Jump to content

Maurice Naggar

Experts
  • Posts

    27,517
  • Joined

  • Days Won

    74

Everything posted by Maurice Naggar

  1. Hello. Please understand that there needs to be a connection to the internet. Did you save the FRST64.exe ( or else the FRST.exe ) to the Downloads folder? where is it saved ? Also tell me, is Microsoft Windows Defender the active antivirus programs on this pc ? if so, can you do a scan with Microsoft Defender ? This is one way to do a manual scan using the Microsoft Defender antivirus, as well as to visually check protection status. From the Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection By the way, when you see a green check-mark on your display, it means a good status and that protection is on. On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon. You can click on that to have the system check for updates for Windows Defender. Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom). NOTE: If you have the time / opportunity, select a Custom scan & scan the C drive ( one time as a safety check ). NOTE: On this last screen, be sure to review the section on Exclusions to be sure that nothing of the path, process, or file /folder exclusions are ones that you yourself did not place there on your own.
  2. Hello @TatianaBio21 My name is Maurice. I will be guiding you. Please follow my guidance. I will help to get rid of traces of SOUNDFLOWPICKER Here below is a custom run intended to quash it. Please take time to read carefully & apply all directions below. If you have a question, stop and ask me first. [ 1 ] As a next basic step, Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] We will use FRST64.exe on Desktop folder to run a custom script. The system will be rebooted after the script has run. This custom script is for TatianaBio21 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. It is also intended to run a Microsoft Defender antivirus scan. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the user Desktop folder Fixlist.txt Start the Windows Explorer and then, to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity We will do more after this. Persistence & patience are called for here. Stick with me because there will be more for later.
  3. That scan report is all good. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge & all other web-browsers are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Let me know the bottom line result.
  4. You asked how the malware could have got on your machine. The most likely means is via one of the web browsers. For example, a drive-by visit to some website. At times, this could be possible on a inadvertent click on a link in some email. This following quote section is about adware though the methods of entry used are the same as malware. qf https://blog.malwarebytes.com/101/2018/01/how-to-remove-adware-from-your-pc/
  5. We will need to run (later on) a on-demand report. The report set that was uploaded did not have the complete expected set. The first step I suggest to be done is a Update run for Malwarebytes for Windows. Start Malwarebytes for Windows. Click Settings. In the General tab, click on "Check for Updates " button. Watch & follow all prompts. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  6. Hello @Berkan This topic-thread is for Berkan only. You said that your computer has a trojan malware. I suggest this as the first step. There will be more to do later. This is not a one shot fix. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. To save attachments ( to upload ) please click the link labeled "Add Files". Then browse to where your file is located and select it and click the Open button. Please be sure to review your reply and attachment before you press the reply button.
  7. Hello @scopio I need a report set for review. This is a report only. Please download MBST Support Tool Once you start it click Advanced > Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the link marked "ADD File". Then browse to where your file is located and select it and click the Open button. Only after you are all set plus have uploaded the ZIP file, then press the button "Submit Reply" in blue color. Please have patience throughout this case. Understand also I am a volunteer here. Cheers.
  8. @HGDC84 See https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/?tab=comments#comment-46166
  9. Good. [ 1 ] Beefing up web browsers: See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". [ 2 ] Your EDGE browser & the Chrome browser have the Malwarebytes Browser Guard. If you use Mozilla Firefox, then add to it the Malwarebytes browser guard too. [ 3 ] I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt . I do believe that this pc now does not have malware. Can't be sure how this pc's Microsoft Defender got these folder exclusions. But Trickbot & Gootkit malware use tricks to set exclusions for Microsoft Defender, { See more info about Trickbot here https://www.malwarebytes.com/trickbot ). You can read about Gootkit here { just ignore all ads on page ) https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/ My view is that the infection likely was done by some drive-by visit to some site or more likely a download. It is also possible that a visited site simply was compromised & then when visited, started the infection chain. Another possibility could have been a mistaken click to "allow" in lieu of "quarantine or remove" when prompted by Microsoft Defender. Since Malwarebytes Premium has multiple real-time protections, including against trojans like Trickbot, I would recommend that you have the Premium license for Malwarebytes so that all pc's & devices are covered. As to making your system more secure, there is a bunch of suggestions at this post https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/?tab=comments#comment-1372004 Securing each web browser ( as appropriate) with Malwabytes Browser Guard is recommended. Personal practices with the keyboard and the mouse ( like slowing way down on clicking spots on a web page) are one huge area for safety. In other words, not to be super quick to "click" with finger on mouse. Not using "torrents" to get or share free stuff is another best practice. Be extremely careful of what you download. Cheers.
  10. Thanks for the FRST report. I notice that Microsoft Defender antivirus services are running. That the Malwarebytes for Windows protection services are running. The scan by Malwarebytes and with Microsoft Safety scanner indicate there are now no malware. We are past the major hurdles. Later on, I will have a set of safer practices for you, plus tips on beefing up the security on all web browsers. The original issue of not being able to install Malwarebytes has been resolved. In the proces, I found that this machine had a pretty serious Trickbot-type infection. That has been removed. Just understand that the infection was quite serious. It had made the sub-folders of where it hid itself to be "excluded" from scanning or monitoring by Microsoft Defender. These were some of those excluded sub-folders: "C:\Windows" "C:\WINDOWS\rss" "C:\Users\eddyd\AppData\Local\Temp\csrss" "C:\Users\eddyd\AppData\Roaming\BlueViolet" "C:\WINDOWS\windefender.exe" "C:\Users\eddyd\AppData\Local\Temp\wup" "C:\WINDOWS\System32\drivers" "C:\WINDOWS\System32" It also made a global exclusion for all EXE file types. Plus, it had deleted the Windows service entry for "Windows Update" service. All the bad-guy exclusions are now removed ( since the last Fix run we did, before). Effectively, the prior infection made itself to be untouchable by the Defender antivirus. As I say, this has all now been fixed. . I would like for you to read all of this below. And for sometime today, to do one Check for Updates run for Microsoft Defender antivirus, and to do one QUICK scan with Microsoft Defender antivirus. This is one way to do a manual scan using the Microsoft Defender antivirus, as well as to visually check protection status. From the Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection By the way, when you see a green check-mark on your display, it means a good status and that protection is on. On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon. You can click on that to have the system check for updates for Windows Defender. Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom). NOTE: If you have the time / opportunity, say at the end of your computer day this evening, select a Custom scan & scan the C drive ( one time as a safety check ). NOTE: On this last screen, be sure to review the section on Exclusions to be sure that nothing of the path, process, or file /folder exclusions are ones that you yourself did not place there on your own.
  11. I do not understand why you made so many one-line posts. Tell me, is the Recycle Bin icon the only thing that is a issue now ? Tell me, did you manage to merge the wuauserv.reg file ? You indicate that the Microsoft KB update has finished. Is that right ? Do us both a favor, do one Windows Restart and then wait for the system to settle back. . Then I would request one fresh report from FRSTENGLISH. Just reports. A report tool named FRSTENGLISH is already present on Downloads folder. Go to the Downloads folder. RIGHT-click with the mouse on FRSTENGLISH & select "Run as Administrator" to start it. When prompted to allow it to run, reply YES and let it go forward. When the tool opens click Yes to the disclaimer. Now, be sure to TICK the check-box marked "Addition.txt " ( like in picture here). Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually Please attach both logs to your reply. To save attachments please click the link "ADD FILES". Then browse to where your file is located and select it and click the Open button.
  12. Thank you. Just as would be suspected, the infection had also deleted the service entry for Microsoft Windows update service. We need to put it back. [ A ] RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to a folder ( do not double click / do not 'run' the file / nor open Windows 10 Windows Update service Once it is saved, then we are needing to merge the files onto the system, as follows With you mouse, do a RIGHT-click on the file wuauserv.reg and select Merge Let it do that & insure it finishes ok. . [ B ] Keeping the Windows operating system safe requires keeping up with all security updates from Microsoft Windows Update. On a regular basis. That's done by having the Windows Update service on. And monitoring on a regular basis. The Microsoft August 2021 security updates cover 44 CVEs. Of these CVEs, 7 are rated Critical and 37 are rated Important in severity. This machine needs to get & apply the 2021-08 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5005033) Go to this link at the Microsoft Update Catalog. It's the first item listed. Download & save the file https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005033 windows 10 20h2 for x64 It is the first one listed at that link. Download the file. SAVE it to your system. Then to actually apply that update. While in File Explorer, go to that .MSU file Do a Right click with your mouse on the .msu and then select OPEN. That should start the update process for that KB. Insure that it fully completes that run.
  13. Thank you for the reports. Microsoft Safety Scanner result: No infection found. That is very excellent. The Malwarebytes scan reports no threats. That is also very good. Now a different report, to check on Windows Defender and also on Windows Update service. ( the latter is known to be a target of the infection that had been on this machine.) This is a checkup report only. Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file. 😁
  14. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  15. Have a good night's rest. After the last task has finished, be sure you uplod the report file msert.log. Now we should be ready to do a new setup of Malwarebytes for Windows. Take your time and do not rush. Be sure you save the next download to your system. Now we can proceed to do a new install of Malwarebytes for Windows version 4.x ( the current release version). I'd suggest you save the download to the Desktop for ease of access. Otherwise, save the file to Downloads folder. 1. Download the Malwarebytes offline (full) installer from : https://downloads.malwarebytes.com/file/mb4_offline 2. Now, go to the folder location where saved. Right-click on the exe and select Run as Administrator and allow it to go forward. 3. After the Malwarebytes for Windows is done with the setup. Now, after a success of the new setup, then you should do a scan with Malwarebytes for Windows. In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top lin e to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  16. I would urge one more scan before we do anything else. Thanks. Good run / excellent actually. Except there is more to do. Even after this step below here. You can start this task here & then after it is started, you should go get a good nights rest. Just let the computer run this over-night. Then go get your sleep. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. On the next round, I will guide you on doing a new setup of Malwarebytes for Windows.
  17. I did get the file. You did OK. Now, we have to do one more run just like the last one. Please take your time and do NOT rush. Go Careful. we have to do a new Fix run. First you need to Delete the old file I had you saved named Fixlist.txt Delete the old one named FIXLIST.txt. I have a new one below. . Sla het (bijgevoegde bestand met de naam) FIXLIST.txt op in de map Downloads van de gebruiker Fixlist.txt Start de Windows Verkenner en vervolgens naar de map Downloads. Klik met de rechtermuisknop op FRSTENGLISH.exe en selecteer UITVOEREN als beheerder en laat het doorgaan. Antwoord JA wanneer u wordt gevraagd om toestemming te geven voor uitvoering. om het hulpprogramma uit te voeren. Als de tool u waarschuwt dat de versie verouderd is, download en voer dan de bijgewerkte versie uit. ALS Windows u vraagt om dit uit te voeren, selecteert u JA om door te gaan. ALS u een blokkeringsbericht van Windows krijgt over deze tool...... klik lijn Meer info informatie op dat scherm en klik op de knop Toch uitvoeren op het volgende scherm. in het FRSTENGLISH: Klik één keer op de knop Herstellen en wacht. Voeg de FIXLOG.txt bij uw volgende antwoord later, bij uw volgende gelegenheid We still need to do more.
  18. Are you very very sure that FRSTENGLISH or FRSTENGLISH.exe is not there on Downloads folder ??? did you happen to remove it ???
  19. I only asked to delete the FIXLIST.txt from the prior one. The FRSTENGLISH is on the Downloads folder Tell me, what did you delete ??
  20. This computer likely had a Trickbot infection that has excluded several threat folders by making exclusions in Microsoft Windows Defender. Those have to be cleaned up ( removed). There will still be more to do later. First, we have to do a new Fix run. First you need to Delete the old file I had you saved named Fixlist.txt Delete the old one. I have a new one below. Sla het (bijgevoegde bestand met de naam) FIXLIST.txt op in de map Downloads van de gebruiker Fixlist.txt Start de Windows Verkenner en vervolgens naar de map Downloads. Klik met de rechtermuisknop op FRSTENGLISH.exe en selecteer UITVOEREN als beheerder en laat het doorgaan. Antwoord JA wanneer u wordt gevraagd om toestemming te geven voor uitvoering. om het hulpprogramma uit te voeren. Als de tool u waarschuwt dat de versie verouderd is, download en voer dan de bijgewerkte versie uit. ALS Windows u vraagt om dit uit te voeren, selecteert u JA om door te gaan. ALS u een blokkeringsbericht van Windows krijgt over deze tool...... klik lijn Meer info informatie op dat scherm en klik op de knop Toch uitvoeren op het volgende scherm. in het FRST-venster: Klik één keer op de knop Herstellen en wacht. Voeg de FIXLOG.txt bij uw volgende antwoord later, bij uw volgende gelegenheid
  21. I did get the report. There is still remainder of infection here. We will have to do another fix run Plus some other scans later. Patience.
  22. Obnce you start the FIX just let it do its work and have lots of patience. The run may take as much as 40 to 50 minutes perhaps. While the fix is running, you should not be using the computer. Have much patience.
  23. The FIXLIST.txt is a text type file. You lost me as to just what is saying "windows 8". Did you run the FIX like I listed ? yes or no. ? IF you did do the FIX and it finished, it would have Restarted Windows. IF you have nothing to lose, if you decide, then you can get the laptop back to how it came from HP or you can do a Windows 10 RESET operation .
  24. Part 2 Sla het (bijgevoegde bestand met de naam) FIXLIST.txt op in de map Downloads van de gebruiker Fixlist.txt Start de Windows Verkenner en vervolgens naar de map Downloads. Klik met de rechtermuisknop op FRSTENGLISH.exe en selecteer UITVOEREN als beheerder en laat het doorgaan. Antwoord JA wanneer u wordt gevraagd om toestemming te geven voor uitvoering. om het hulpprogramma uit te voeren. Als de tool u waarschuwt dat de versie verouderd is, download en voer dan de bijgewerkte versie uit. ALS Windows u vraagt om dit uit te voeren, selecteert u JA om door te gaan. ALS u een blokkeringsbericht van Windows krijgt over deze tool...... klik lijn Meer info informatie op dat scherm en klik op de knop Toch uitvoeren op het volgende scherm. in het FRST-venster: Klik één keer op de knop Herstellen en wacht. Voeg de FIXLOG.txt bij uw volgende antwoord later, bij uw volgende gelegenheid
  25. This is the part 1. 'Alle mappen weergeven' in- of uitschakelen vanuit het lint van de bestandsverkenner 1 Open Verkenner (Win+E) en klik/tik op het tabblad Weergave. 2 Klik/tik op de knop van het navigatiedeelvenster in het lint en klik/tik op Toon alle mappen om deze in te schakelen (vink de TOON alle mappen aan)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.