Jump to content

dugrn

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by dugrn

  1. I figured it wad something that I did not know/aware of. I have included my logs for review just in case. I apologize for not putting them up in my original message. mbst-grab-results.zip
  2. When I open MWB it opens to a completed threat scan with the date and time in which the application was opened. Of course it is impossible to complete a scan at the same time you open MWB. I'm also not getting my MWB popups that a scan was completed. I dug a bit deeper and noticed that my scans were taking much less time than usual. 6-8min as opposed to 15min or longer. I decided to watch a few scans and noticed a few things. 1. When starting the "Scanning startup items" the items scanned was approximately 2,291 and completed at 2,491 2. When it proceeded to "Scanning registry" it jumped to to approximately 134,000 items scanned immediately. While in "Scanning registry it jumped from 134.000 files to 151,000 to 174,000. Then 197,000 to 214,000. 3. When it proceeded to "Scanning file system" the items scanned jumped to 262,000. The file items scanned proceeded normally up to about 285,000 items scanned and all the sudden jumped to 359,000 and finished. 4. After this scan I closed MWB and reopened. The home screen opened to a completed scan with the date and time it opened and the scan time/items scanned we identical to the previous scan.
  3. I guess I’m confused. The last outbound attempt was from a different IP and file (not one drive) on 2/10. In a previous post you said “No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).“ 2/18 was the last daily scan and MB quit running until 3/4 which is what prompted this whole thing.
  4. Actually one of those reports I sent shows it did not come from onedrive. It came c:\windows\system32\svchost.exe and had a different up address. It was actually the last outbound I had. there have been no block events since 2/10
  5. So I reviewed the malicious sites blocked reports. There are multiple from the same IP address And from the same file location over about 45min. 7 hours later on the same day theee were 3 outbound attempts with a different IP address but same file location. The final one of those 3 had the same IP but a different t file location. All of these showed up on detection history with event “RTP detection”. I have uploaded the reports below as well as the scan log I performed based on your instructions scanreport 3-6.txt RTP detection 2-10 1251pm.txt RTP detection 2-10 1158am.txt RTP detection 2-10 721pm.txt RTP detection 2-10 720pm.txt malicioussiteblock.txt
  6. Thanx Maurice i tried removing the password in chrome-did not work. i was wondering if you could look at a malicious site block file for me. I have uploaded below. If I need to start a new thread let me know. i got about 25 of them all on the same day within 15 minutes of each other. malicioussiteblock.txt
  7. Hi Maurice ny scan settings as as they were before all this happened. Threat scan—date/time—Repeats everyday—-scan at next opportunity. MB ran as scheduled today. As for my login in issue, the advice from AdvancedSetup did not work.
  8. I have included the latest scan log (3-4-20) and the last log before MB stopped daily scanning (2-18-20) also, I’m having to eat my password each time I try and log into this site. I cannot log in at all on my pc. I can only log in on my phone. thanx! scanrpt3-4-2020.txt scanrpt2-18-2020.txt
  9. Here are the files. malwarebytes is working now. Between my first post and your reply I restarted my pc, installed the .NET framework 3.5 and 4.8 cumulative update for 2-2020. When I tried to run Malwarebytes after restart it started to scan and then quit. MB restarted and I checked for an update which it needed so I did that. I was able to run a scan after the update. No detections. I typically have daily scans but my last one was 2/18/20. FRST.txt Addition.txt
  10. Malwarebytes will not open or run from shortcut of at the file location.
  11. Here is the log for scan with rootkits MWBlog.txt
  12. Widows defender still not running When I run Chrome with just a blank page I'm getting 11 Google Chrome process. I decided to run Edge for this replay at the same time and it has 9 processes. I did notice the "Tamper Protection" inside the "virus % threat protection settings" was switched to off after the last steps we completed. I turned it back on
  13. Hi Maurice I have completed the 2 steps you requested. FRSTEnglish and AdwCleaner. Logs attached AdwCleaner log report.txt Fixlog.txt
  14. OK I will run soon. BTW I keep having to change my password to access malwarebytes forums. After each passowrd reset the forum will not accept my passord on the next login. This applies to my laptop and iphone
  15. Hi Maurice when i open FRSTEnglish i get a yellow user control window that says "do you want to allow this app from an unknown publisher to make changes to you device? FRSTEnglish.exe Publisher: Unknown File origin: Hard drive on this computer Is it okay for me to click "yes"
  16. Hi Maurice To answer your first question, I am running Win 10-Pro with bitlocker. The defender offline scan did not finish. I have tried a couple of more times over the weekend and it would not even run. This mornig I decided to do a bit of research and I performed the following: I did all the steps on this post: https://www.howto-connect.com/windows-defender-not-working/ When I got to "System File Checker Scan: I got the following after the scan I then proceeded to check if defender had been turned off. I opened RegEdit. in HKEY LOCAL MACHINE I opened Windows defender. On the right panel there was there was no DWORD so I rightclicked and created one callin ot DisableAntiSpyware and gave it a value of "0" Once I did this I was able to run Defender offline scan but it again did not finish. Over the weekend I did run ESET Poweliks cleaner. The poweliks trojan seems to be related to the chrome.exe process I was having. The scan was negative. I have uploaded the logs file from the support tool as well mbst-grab-results.zip
  17. I decided to run an offline scan . The first time it started to run it quit on its own before it even started to scan. The second time it started like normal but gave me this screen which I’ve never seen before.
  18. Over the last few days when I’m running google chrome and I turn the volume up or down on my pc a large “chrome.exe” appears next to the typical vertical windows volume graphic. It only appears when I’m playing sound via chrome. I decided to see if I can turn it off. While doing some research I discovered that this is possibly a virus. One on the things the article said to look for was the amount of google chrome processes that are running in task manager. In task manager it says 13 separate chrome processes. The only window open was YouTube on one test and Hulu on the other. I’ve scanned with both Malwarebytes and defender. They turn up nothing. suggestions?
  19. Sorry to keep bothering you.. I just saw the other thread where the trojan.passwordstealer was a false positive. Since mine didn't go to quarantine do i have anything to worry about? I saw in that thread that someone deleted the quarantined and then had to go back and run some sort of CMD to fix. Does this apply to me? Or am i good to go?
  20. Just so i understand... The false positive is the 2 Trojan.passwordstealer threats MWB found? They never went to quarantine. The 4 trojan.kotver did go to quarantine and i deleted them already
  21. I purchased MWBp on 10/4 because i did and offline defender scan that said "potential harmful threats found" or something like that. Within windows defender no threats were logged. My first scan with MWBp detected the following (report) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/4/18 Scan Time: 1:16 PM Log File: 9d9d9a94-c801-11e8-ab55-a08cfd2bda7c.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7185 License: Trial -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: LAPTOP-Q0H0G4LM\Doug -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 349452 Threats Detected: 4 Threats Quarantined: 4 Time Elapsed: 10 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Trojan.Kovter, C:\USERS\A***\APPDATA\ROAMING\Microsoft\Windows\Recent\firefox-update.lnk, Quarantined, [6261], [447252],1.0.7185 Trojan.Kovter, C:\USERS\D***\DOWNLOADS\FIREFOX-UPDATE.JS, Quarantined, [6261], [447252],1.0.7185 Trojan.Kovter, C:\USERS\A***\APPDATA\ROAMING\Microsoft\Windows\Recent\firefox-patch.lnk, Quarantined, [6261], [444098],1.0.7185 Trojan.Kovter, C:\USERS\D***\DOWNLOADS\FIREFOX-PATCH.JS, Quarantined, [6261], [444098],1.0.7185 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) These were quarantined and deleted. All scans clear since. I've been using MWB Anti-rootkit BETA as well and its been clean. I created a custom scan to include rootkits on 10/7. As the log below will show it took 8hrs to complete and when i woke up this morning it showed 2- Trojan.passwordstealer detected. I ofcourse for got to check "quarantine" when i setup this scan. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/7/18 Scan Time: 8:48 PM Log File: 3e33327e-ca9c-11e8-bad0-a08cfd2bda7c.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7237 License: Premium -System Information- OS: Windows 10 (Build 17134.285) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 494379 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 8 hr, 26 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.PasswordStealer, C:\WINDOWS\SYSTEM32\TCPSVCS.EXE, No Action By User, [3569], [578625],1.0.7237 Trojan.PasswordStealer, C:\WINDOWS\SYSWOW64\TCPSVCS.EXE, No Action By User, [3569], [578625],1.0.7237 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) My followup scan was clean. My question is... were these "passwordstealer" removed? Is it safe for me to use this computer for logging in to sensitive accounts that I have for work?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.