were running. Did you skip a step? In case this helps: I believe this malware has a 'tell'. My PC has been doing two weird keyboard things recently. Which are there when the malware is there but gone when it isn't. 1. When I boot and get to my lock screen, any key is supposed to make it go away and allow me to open my pin. I believe when this malware is present I cannot use my numeric keypad to dismiss the lock screen. Where normally I can. 2. When the malware is present and I've been using my computer for at least an hour, keys on the keyboard begin triggering incorrect functions. Like the other day I couldn't type '@' into a field on the net. It just wouldn't work. At a different time if I hit ANY key the settings window or the start menu would simply open. The only way to fix this issue was a reboot.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.