seglea
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by seglea
-
-
OK, as suggested I ran the MBytes recovery tool to Gather Logs and run FBST under an admin user. This time it all ran through quickly - a few minutes. I'm attaching the collected log files. Thank you for your help.
-
18 hours ago, AdvancedSetup said:
Please try again logging in with an account that has Administrator rights.
Ran by Stephen (ATTENTION: The user is not administrator) on IFLAMEPRO (Novatech Ltd Desktop PC)
Thank you
Thanks, I'll do that as soon as I can - the machine is busy for now.
Not sure what the intervening two posts were about...
-
Thanks. When I downloaded FRST separately, it ran to completion in a sensible time. The fbst.txt and addition.txt files are attached.
I did a bit of experimenting to pin down where the problem is coming from. I always do Custom scans. It seems that if I give it just a few files (on the C: drive) to scan, Adobe Reader is unaffected. But when I set it to scan the whole of C: (including looking for rootkits), sooner or later Adobe gets blocked - not immediately the scan starts, however, and not until it has scanned quite a few files.
-
Thank you for your support. I have been trying to follow the instructions in the KB article, but it took a very long time for the Gather Logs stage to complete, and the FRST stage has now been running for about 18 hours without completing. I can't believe that this is normal, and I have to shut it down now. When I restart the machine, I will try again; it would be helpful to know (a) whether I need to repeat the Gather Logs stage, and (b) whether it is credible for the FRST run to take so long, or whether it indicates some kind of error. Many thanks.
-
I'm using the Malwarebytes free edition in Windows 10 Pro, version 1909. Whenever I use Malwarebytes, Acrobat Reader DC (Continuous Release version 2020.006.20042), which is my default application for .pdf files, becomes unable to load. If I click on a pdf file in a directory listing, or try to launch Reader directly, nothing appears to happen. Task Manager shows an Acrobat process (one for each attempt to load a pdf), but the program does not launch. The problem remains until I do a Restart or Power off. I have a copy of Acrobat X Pro on the system, and this launches and functions normally. This problem occurs every time, but it is of fairly recent origin - I am guessing dating from an update of Windows, Malwarebytes or Reader. I've hunted on the web but can't find any reports of this problem, or fixes for it. Can anyone advise, please? Many thanks.
-
I've just had a very odd occurrence. I got a popup claiming to come from Malwarebytes asking me to give opinions about the service and ways it can be improved. I was happy to do so - I use the service and find it generally useful but with some glitches. But after one question, it switched to a Survey Monkey survey about opinions about UK politics. Again, I don't mind... but afterwards I began to wonder whether this is correct behaviour, and whether in fact one or other survey may have been some kind of malware? The opinion survey ended with a request for some fairly fine-grained demographic information, which didn't feel quite right. Can anyone from MWB reassure me? And if not, does anyone know what kind of nasty may be at play here? thanks for any advice.
-
Thanks, that's great. Yes, ok to close this topic now, and I hope it is useful to others.
-
Kevin, thanks for your report; sorry I've been silent for a few days, busy with other things. So far as I can tell the PC is running normally, with no unexpected slowness - it is a little difficult to tell as all files are on a NAS and that sometimes imposes delays. I am checking all financial sites (the main targets of ZeuS.panda) carefully and there are no signs of any attempted intrusion. So I think that has been cleared, and many thanks for your help. A thank-offering is on its way.
I'm still left with one of my original questions - was delete/shredding the file reported as infected with the trojan the right way to go when MWB didn't seem able to remove the infection?
I also have another, for which I will start a new thread... As part of this process, I discovered that my (old version) MWB probably wasn't doing anything useful when I set it to scan networked drives, even though it appeared to be scanning them; and the latest version (which I had to install to overcome a stoppage) now won't do it at all. It's a consequence of newer versions of MWB running as a service, rather than a user program. So now I need to find something that will scan network drives for Windows-oriented malware. Some of the programs you recommended above are possible candidates, though there are others on the Synology forum (that being the make of my NAS).
Thank you again.
-
Kevin, here's the RogueKiller report, with a bundle of PUMs found. Looking at it, the two entries for Internet Explorer look from their Data entries as though they are links to my authentic home page.
-
Kevin, thanks for the further advice. Here are the logs you requested. The short account is that the FRST process ran through ok, but when I then tried to run MalwareBytes, it kept crashing out and triggering a reboot, with the message "Page fault in non paged area MBABSwissArmy.sys". I fixed this by downloading a fresh copy of MalwareBytes (which had, however, been performing perfectly OK previously - though I was running it from an admin user when it crashed, rather than from my usual user). Zemana and Emisoft then ran ok, each detecting one piece of Adware, neither of which look likely to be related to the original ZeuS.panda infection.
-
Kevinf80, thank you for your prompt offer of assistance. I have run FARBAR as suggested, and attach the two files.
seglea
-
On a weekly scan, Malwarebytes (MWB) detected the spyware ZeuS.panda. This is a known dangerous Trojan that collects passwords etc when you visit banking sites. MWB quarantined it, and at the end of scan gave me the option to delete it, which I took. However, the flagged infected file was not deleted, and when I ran MWB again after restarting the machine, it reported the spyware in the same location. I repeated this a few times, checking for any variations in procedure, but the result was always the same. Accordingly, I have now removed the file reported as infected (using Eraser rather than a simple delete). Two questions, therefore: (a) will Erasing the file have removed the threat properly, and (b) would there have been a more appropriate action under these circumstances? Most grateful for any advice.
Malwarebytes blocks Adobe Acrobat Reader DC
in Resolved Malware Removal Logs
Posted
Thanks for this suggestion. I've just tried that, but no joy - Adobe Reader still won't run. As before, it shows up as a Background Process in the Task Manager report, so it is obviously starting off but then getting blocked somehow.
The machine was originally supplied with Windows 7, but was upgraded to Windows 10 a few years ago - the recent upgrade you noticed must have been the upgrade to the 1909 edition. That must have been done in the past 4 months, and it is just possible that my issue with Mbytes and Adobe dates from that time - I can't remember exactly when it first appeared (or when I did the upgrade, for that matter).
Thanks too for your comment about filesync. A good program in its day, but I haven't used it in years (I now use SyncBackFree); I'd forgotten I even had it on the machine. Does the fact that it appeared in the logs mean that it has been run somehow? If so I'd better nail it down more securely. It can't be downloaded any more, so I kept it in case I ever needed to look into what it might have done on an old project. Is it going to do any harm, if it is never run?