Jump to content

Maurice Naggar

Experts
  • Posts

    27,518
  • Joined

  • Days Won

    74

Everything posted by Maurice Naggar

  1. @oceanjewel Hello My name is Maurice. Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along.
  2. Thank you for the Fixlog report. The run is good. I had not intended to imply it would run a long time. I only meant to be patient on the run. The Windows System File Checker ( SFC ) ran and that result is good. It checked the integrity of some Windows system files. That result is good. The temporary sub-folder where the suspect file had been located is removed. Just by the way, Windows 10 is more secure, but this hardware will not support it. Just also by the way, I do not personnaly recommend any "Iobit" app. Instead, I would only just use the Windows tools built in to do what is needed. For example, to uninstall the Adobe Flash: .Press & hold the Windows key on keyboard & then tap the R key to open the Run box-windoww. 2. Type appwiz.cpl and tap Enter. 3. The Programs and Features window will appear. Locate on the list "Adobe Flash Player 21 ActiveX ". Do a right-click on it. Then choose Uninstall. Let it proceed. Then look for "Adobe Flash Player 23 NPAPI ". Do a right-click on it. Then choose Uninstall. Let it proceed. When completed, Exit Programs and Feautures. . Now do a new scan with Malwarebytes for Windows. Advise me of the result. Locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  3. One file was tagged as a worm & removed E:\Google Drive\Private\Microsoft Toolkit 2.5.3\Microsoft Toolkit.exe The other item was one registry setting that had Defender's anti-spyware ability off. That is a standard setting when the machine has a third-party antivirus. That is not considered a actual "infection". By the way, about what you "saw" on intermediate displays of the Microsoft Safety Scanner, I would like you to review the remarks by AndyDavid about all that on this Microsoft community venue https://docs.microsoft.com/en-us/answers/questions/326108/mar-1721-msert-detects-items-during-scan-but-at-en.html Also, the post by EricYin of Microsoft ( just below that section) In actuality here, from this last scan, there was only 1 file that counted as a malware. Now then..... I suggest you proceed with the custom Fix script I had posted before https://forums.malwarebytes.com/topic/278698-may-be-infected/?do=findComment&comment=1479654
  4. Hi, thanks very much for the report file. That is a tremendous help. It is not possible to know how this machine got infected. There just is not a unified global log on the machine that would have the answer. But one can point to the most typical ways. Maybe someone attached a infected USB-thumb-flash drive. There are always the other typical ways: Being too quick on the Click-finger & downloading some free thing. or a drive-by intrusion when using a web browser thru a infected or compromised website. Or, downloading a hack tool to get around paying for a software app. Opening attachments from a Email ( without first scanning it with antivirus) is often a avenue for infection. Below I list a couple of articles on the subject. How Did My Protected PC Get Infected? https://www.pcworld.com/article/202771/protected_but_infected.html How did I get infected https://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/ You report this machine is a second-hand machine. Did someone erase the hard drive & then do a clean new install of Windows 7? Most pc's have a method from the computer manufacturer ( on a hidden partition) to do a "factory restore" operation to reset the system to the way it came out Day 1 at the factory. . Be aware this machine has 2 Adobe Flash player apps that are way way obsolete, plus Adobe no longer supports them. You need to Uninstall both Adobe Flash Player 21 ActiveX Adobe Flash Player 23 NPAPI . Obsolete apps are one thing that malware exploits. . Please also be very conscious that Windows 7 is very much unsupported by Microsoft. It has not been getting security updates. This operating system is at risk of future infections due to the Operating System being unsupported. Windows 11 & the upcoming Windows 12 operating systems are much more secure. . Here below is a custom run intended to do some cleanups. Please take time to read carefully & apply all directions below. If you have a question, stop and ask me first. Your Downloads folder is C:\Users\Oma\Downloads We will use FRSTENGLISH.exe to run a custom script. The system will be rebooted after the script has run. This custom script is for UhhConfused only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the C:\Users\Oma\Downloads folder Fixlist.txt Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity
  5. Get your rest. As I said before, Malwarebytes has no decrypter. We are unable to help you about your encrypted user files.
  6. For the first-orignal machine: Once the Safety Scanner has finished, attach & send the log so I can review. And then after that is all done, then I have a custom script for this machine here. Here below is a custom run intended to do some cleanups. Please take time to read carefully & apply all directions below. If you have a question, stop and ask me first. [ 1 ] As a next basic step, Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] Your Downloads folder is C:\Users\TheNa\Downloads We will use FRST64.exe to run a custom script. The system will be rebooted after the script has run. This custom script is for TOMA776 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later.
  7. Hi Annie. Go ahead and Restart Windows so that machine is in normal mode. Then get the Support tool & do the Gather logs & attach the ZIP report. Not sure & I cannot tell what that DLL does. Just do not be over-concerned. It is stopped. and I will be guiding you forward. We will need to have Windows in normal mode as we work the case.
  8. Do the other machines have the same issues ? If they each have Malwarebytes, check the latest Malwarebytes scan logs. and if you want, you can run the MS Safety scanner & select a Quick scan.
  9. Hi. Be assured. The script is good as is. Whether or not the presence of the USB port. I'd go ahead & do as outlined.
  10. Hello @toma776 Next, I suggest a new scan for virsuses & other malware. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  11. Thanks for the report. The most recent block notices were about IP blocks on IP "45.95.147.21" I notice this machine is a "Windows Server 2012 R2" First action: Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html Next action: Use Windows Explorer. Expand / navigate the left hand tree view of the C drive & drill down to C:\Windows Use the mouse and ( on the Left-hand tree) RIGHT click on Windows folder and select "Scan with Malwarebytes" and let Malwarebytes do that scan.
  12. Additional note. That DLL file does NOT belong in a TEMP sub-folder. period. It is set to be removed the next time you Restart Windows. Yes, the DLL should be removed.
  13. Hello My name is Maurice. Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along.
  14. Hello @Jawsh My name is Maurice. Let me know what name you prefer to go by. I will guide you. I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along. NOTE: The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm. It is STOPPED from a outbound attempt to ai.backend-chat.com
  15. Also see this article at Bleepingcomputer forum "Crypt0L0cker & TorrentLocker Ransomware Information Guide and FAQ" https://www.bleepingcomputer.com/virus-removal/torrentlocker-crypt0l0cker-ransomware-information
  16. Hello, that is great news. Bravo. Next, I suggest a new scan for virsuses & other malware. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  17. Hello. The scan report from Malwarebytes for Windows is all good. Next steps were listed above.
  18. Hello Please see this article at Bleepingcomputer about the ransomware https://www.bleepingcomputer.com/forums/t/574608/crypt0l0cker-support-topic/ [that ransomware goes back to the middle of the last decade.] also see https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/ Please know that Malwarebytes has no decrypter for ransomware. Please also know that ransomwares self-delete once they have encrypted user files.
  19. I am glad to read that things are more normal & better. Kindly know that outsiders or people who are not forum support cannot get to your report files. But anyhow, I am hiding the post with your reports. No need to fret on that account. I suggest this next scan to do a different check for potential viruses & malware. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. Any intermediate displays are information only. It is the end results that count. Let me know the result of this, along with the report. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  20. Hello Dmitry. 😀 Nice to meet you. Thanks for the report file. Here below is a custom run intended to do some cleanups. Please take time to read carefully & apply all directions below. If you have a question, stop and ask me first. [ 1 ] As a next basic step, Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] Your Downloads folder is C:\Users\olegr\Downloads We will use FRSTENGLISH.exe to run a custom script. The system will be rebooted after the script has run. This custom script is for human2402 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. NOTE 3: Each of Chrome browser, Edge browser, & Firefox browser is set to restore the previous session. In a situation like this, of repeating block events, it is not a good practice. The auto-restore will be turned off. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity
  21. Hi. Here below is a custom run intended to do some cleanups. Please take time to read carefully & apply all directions below. If you have a question, stop and ask me first. [ 1 ] As a next basic step, Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] Your Downloads folder is C:\Users\arthu\Downloads We will use FRSTENGLISH.exe to run a custom script. The system will be rebooted after the script has run. This custom script is for Ay000 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. NOTE 3: There is a sub-folder named ADC from which a javascript runs, which is the likely main pest here. It will be removed. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity
  22. For the time being, can you please Exit out of all those apps. Those apps are my initial suspects as a source of the main issue at hand. I will have more later.
  23. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  24. You are very welcome. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). . You can delete msert.exe Delete esetonlinescanner.exe To remove the FRST64 tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe Then run that ( double click on it) to begin the cleanup process. Any other download file I had you download, you may delete. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. Stay safe. I wish you all the best. I am marking this case for closure.
  25. Hi. Its gonna take several rounds to get the issues squared away. Remain cool and calm & without undue panic. Your pc is protected. These are first steps. More to be done later. Lets begin by focusing on Chrome browser & insuring to clear all cache & history & insure it does NOT start with reloading prior session + other measures to beef it up. [ 1 ] Use Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok". [ 2 ] for Chrome, while Chrome is running: Press & hold SHIFT+CTRL+Del keys on keyboard to get menu for clearing browsing data: Check mark the line "Browsing history" Check mark the line "Download history" Check mark the lined "Cached images and files" and press Clear Data button ( in blue ) [ 3 ] After that, make real sure that Chrome is "NOT" set to reload the pages from the last session Go into the settings menu of Chrome by first clicking the control icon of Chrome on upper right of the adress bar Then look deeper in SETTINGS Make real sure it is "NOT" set to "continue where you left off" . [ 4 ] See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 5 ] I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 6 ] Let me know what instant-messgener apps are used or running on this machine. Ones like Discord perhaps.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.