Jump to content

Maurice Naggar

Experts
  • Content Count

    17,386
  • Joined

  • Last visited

5 Followers

About Maurice Naggar

  • Rank
    Eradicator de malware emeritus

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

75,555 profile views
  1. I am going ahead and marking this case for closure. I am happy to have helped you. Sincerely,
  2. You are very welcome. Just to make clear, there was no actual "virus". It was a harmless leftover in the Windows registry. I am glad to hear the good news. Glad to help you. If you need something else, at this point, let me know. Each pc user needs to practice daily safe computer and internet use. Safer practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. Check in at http://windowsupdate.microsoft.com Windows Update and install any Important Updates offered. Make certain that Automatic Updates is enabled. https://support.microsoft.com/en-us/help/12373/windows-update-faq Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" All best wishes to you. Maurice
  3. OK 😎 The Windows 10 build 1903 is metered by Microsoft. So if it does not show up today ( when you do your Windows Update check run), try again tomorrow at the top of the hour. You eventually will see a display like this on Windows Update. When you see it, click the blue line "Download and install now". I wish you all the best. Sincerely, Maurice
  4. Hi, Just so you know, there is no need to press the "Quote" button when doing a reply. You and I are the only ones on this thread-topic. Lets do a special custom fix. This will remove the 1 registry line tagged by Adwcleaner. I am sending a custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder The tool named FRSTENGLISH is already on the Downloads folder. Start the Windows Explorer and then, open the Downloads folder. Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt with your reply. Then you may do a new run with Adwcleaner. Sincerely, fixlist.txt
  5. That is good news. So far, there has been no confirmation of malware infection. This last run is a confimation. Plus, we had you run the MBAR standalone anti-rootkit, which reported no malware. { I presume that now, you have Windows 10 running in normal mode.} At this point, since the reports indicated this Windows 10 is on build 1809 ( from fall 2018), I would urge you to get the Windows 10 build 1903 / May - June 2019 release version. Thru Microsoft Windows Update. Your Windows system will run better with it. The Windows 10' May-June 2019 Update is ready available to download and install from the Windows Update page in Settings. Choose a time that works best for you to download the update. You'll then need to restart your device and complete the installation. After that, your device will be running Windows 10, version 1903. To manually check for the latest recommended updates, select the Start button, then select Settings > Update & Security > Windows Update . Sincerely.
  6. Just to be clear, the line item tagged by Adwclear is just a leftover line entry in the registry. It has no payload of any sort. No file is involved of any sort. It poses no danger. It is just a "classes"\interface entry in registry. HKLM\Software\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
  7. Hi, @GearHAVOC384 My name is Maurice. I will be helping and guiding you, going forward, on this case. We need to get information from this machine in order to have the proper detail to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.4.0.615.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Thank you.
  8. @Aebruce1 Glad to hear of this news. I am glad to have helped. If you need anything else, at this time, let me know. Best regards to you. Maurice
  9. Thanks for the Fixlog. OK. You have the other 2 tips: Malwarebytes scan & Adwcleaner. If you need other help at this time, let me know. . Look at the following Blog article & turn off push notifications for Chrome, Firefox, Edge, Opera https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ . I would suggest to install the Malwarebytes beta Chrome extension, It will help protect your Chrome from adware & from dodgy websites. Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. . If you need other help at this time, let me know. I am glad to have helped you. I will mark this case for Closure. My best to you.
  10. Thanks for the report ! This pc has Brave browser as the default browser. Lets be sure to delete Cache files in that browser ( as a starter). You can do this via History menu > Clear Browsing Data… or using Ctrl + Shift + Delete keys on the keyboard. And it will open the following dialog. Flip the switch for Cached image and file then click Clear button. [ 2 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close BRAVE browser and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner. Please download the current release for Malwarebytes AdwCleaner from here: https://downloads.malwarebytes.com/file/adwcleaner Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. You should then see a screen showing "Scan results". Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked. (NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . ) When ready, click on the button "Clean and repair". If prompted to restart then click on "Clean & Restart Now". When You see screen with "Your cleanup is complete", click on the View Log file button. It should then show as a open window in your text editor ( normally Notepad). Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder. Kindly provide a copy of that run report. Attach it with reply. When done with Adwcleaner, click the X button to Exit out. [ 3 ] This pc has Webroot Secure Anywhere. It needs to treat Malwarebytes as a trusted application, so we can rule out any conflicts with Malwarebytes. Could you also try configuring mutual exclusions in Malwarebytes and Webroot Secure Anywhere. The article linked below lists out the Malwarebytes files/folders to add as exclusions in Webroot: https://support.malwarebytes.com/docs/DOC-1123 For instructions on configuring exclusions in Malwarebytes, please refer to: https://support.malwarebytes.com/docs/DOC-1130 Folders to add: C:\Program Files\Webroot C:\Program Files\Common Files\Webroot C:\ProgramData\WRData Files to add: C:\WINDOWS\System32\drivers\WRkrn.sys C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys Be sure the computer is restarted afterwards and check if this has any impact. Keep me advised. We can do more later, as needed. Thank you,
  11. This screen is quite similar to what you saw before. I would try one time to click on Install anyway. And proceed forward hopefully IF that does not work, Dismiss that box. See if you can Restart Windows 10 into "Safe mode WITH Networking" & once in there go back and retry the Microsoft Safety Scanner. you can temporarily ( just only for limited purpose) put the system into Safe Mode with Networking, which would hopefully allow means of doing some diagnostic reports ( later). Let us see if you could simply just get this machine into SAFE Mode or Safe mode With NETWORKING just so we could look around. That would be strictly temporary. *Do unplug all devices from your computer, including: Printers, scanners, copiers, external attached devices, etc.* *The only devices you should leave attached to your computer are your monitor, mouse and keyboard, if the computer is a desktop.* *And if this PC is a laptop or notebook be sure it is directly connected to Power with power cord.* Turn off your pc. Wait about a minute. Restart your pc. And right away, tap & retap the F8 Function-key on your keyboard. You should see Windows Advanced Options menu. Select Safe Mode with Networking NOTE: if the F8 function key-method did not prove usable, some systems may use F5 instead. And on some systems you may need to press the F2 function key to get hardware boot options.
  12. Thanks for the report. There are website block notices. The pc is being protected by the website protection ( while the program is in Trial mode). We are going to do a few procedures here. Just keep going down the list. [ 1 ] I need you to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] Lets do a special custom fix. This will remove "mail.ru" from the Start / home page setting in Chrome. Later on, you can set your own choice. I am sending a custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder The tool named FRSTENGLISH is already on the Downloads folder. Start the Windows Explorer and then, open the Downloads folder. Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. [ 3 ] Run a scan with Malwarebytes. Start Malwarebytes from the Start menu. Click Settings. Then click the Protection tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Click it to get it ON Click the SCAN button. Select a Threat Scan ( which should be the default). When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long. and again, be sure all detected items are removed. Let it remove what it has detected. [ 4 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close CHROME and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner. Please download the current release for Malwarebytes AdwCleaner from here: https://downloads.malwarebytes.com/file/adwcleaner Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. You should then see a screen showing "Scan results". Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked. (NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . ) When ready, click on the button "Clean and repair". If prompted to restart then click on "Clean & Restart Now". When You see screen with "Your cleanup is complete", click on the View Log file button. It should then show as a open window in your text editor ( normally Notepad). Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder. Kindly provide a copy of that run report. Attach it with reply. Also attach the FIXLOG.txt from the earlier task. When done with Adwcleaner, click the X button to Exit out. Thank you. fixlist.txt
  13. Hi, My name is Maurice. I will be helping and guiding you on this case. I will be helping and guiding you, going forward. IF this machine runs on Windows XP, please stop and tell me about that. We need to get information from this machine in order to have the proper detail to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.4.0.615.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Thank you.
  14. Hi Thank you for providing the Support tool report. Please try uninstalling and reinstalling Malwarebytes for Windows using our Support tool. Let me know if that clears up the issue or not. Uninstall and reinstall using the Malwarebytes Support Tool https://support.malwarebytes.com/docs/DOC-2674 Let me know the situation after this is done. I noticed this pc also has Avira Antivirus. I may suggest some exclusions, later, ( if there is still an issue on anti-ransomware) on Avira so that it treats Malwarebytes Premium as a trusted application.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.