Jump to content

Maurice Naggar

Experts
  • Content Count

    24,217
  • Joined

  • Days Won

    2

Maurice Naggar last won the day on September 15

Maurice Naggar had the most liked content!

Community Reputation

7 Neutral

About Maurice Naggar

  • Rank
    Eradicator de malware emeritus

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

84,945 profile views
  1. Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please understand we cannot have any idea what is going on without collecting a full set of reports & configuration & install history of Malwarebytes. It perhaps may be related to manual deletions done by you. It may perhaps be related to the status of this Windows 7 installation. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please o
  2. Very good, this Malwarebytes for Windows scan run found no malware. Kudos also on the MS Windows Defender result. I am very pleased to hear these results, plus, needless to say, the success in getting the very latest released Windows 10 version. Now we can cleanup on the tools I had you use, and after that, a few other safety & best practices tips to stay safe. . Delete msert.exe Delete fss.exe Delete the ESET download file esetonlinescanner.exe To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a R
  3. Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Let me know what first name you prefer to go by. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. Please only just attach all report files, etc that I ask for as we go along. Please know I help here as a volunteer. and that I am not on 24 x 7. Do be aware that Windows update failures are not necessarily due to malware. This is just one starter procedure. We will be needing to do multiple exchanges on this
  4. Good morning. Thanks for the fresh FRST reports. Congratulations, this system is running on Windows 10 Home Version 2004 { Build 19041.508 } That is the very latest, including the MS updates for Sept 2020. yay 👍💢 The reports are good. Just wanted to review. I am going to list a few things to do here and other tips. And I would like for you to do one scan with the Microsoft Windows Defender antivirus soon, when you get the chance. At this time, see about doing a Create System Restore Point with the Windows System Restore app. See Option One in the
  5. Bravo. Kudos. That is so very good news. I would like a fresh readout report so I can review. FRST64 is on the Downloads folder. Run report with FRST64. Go to the Downloads folder. Right-click on FRST64 icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is
  6. That's good to know. How is it going today ? Here are tips on keeping your web browsers safer. Make time and read all of this. apply the tips. See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". If this pc has th
  7. You can always scan with your resident antivirus app. The Windows Defender that is on this Windows 8.1 and, needless to say, do a scan with Malwarebytes for Windows. . Here are tips on keeping your web browsers safer. Make time and read all of this. apply the tips. See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or E
  8. Thank you for the scan-result-report from the ESET Online scanner run. Really. That is a very good catch by that tool. I notice it found some items that mention "utorrent". Please stay out of any 'torrent' related apps. All those files wre ".tmp" files in a TEMP folder. There is no need for any .tmp files in that folder. Lets do a onetime cleanout Open an elevated command prompt window i.e. run Command Prompt as an administrator . It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is To Get the elevated command prompt, press Windo
  9. I suspect there are glitches ( one at least, likely more) on this Windows installation. Glitches can be due to different reasons & not necessarily any 'malware'. A refresh operation using the REFRESH option of Windows 10 is one possible thing that may be tried ( later) and or a attempt at a Windows repair in place. But for now, just to do a different virus-scan check is a good idea at this point. Lets do this first & lets hold off on any other measures. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/
  10. Thanks. Lets see if you can set a Outbound rule for the Windows Firewall to Block the IP address 109.234.34.30 Open an elevated command prompt window i.e. run Command Prompt as an administrator . It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) On that command prompt, Copy & Paste this command netsh advfirewall firewall add rule name="BLOCKED IP" interface=any dir=in action=block remoteip=109.234.34.30
  11. All these recent hiccups do not make for a good feeling. I sort of suspect this system's situation may call for more serious actions. There is one other way to get the REG file merged in. Lets go slow & careful here. Start REGEDIT. { You can get the RUN option by pressing & holding the Windows-key on keyboard & then tap the R key. Then in the box, type in Regedit & then tap Enter key) When prompted by Windows , click YES to allow it to start. Look on the Regedit menu bar & then select File Then select Import. When prompted for filename, navigate
  12. Very good. That one entry is now gone. Monitor the system over the rest of the day & tomorrow. I want to know if the block notices have ceased. If they have not, I need to have the IP address & the domain ( if that is shown ) Those can be retrieved from the Malwarebytes logs Open Malwarebytes for Windows. Click the Detection History card. Click the History tab. Hover your cursor over the report you want to view and click the eye icon ( ). A Summary window displays to show the threat details, the protection date and time, and the ac
  13. OK, Thank you for that. There was just one issue, unfortunately, the attempt to get Windows Defender service entry failed. Let's try a different way. That can be corrected by doing what follows here. This next link listed below is to a registry file that we need for you to SAVE as is to the Desktop RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to DESKTOP ( do not double click / do not 'run' the file / nor open ) https://download.bleepingcomputer.com/win-services/win-10/WinDefend.reg Once i
  14. Thank you for the reports. There is one registry entry ( seemingly related to Notepad ) that is not needed & is atypical. I do not believe the entry itself poses any sort of potential harm. This next procedure is to remove that registry line. You should delete the old file saved named Fixlist.txt on the Downloads folder. I am sending a new one here. This custom script is for Dzseti only / for this machine only. Close and save any open work files before starting this procedure. I am sending a custom Fix script which is going to be used by the F
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.