Jump to content

Maurice Naggar

Experts
  • Content Count

    20,453
  • Joined

  • Last visited

About Maurice Naggar

  • Rank
    Eradicator de malware emeritus

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

79,245 profile views
  1. @AdvancedSetup I am really not up-to-date on the current outstanding "holdups" ......but I recall there had been recent ( last fall to November or so) advice for users whose pc's had either Avast or AVG antivirus. For anyone who has those, see about getting the latest from the AV maker Avast support KB article AVG support KB article To BillH99999 you may consider a manual Windows Update run at the Top of the hour. If you still dont get the January 2020 cumulative update, then you may pull it down ( save first then run) from the MS Download Catalog http://www.catalog.update.microsoft.com/Search.aspx?q=KB4528760 Just be careful to pick the one for your Build And for the bit-ness of your Windows ( ie, x86 for 32-bit, x64 for 64-bit, ARM64 for ARM system) For Deucy14, if yours is still on Build 1903 .... then Do a new Windows Update manual run at the top of the hour so that hopefully you get offered the build 1909
  2. On that last machine, you can consider an attempt to setup Windows 10 as a totally new / clean install ( ie, NOT keeping any files or apps) by using a USB made with the Microsoft Windows Media Creation tool, having the BIOS boot from that USB to kick off that new Windows 10 clean install. Remember my suggestion to first have saved all personal files & documents elsewhere. . Which one is your Dad's machine ? was it one of those we already looked at ? I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe. FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST. 1: Please download FRST from the link below and save it to your desktop: "Download link for 32-Bit version Windows" "Download link for 64-Bit Version Windows" Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Run report with FRST Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Thank you.
  3. Hi. Thanks for the screen grab. Any ,tmp file is game for deletion. Lets do this following custom script to remove these .tmp files along with other temporary files. Start NOTEPAD { you can press Windows-key+R keys to get the RUN option and then type in NOTEPAD.exe and press Enter key to start NOTEPAD. Check and make sure "word wrap" is off. From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked. IF it -is- checkmarked, click that one time so that it is un-checked. Please copy/paste the lines below to Notepad: @Echo on pushd\windows\system64 del /q c:\windows\syswow64\00026658.tmp del /q c:\windows\syswow64\00027001.tmp del /q /s c:\windows\syswow64\*.tmp pushd\windows\system32 exit now Save as flush.bat to your desktop. Close Notepad. Using Windows File Explorer, go to the Desktop. RIGHT-click flush.bat file with the mouse pointer and select RUN As Administrator to start it. Reply YES to allow the process to proceed when prompted by Windows. allow it to go forward. . I would suggest that after this, you run this scan with a Microsoft scanner. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your reply. .
  4. Let me know the result of the SFC scan later .... as you get the time ... no rush. For the time being & until such time as I ask otherwise, Allow me to ask you to keep the Malwarebytes web protection Off. Start Malwarebytes. Look on the pane on the far right. Look for Web protection. Be sure it is shown on the far left ( indicating OFF). Then, click the Settings ( gear) icon Then click on the tab "Notifications" Be sure the second line is set to off ( far left) for "Alert me if any real time modules are turned off" Assurez-vous que la deuxième ligne est désactivée (à l'extrême gauche) pour "M'avertir si des modules en temps réel sont désactivés" Close Malwarebytes after those adjustments. You have indicated to me that your internet access is doing normal when the web protection is off. Let us keep it off for the duration. I am looking forward to the result from the System File Checker. After I hear from you, I plan to go thru some new checks with you, starting with this one here. I just want to be sure you login into Windows with the gabri account which has administartor-level access rights in Windows. To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) On that command prompt, Copy & Paste this command whoami and then tap the Enter-key. Just let me know what the screen showed. Thank you for your continued patience.
  5. Please do not be scared. Please understand that this is just some glitch or so on the Windows system. There is no call for even mentioning scares. Also, let us not be overly fixated. Whatever "it" is is eventually fixable. Dont allow this to be a "focus" of "worry". I mean, take some deep breaths, take a break, take some walks. Please know that I am not on 24 x 7. Also that I and likely you are in need of a break for fresh air and consideration. Let us do a first basic recheck at this point. Lets kindly go easy and slow. Close any opened web browser pages that you do not need. This procedure will use the Windows System File Checker tool ( SFC ). Open an elevated command prompt window i.e. run Command Prompt as an administrator . It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) On that command prompt, Copy & Paste this command sfc /scannow and tap Enter-key and allow it to run.
  6. Thanks for the screen grab and for other info. As a sidenote, I encourage you to apply the last bits of advice to each of your web browsers. That is regardless of the current issue. It is a great idea to strengthen protections on each browser ! . Now then, I am still mystified why this message keeps on showing up. As well as not being sure the source....though I suspect it is the Windows O.S. Now then, go slow / careful / judicious....Read this article at WinHelponline forum about resetting the firewall rules and resetting the firewall thru a elevated command prompt. Start at the top of article https://www.winhelponline.com/blog/reset-firewall-defaults-restore-rules-advanced-security/ You are able to use the system and do what is needed. We need to step back and not rush about. just saying honestly.
  7. Thanks for the Adwcleaner report. about the Does that show by itself ? or else, are you doing some sort of lookup? and can you do a screen grab of this message box? I take it that the Windows system is working ok for you. That you are able to use your web browsers and other apps. Now.....this is just normal advice and good practice. It does not of itself cure the "firewall" message you have been describing. See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard Firefox extension. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ Then proceed with the setup. That link is for English US. There are other language version. Just go to the very bottom right of the page and look at “Change language” list drop down.
  8. Regret the trouble. Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be very sure to first SAVE the download.
  9. Note, I did not say the system is clean. I tried to convey that I do not think there is a "malware infection". Thanks for the mbst report. Can you please try this: 1. Go to https://www.malwarebytes.com/adwcleaner/ 2. Download and launch the tool 3. Go to settings and tun on the following option under Basic Repair Actions: "Reset hosts file" 4. Click on Scan now and click on Run basic repair. 5. Reboot machine.
  10. I do not believe there is a "malware infection. One big point I would like to relay: Lets slow down a bit, take things at a slower pace. One of the next things I would like to try is a special repair operation using the Malwarebytes Support tool. That tool is named mb-support-1.5.3.749.exe and it is on the Downloads folder on this machine. First, close as many opened windows that have been opened by you ....so that you have clear fields of view. Using Windows File Explorer open your Downloads folder Double-click mb-support-1.5.3.749 to start the report tool. Click YES to allow Windows to proceed to run this tool. If prompted, place a checkmark next to Accept License Agreement and click Next. Now, click the ADVANCED button at the left side. Next, Look for the far right pane titled Repair system. Put a tick mark on each of the 4 check-boxes. Then click the button "Repair System". Do have lots of patience. I am hopeful this will help out. Keep me advised. Keep faith. Your continued patience is appreciated. If needed, later on, we can take other measures ....... as needed. Sincerely,
  11. Very sorry to learn all this. Lets get a fresh readout report. The FRST64 tool is on the Downloads folder. Run report with FRST64 Right-click on FRST64 icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Thank you.
  12. Sorry, but the ping should be run from a Command prompt. Open an elevated command prompt window i.e. run Command Prompt as an administrator . It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) On that command prompt, Copy & Paste this command ping bing.com .tell me if that succeeds.
  13. Thanks. Lets do this next. Start NOTEPAD { you can press Windows-key+R keys to get the RUN option and then type in NOTEPAD.exe and press Enter key to start NOTEPAD. Check and make sure "word wrap" is off. From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked. IF it -is- checkmarked, click that one time so that it is un-checked. Please copy/paste the lines below to Notepad: @Echo on pushd\windows\system32\drivers\etc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset resetlog.log shutdown -r -t 1 del %0 now Save as flush.bat to your desktop. Double-click flush.bat file to run it. Your computer will reboot. After Windows is restarted, wait for a couple of minutes for the system to settle in. Then do a basic check using the PING applet Start NOTEPAD { you can press Windows-key+R keys to get the RUN option and then type in ping bing.com .tell me if that succeeds.
  14. Lets take a look at the status of several Windows Services, using the Services applet. Please be sure that you are logged in to Windows with a login that has Administrator-level rights. This Windows seems to have a issue on some specific Windows services. I need for you to have pen and paper handy and take notes on what follows, please. Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option. type in services.msc and press Enter key. Scroll down the list. Look for "Background Intelligent Transfer Service". Does it show in the list as Running? If it does not, then click the line "Background Intelligent Transfer Service " to be sure it is selected look on the upper left corner and click on Start service. . Scroll down the list. Look for "Base Filtering Engine". .Does it show in the list as Running? If it does not, then click the line "Base Filtering Engine " to be sure it is selected look on the upper left corner and click on Start service. . Scroll down the list. Look for "Remote Procedure Call ( RPC ". Does it show in the list as Running? If it does not, then click the line "Remote Procedure Call ( RPC ] to be sure it is selected look on the upper left corner and click on Start service. . Scroll down the list. Look for "Windows Defender Firewall". Does it show in the list as Running? If it does not, then click the line "Windows Defender Firewall: to be sure it is selected look on the upper left corner and click on Start service. . Scroll down the list. Look for "Windows management Instrumentation". Does it show in the list as Running? If it does not, then click the line "Windows management Instrumentation: to be sure it is selected look on the upper left corner and click on Start service. Close the window when done. Kindly relay to me all details. Thank you.
  15. The new external drives come typically with backup software. The Western Digital do for sure. And I bet so does Seagate. I listed before for you the link to Macrium which has free version. This hardware has this micro-processor on the systemboard Intel Pentium CPU B960 @ 2.20GHz, 2200 Mhz, 2 Core(s), 2 Logical Processor(s) I cant tell what year it came out. The RAM memory is 4 GB ( 4 gigabytes ) which is ok, but very near the actual minimum recommended. You can add more RAM on the systemboard if you wanted to. This Microsoft page lists the minimum hardware required for Windows 10 https://www.microsoft.com/en-us/windows/windows-10-specifications#primaryR2
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.