Jump to content

Maurice Naggar

Experts
  • Posts

    27,094
  • Joined

  • Days Won

    62

Everything posted by Maurice Naggar

  1. Hello. Thanks for the information & remarks. Just so you know, when trying to go to that link, I get a 404 exception ( page not found ). By the way, on my own systems, I do not have startup pages set to a specific "site" ( except for browsers that simply have a basic search engine).
  2. Note that this sub-forum is about hunting for & removing malware on Windows system. Cant be much help on actual hardware nor cooling fans for hardware. Also note: when Windows pc comes out of sleep mode, it is normal for you to hear a bit of whirring as hardware comes back to life, especially if disk is non-SSD type. . We can use a different scanner to look for viruser, trojans, malware. [ 1 ] Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  3. I am happy to read that the 2nd run of Spophos found nothing. Now to uninstall Sophos tool. 1. Press & hold the Windows key on keyboard & then tap the R key to open the Run box-windoww. 2. Type appwiz.cpl and tap Enter. The Programs and Features window will appear. Locate "Sophos virus removal" on the list. Click the line once with your mouse pointer. Now do a RIGHT-click on it and then select Uninstall. and follow thru to have it uninstalled. When done, close the window for Programs and Features. . Next The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  4. This is for Jimmie only ! Hello @Jimmie My name is Maurice. Porthos has advised me you need specific assistance. This here is to help you remove one BitDefender driver that is still on your system. Please do not be using other apps or web browsers during this next procedure. Only use web browser for purpose to get to this forum. [ 1 ] As a next basic step, Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] We will use FRSTENGLISH.exe on Downloads folderr to run a custom script. The system will be rebooted after the script has run. This custom script is for JIMMIE only / for this machine only. This custom script is intended to remove 1 BitDefender driver. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the C drive user Download folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. You will see a green progress bar start. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity After the system has restarted & Windows has settled back in, please advise as to the original issue. Cheers.
  5. Please get for me, the full PATH location of where the Adwcleaner is at preset, as well as its file-name on disk. Also, did you write down the exact message that is shown when it fails to start ? what do you see ? The file can be saved anywhere as long as it is a regular user folder. You can have it in a special-named folder of your own. What I was alluding to is the one place we do not want it to be is any "temporary" folder. Again, what did Windows show as the "error text"? If you could follow this special procedure, it would help for the long run. For Adwcleaner we would like for you to turn On it's Debug log option. See https://support.malwarebytes.com/hc/en-us/articles/360038520134-Malwarebytes-AdwCleaner-Application-settings In Adwcleaner, in Settings section, at "Mode" , turn ON the generate debug log. Then do a new scan in Adwcleaner.
  6. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  7. Hello. Since this case is resolved, these are the cleanup steps for the tools used. To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete mbst-grab-results.zip Delete mb-support-1.8.x.xxx.exe Delete Securitycheck.exe You may delete any other download file that we had asked you to do. All best wishes.
  8. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  9. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  10. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  11. Hello @ThomasZ3 Thank you for that good news. We can proceed with cleanup of tools we used. To remove the FRST64 tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Any other download file we had you download, you may delete. I wish you all the best. Stay safe. Sincerely. Maurice
  12. Thank you for that. The Malwarebytes for Windows on this machine is Versión: 4.3.0.98 / Versión de los componentes: 1.0.1358 I want to guide you to doing 2 update runs so that this pc has the latest version, and on the latest Beta version. Start Malwarebytes for Windows. Click on the Settings ( gear icon) Now click on the tab "General". Then scroll up a bit. and then click on "Check for Updates " button. Watch & follow all prompts. That ought to do a check with the update server, and hopefully offer the newest component update. . Click Settings. In the General tab, scroll down to the Beta updates toggle. Click the Beta updates toggle. In the pop-up window, click Enable Beta Application Updates. scroll up a bit. and then click on "Check for Updates " button. This is a second run to get that Beta. Watch & follow all prompts. Hopefully this will get the program to Beta version 4.4.4.126 and component package 1.0.1404 Keep me advised on that. Close Malwarebytes when done. This version has added protections. . On this next program download, first take precaution to close other apps that are open ( with open windows) so as to reduce chances to lose a place between screens. Be sure to SAVE the download to a known permanent folder, maybe even a new one just for Adwcleaner. Watch that the download is fully completed. Then close the web browser. Download Adwcleaner like in this guide https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Close the browser. and only after that, go to the folder. Then start Adwcleaner. advise me of the folder-name where you saved the EXE file.
  13. Hello @Jocelyne Do you need help still ? How is the situation on this pc ? Have you done scans with Malwarebytes for Windows ? and with Malwarebytes' Adwcleaner ? Please let me know if you need assistance. By the way, Malwarebytes for Windows does not monitor email accounts nor scan email messages. Cheers.
  14. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  15. Hello @moetee My name is Maurice. Let me know what nickname you prefer to go by. Both Malwarebytes for Windows and ESET Security are top notch security apps. You report Lets begin by focusing on Chrome browser & insuring to clear all cache & history & insure it does NOT start with reloading prior session + other measures to beef it up. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 6 ] I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Sincerely.
  16. You wre looking in the wrong folder. It is NOT under "Program Files" !!!! It will be under C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Not real sure if you told me that you were doing a second run with Sophos Virus Removal tool. BUT. When the run has completed. Just insure that the File Explorer was newly started. That you go ( anew) to sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Look for the sub-folder Logs in that sub-folder look for file named SophosVirusRemovalTool.log It seems to me that your screen-grab may not be showing all folders. Click once on the column headed "Name" & repeat a second time. Make sure the window is in full screen. You need to be looking for the LOGS sub-folder. . If you find the log, then fine , attach that file with your reply. If the scan has completed & you still cant find the log, lets just stop & put this aside.
  17. Good morning. Lags & stutters, it ought to be pointed out, can simply be indicators that normal pc housekkeping needs to be done. Things like emptying out all browsers' cache files & temporary files. Maybe the disk has got lots of trash files that slow it down. Perhaps its also a good time to make sure that Windows is fully up to date with Microsoft Updates. Also, all applications should be checked to see they have latest security updates. The built-in Windows "CLEANMGR" applet is a good one to help to delete temporary files & the likes. https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html . NB. Guide at lifewire on how to clear Cache for most all web browsers https://www.lifewire.com/how-to-clear-cache-2617980
  18. Thank you for the FRST reports. NEXT This should only take something less than 15 minutes. Now a fresh new scan with Malwarebytes for Windows. In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  19. If you run into a hitch, as we go along, stop and ask me first. We may wind up needing to re-use FRSTENGLISH at a later point. So please do not delete it. Plus, I will guide you on tools cleanup when we get to close the case ( at the end). Thanks for the Fixlog. The Windows System File Checker reports, "Windows Resource Protection found damaged files and repaired them correctly.". Overall, the custom script run is a good thing to have done. Now, as a matter of fact, we do need to get a fresh report. And we will need to use FRSTENGLISH to get that. . Go to the Downloads folder. RIGHT-click with the mouse on FRSTENGLISH & select "Run as Administrator" to start it. When prompted to allow it to run, reply YES and let it go forward. When the tool opens click Yes to the disclaimer. Now, be sure to TICK the check-box marked "Addition.txt " ( like in picture here). Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually Please attach both logs to your reply. To save attachments please click the link "choose files". Then browse to where your file is located and select it and click the Open button.
  20. If your Kaspersky has flagged zip file, have Kaspersky quarantine or remove that zip. As far as Kaspersky saying that Malwarebytes is not compatible, that is simply not so. Ignore that message.
  21. Alright. By the way, I do not see a indicator on FRST about any "infection". As far as how busy the Windows system is when first started, consider to trim down the number of auto-started applications. These are some of those that are auto-loaded. Discord Steam Spotify Epicgameslauncher Overwolf Gamecenter com.blitz.app Opera GX Browser Assistant
  22. Initial question. This pc has Kaspersky Security Cloud. Did you scan this pc today ? what was the result ?
  23. Hello @Azer0 My name is Maurice. I will guie you. My first posr is simply to respond to That is very normal. Just DISREGARD the percentage readouts .....until after a minute or 2 has elapsed. The very initial "percentage" counts are NOT to be considered as a reliable readout. People often see that & get all dis-oriented. So, skip that as a true indication. We use actual security scanners to look for any actual infection.
  24. What follows is a custom script . This may take a long time. Hopefully it will be much less than an hour. The script Fixlist.txt needs to be saved to the same folder that contains FRSTENGLISH.exe / it is on Downloads Please save the (attached file named) FIXLIST.txt to the DOWNLOADS folder Fixlist.txt The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Keep in mind this is not a single shot cure-all. There will be more to do later.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.