Jump to content

Maurice Naggar

Experts
  • Posts

    27,512
  • Joined

  • Days Won

    74

Everything posted by Maurice Naggar

  1. Part 2. I am planning on generating a custom fix script. I need to first ask a few questions & ask for some confirmations. I believe the download folder here is C:\Users\lennie\Dropbox\My PC (gpd-pocket)\Downloads Is that right ? Can you look on that folder & tell me: Is there a file there named FRSTENGLISH.exe ? Is there a file there named FRST64.exe ? Thank you.
  2. Regret to read this bottom line news. I meant to inquire before - - - you have made at least two references to "my pocket pc". What is that exactly ? What make / model / and year is that ? Is that the old time small device from way way back ? [ B ] Do one new Scan with Malwarebytes for Windows. After completion, attach a copy of the scan log. locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  3. Thank you. That is a good run. The Windows System File Checker (SFC) Windows Resource Protection found corrupt files and successfully repaired them. Before that, we ran a scan with ESET Online scanner & Malwarebytes for Windows & ESET. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log.
  4. I am happy to read that the clipboard & copying issue is now normal. About Norton Security ( since 1 exe file was flagged) I must ask if Norton was from a official Norton source? If it is not, then I would suggest to do a full Uninstall of Norton Security. We can also upload a copy of Ncrypt.exe up to Virustotal for analysis & also delete that one file ( if possible). Please know that Windows 10 comes with its own antivirus, Microsoft Defender antivirus. If Norton Security is uninstalled, the Microsoft Defender antivirus will be turned back on. . Now a new custom script. Please first DELETE the old file named Fixlist.txt on the Desktop. We will use FRST64.exe on Desktop folder to run a new custom script. The system will be rebooted after the script has run. This custom script is for OC507 only / for this machine only. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the user Desktop folder Fixlist.txt Start the Windows Explorer and then, to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt at your next opportunity.
  5. I notie that there is no "error message". I have to assume it did work. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report.
  6. I meant just only a flash-thumb drive. The wireless mouse & headphone is OK where it is.
  7. Thanks for the log-report. Let us give the following one try. Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in powershell Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator". 2 Then you will see the Powershell window. Into that, we want to Copy & Paste this entire lines AS-IS Restart-Service -Name "cbdhsvc*" -force then tap the Enter-key and wait and watch the result. 3 When it has displayed a blue screen with information on result , when done, then use the mouse pointer and do a RIGHT-Click on the top title bar of Powershell window. . 4 Select "Select all" Next then . 5 Select COPY Next, on this forum topic, in a new Reply, Right click the white reply box . 6 And select PASTE onto a Reply box-window here. Close the Powershell window. Providing the above ran properly, the clipboard history should be clear.
  8. Congratulations. The Malwartebytes for Windows report is perfect. No malicious malware here on this machine. This program checks for malware. . Lets be cautious here. We can run the Windows System File Checker tool & the Windows 10 DISM tool to do checks on this Windows 10. We will use FRSTENGLISH.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for BERKAN only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the user Downloads folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity
  9. Thanks. The result from the Safety Scanner is normal and expected. Since this computer has Norton, it is expected that the Microsoft Defender antivirus & anti-spyware will be off. Now to attempt to cure the clipboard issue. We will use FRST64.exe on Desktop folder to run a custom script. The system will be rebooted after the script has run. This custom script is for OC507 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. It is also intended to help on clipboard issue. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the user Desktop folder Fixlist.txt Start the Windows Explorer and then, to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity
  10. By the way, I notice that this machine has Norton Antivirus as the resident antivirus. When was the last scan with Norton Antivirus ? I am curious.
  11. Hello @OC507 My name is Maurice. I will be guiding you. Thanks for the reports. The scan report from Malwarebytes for Windows is perfect. You can start this task here & then after it is started, you should go get a good break. Just let the computer run this, once you start it. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select QUICK scan. Then start the scan. Have lots of patience. Any intermediate displays are information only. It is the end results that count. Let me know the result of this, along with the report. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply.
  12. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  13. You are very welcome. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). . You can delete msert.exe Delete mbst-grab-results.zip Delete mb-support-1.8.7.918.exe To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe Then run that ( double click on it) to begin the cleanup process. Any other download file I had you download, you may delete. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. Stay safe. I wish you all the best. I am marking this case for closure.
  14. Hello @Ginger_4801 Is this a pc that runs Windows 10 ? Is this the only pc that you have ? I mean, is it possible that you have another machine that works, where you could do downloads & thus be able to save some tool? What had happened prior to all this ? I mean, how did all this come about ? By the way, if you are seeing X: on the command line, that tends to indicate that the machine is in the Windows Recovery environment.
  15. Thank you for the log. There were NO malware / NO virus found. These are the 2 most important lines of the report. That confirms that there is no malware and even no potential unwanted types. ( no PUP / no PUA ). . Please download, install, update and do a Threat Scan with Malwarebytes for Windows and post back the log https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows
  16. Thanks for the results from the Microsoft Safety Scanner. It found NO infection / no virus ! It is a clean good result. The intermediate displays on-screen must be ignored. They are not actual problems. The intermnediate displays of the Safety Scanner during the scan can be mis-leading. All that counts is the bottom line result. ( other people have seen similar & also got mis-impression). By the way, about what you "saw" on intermediate displays of the Microsoft Safety Scanner ( your remarks above), I would like you to review the remarks by AndyDavid about all that on this Microsoft community venue https://docs.microsoft.com/en-us/answers/questions/326108/mar-1721-msert-detects-items-during-scan-but-at-en.html . You reported It is very re-assuring that Malwarebytes for Windows reports no malware infection. That is another confirmation that this machine is not infected. It is unfortunate ( but not fatal ) that this pc could not accomplish the manual definitions ( signatures) update for Microsoft Defender. BUT it is critical to keep in mind that this pc has has AVAST Antivirus. That being the case, Micriosoft Defender is supposed to be turned off and not active. Avast is the antivirus. I assume you are sticking with Avast. I do not see a infection here. My view is that we can plan to wrap up this case.
  17. Thank you for the log file. The run did clear the working area for Windows Update. Hoping that that will help out. How is the pc at this point ? Could you do one new scan with Malwarebytes for Windows ?
  18. C:\Windows is indeed the normal (default) system directory for the Windows 10 Operating system. [ WINNT is not typically seen on modern-day Windows 10 for consumers ( meaning home users and single users). Some corporations though might possibly engineer something specific]. What I suspect you recall about Winnt is from a old old Windows version from long ago, like maybe Windows 2000. Anyhow, put that to rest. Your Windows now is in the right place. If you wish, you can do a different other scan to scan your machine. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. NOTE: This scan can take several hours ( depending on how many files are on the system & also on the speed of the hardware ). Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report.
  19. It seems this machine has a issue doing updates for Windows. The following is a custom script to try to help. First please Delete the prior file named Fixlist.txt on the Downloads. then Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later at your next opportunity.
  20. To your last line, it is super to read that this Windows has been upgraded to build 21H1 😁 👍 😎 I cannot be sure which scanner you refer to here ? ....BUT it is normal for a security scanner to "not be able to open a file". That can and does happen. It does not equate to a "infection".
  21. I am glad that you follow good practices and have kept your systems safe. As to the remark about a "feeling" about Susan Bradley, I feel compelled to make some remarks. Susan Bradley is highly regarded in the Microsoft Windows community. Besides writing articles at Windows Secrets community, she has for many many years done a lot of volunteer contributions at Microsoft community venues and is highly regarded in the community. That is to say, in addition to her professional work. I do know that she indeed knows stuff. She also has direct experience. You may view one of her profiles here.
  22. Hello. The following lists the steps to do a manual ( on-demand ) update of the definitions of the Windows 10' Microsoft Defender antivirus. Your Windows is a 64-bit one. The gist of the steps is to download the 64-bit update package AND save it, when done, to run that exe file. Go to this link at Microsoft https://www.microsoft.com/en-us/wdsi/defenderupdates Scroll down to section "Manually download the update". Look down to the table with list of 7 lines. Only look at the first line "Microsoft Defender Antivirus for Windows 10 and Windows 8.1". Then click the blue-color link for "64-bit". Be sure to SAVE the file. After that completes, go to where you saved the file mpam-fe.exe Then double-click on mpam-fe.exe to start the update.
  23. Thanks. That's good. We can keep this thread open for a few more days.
  24. Thanks for the report zip from the support tool. The only items I see in Quarantine are related to C:\PROGRAMDATA\KMSAutoS whose content is classified as HackTool.KMS. Cant tell what brand/model of computer hardware this is. Nor its network driver hardware. Howeer, the report from Farbar FRST report shows, that Windows is logging these network-hardware "errors". There is one thread on Microsoft Answers forum you should check out. Apply the tips listed by Kevin Bart https://bit.ly/3kYYsG9
  25. Hello. I was only just curious about the bottom line status shown by ESET. I cannot do anything with the XML file. Plus there is a issue of the language. Lets do one new Windows Update "Check for Updates" run. See Microsoft tip article https://bit.ly/3zW2EN1 In Turkish https://bit.ly/3BN9G7k The basic idea is to insure that the Windows operating system is all up-to-date with security updates.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.