Jump to content

Maurice Naggar

Experts
  • Content Count

    21,470
  • Joined

About Maurice Naggar

  • Rank
    Eradicator de malware emeritus

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

80,538 profile views
  1. Thank you for the Adwcleaner report. Overall, that result is very encouraging. Now, a new scan with Malwarebytes for Windows. I would like you to do a new scan with Malwarebytes for Windows. One of the major goals here is to have it remove all that it detects. If it finds anything that is. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Look for the section "Automatic Quarantine". Be sure it is clicked On ( to the far right side) Then scroll down to the section Potentially Unwanted items. We need the next 2 lines ( for P U P & for P U M) to be set to "Always ( Recommended) ". You can make the change by clicking on the down-arrow selection list-control. We want all P U P & P U M to be marked for removal. Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 [ 2 ] Next, a scan with a Microsoft scan tool. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your reply. Do let me know, after that, How things are overall. Cheers. Maurice
  2. Hi. Thanks for the support-tool-report. I am listing several steps below. Dont get spooked. Do as much as possible of all of it, And keep going down the list. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 6 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Thanks. Keep me advised. We will do more later.
  3. No, do not uninstall Malwarebytes. Please just follow my guidance as we go along. It is going to take a few rounds to get some things cleaned out. What Malwarebytes found and removed are a few P U P ( potentially unwanted "add-ons" ) that also hapen to be related to Chrome history. Please keep going down this list and do as much as you can. But in any event, keep on going down the list. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 6 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Thanks. Keep me advised.
  4. Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. I would appreciate getting some key details from this machine in order to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Do have patience while the report tool runs. It may take several minutes. Just let it run & take its time. You may want to close your other open windows so that there is a clear field of view. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.5.4.760.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. Again, please be sure to ONLY attach report files with your reply (s) as we go along. Do not do a copy / paste into main body. Thank you, Sincerely.
  5. PS. Please do not download any games or anything else on your own. The Malwarebytes scan of April 4 found a lot of malware Trojan.StolenData PUP.Optional.ProxyGate RiskWare.ProxyGate RiskWare.GameHack.Generic PUP.Optional.BitCoinMiner Backdoor.Bifrose ( whose remainders are involved currently for those website block notices) So, no game playing, no new downloads ( unless I guide you to them), no shopping, no banking online. If you have questions, ask me first. It is quite possible your identity and or some financial accounts ( if your credit card or bank account numbers are stored on this machine ) may have been exfiltrated - stolen.
  6. Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. Thank you for providing the MBST support tool report ! . The web protection of Malwarebytes Premium is protecting your system. For Your Information: The Block notices from Malwarebytes web protection do mean that Malwarebytes Premium is keeping your pc safe from potential harm. A block notice is an advisory of the "block". It indicates that a potential risk was blocked by the malicious website protection. The Malwarebytes web protection, by default, will always show each block occurrence. The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC. See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done. On Outbound blocks, any attempted connection was stopped. No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts. . There are 2 very extremely suspicious tasks "windows update verifier" that use wscript & at least 3 batch files associated to this. Please Close and Save any open work you may have open. Please close as many un-needed app-windows that you yourself may have open at this point. So you can have a clear field of view. You did not save the FRST64.exe on a regular folder. So you will have to be extra careful. You have FRST64 in this folder C:\Users\Gary\AppData\Local\Temp\mwbAD24.tmp This custom script is for garysoh only / for this machine only. Close and save any open work files before starting this procedure. Please Close and save any open work files before you start this next step. It will involve a Windows Restart at the end of it. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the C:\Users\Gary\AppData\Local\Temp\mwbAD24.tmp folder The tool named FRST64.exe tool is already on the Downloads folder Start the Windows Explorer and then, to the C:\Users\Gary\AppData\Local\Temp\mwbAD24.tmp folder RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Fixlist.txt
  7. Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please know that on this thread, we will work on only just one machine. The one for which you supplied the report above. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. Please do all that I list below, as first steps. You mad no mention at all of the specific PUP detail ( it would help to get all the Malwarebytes history ....or at minimum a copy of the last Scan report). I would like you to do things in the following order. [ 1 ] The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your reply. [ 2 ] I would appreciate getting some key details from this machine in order to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Do have patience while the report tool runs. It may take several minutes. Just let it run & take its time. You may want to close your other open windows so that there is a clear field of view. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.5.4.760.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. Again, please be sure to ONLY attach report files with your reply (s) as we go along. Do not do a copy / paste into main body. Thank you, Sincerely.
  8. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  9. Good day to you. I hope all is well. Just curious if you saw by last reply from last Thursday.
  10. Hi. OK. Please just be careful as to how you do the "reinstall" of Windows. There is a way to do a "repair in place" for Windows 10. You may do a Windows 10 "repair install" by following a guide article at Tenforums. The title is "How to Do a Repair Install of Windows 10 with an In-place Upgrade" https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html Study that article first. Get familiar with it. Read the top of the article. & also study all of step 6 You will need a USB-thumb-flash drive. Where you will use the Microsoft Media Creation tool. ( which will be where the Windows 10 setup media will be saved ). You will do the download from Microsoft. You will do step 6: To do a repair install of Windows 10 with Media Creation Tool. Essentially this repair is intended to be done in-place over the current Windows install. You want to select "Upgrade this pc" You want to "keep personal files and apps" ( all of this is shown and described in the article )
  11. [ 1 ] It may just be that the settings in Windows File Explorer is not fully set to show ALL folders, all system files, etc including hidden files / folders Open Windows File Explorer. Select View from its top menu bar > click Options on the icon at the far right-side > Change folder and search options ( from the drop down ). on the next multi-tab mini-window Select the View tab and, in Advanced settings, select Show hidden files, folders, and drives and OK. [ 2 ] About the Windows Defender actions, lets not change anything there. Lets get a fresh current report from FRST & let us see about any entries in Windows logs by the Windows Defender. The report tool FRSTENGLISH is already on the Downloads folder. Run report with FRSTENGLISH Right-click on FRSTENGLISH icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. abd then Keep ging down this list & Do the following. [ 3 ] Let's use a different ( free) antivirus scan tool to check this system. I would suggest a free scan with the ESET Online Scanner Go to https://www.eset.com/us/home/online-scanner/ Look on the right side of the page. Click Scan Now It will start a download of "esetonlinescanner_enu.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”.
  12. Hello @Doctorcos Any unintended confusion is to be regretted. Going by what you wrote at the top Malwarebytes can only update itself. You have the free version. The free version of Malwarebytes can be updated manually by you going to Settings and clicking on "Check for Updates" in the Malwarebytes program. Malwarebytes will also update the definitions at the time that you start a Scan ( in Malwarebytes). The Malwarebytes program is entirely separate and has nothing to do with Microsoft Windows Update. The "check for updates" section in the Malwarebytes program is strictly only for Malwarebytes. H T H Cheers.
  13. PS. After getting the support zip file done. I notice your program is a bit behind in the Component package version. Mine is on the very recent C U 1.0.867 Start Malwarebytes. Click Settings icon Look on the General tab & click on Check for Updates. Let us know the result.
  14. Hi @frozen Look at post # 1, click on the "technical" issues there to see the directions to get & run the Support tool. The researchers /internal team will want to be able to see all the logs from the program. So....please get , run the support tool. Attach the ZIP file when all done. Seems like something is off on that machine. I just got Firefox 74.0.1 update / ran a quick scan & regular Threat scan & got no flagging of Firefox.
  15. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.