Jump to content

Maurice Naggar

Experts
  • Posts

    35,965
  • Joined

  • Days Won

    169

Everything posted by Maurice Naggar

  1. We are ready to wrap-up this case. But first, we do cleanup of the tools I had you use. 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. Your system is good-to-go. 😎 Sincerely.
  2. Please look on your Downloads folder. IF there still is a file named Fixlist.txt then I need to insure you Delete that. I have a new one here for this new custom-fix run. Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. NOTE-1: This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will remove the "GoogleUpdater" exploit malware infection, if any traces are around. It will attempt to run one Quick scan with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  3. I would like you to run a NEW custom cleanup script whose goal is to remove the main parts of GoogleUpdater infection First, please be sure to EXIT out / Close any open work you may have open at this point, so that you have a unobstructed view to Desktop. This powershell scripted-run will make a log file on the Desktop named Klearemlog.txt Save the attached zip file to your system. If possible save it to the Desktop. Klearem.zip<<<----- Then with File Explorer find the Klearem.zip Next, with that zip file, Extract all content to the Desktop Then with File Explorer, go to Klearem.txt and do a RIGHT-click with the mouse & select Rename and rename it to Klearem.ps1 Once that is confirmed, we must put Windows into SAFE Mode. Start your PC in safe mode in Windows then do a RIGHT-click on Klearem.ps1 & select the option Run with Powershell . It will / should display as the 2nd choice on the option menu. Pick "Run with Powershell" and tap Enter. Next, you may be questioned with "Execution Policy Change" prompt. If so, respond with/ type Y and tap Enter. From then on, the script will automatically run. When it has finished you should see a on-screen display End of run. Please look for 'Klearemlog.txt' on the Desktop. Press Enter to exit When all done, Restart Windows so that it is in Normal mode. kindly attach the file "Klearemlog.txt" with your next reply. STICK with me, because there is MORE to do even after this.
  4. We need to do yet another round. I will get that to you soon. Meantime, Delete the Klearem.ZIP and also delete Klearem.ps1
  5. On the FSS I needed for you to tick each and every other line I had on my list. But let us defer that to later. That report can wait for much later. This box has a serious pesky malware. I have just spent much additional personal time to custom write this next cleanup script. Go real careful and be sure you read all of this all the way so that you Understand all that is outlined. We will still have much more work to do even after this. I would like you to run a custom cleanup script whose goal is to remove the main parts of GoogleUpdater infection First, please be sure to EXIT out / Close any open work you may have open at this point, so that you have a unobstructed view to Desktop. This powershell scripted-run will make a log file on the Desktop named Klearemlog.txt Save the attached zip file to your system. If possible save it to the Desktop. Klearem.zip <<<----- Then with File Explorer find the Klearem.zip Next, with that zip file, Extract all content to the Desktop Then with File Explorer, go to Klearem.txt and do a RIGHT-click with the mouse & select Rename and rename it to Klearem.ps1 Once that is confirmed, we must put Windows into SAFE Mode. Start your PC in safe mode in Windows then do a RIGHT-click on Klearem.ps1 & select the option Run with Powershell. It will / should display as the 2nd choice on the option menu. Pick "Run with Powershell" and tap Enter. Next, you may be questioned with "Execution Policy Change" prompt. If so, respond with/ type Y and tap Enter. From then on, the script will automatically run. When it has finished you should see a on-screen display End of run. Please look for 'Klearemlog.txt' on the Desktop. Press Enter to exit When all done, Restart Windows so that it is in Normal mode. kindly attach the file "Klearemlog.txt" with your next reply.
  6. Do not know / cannot know what triggered what. I need for you to Uninstall F-Secure. Then do a Windows Restart. Then get for me a new frsh FRST report set. Go to where FRSTENGLISH was saved. Downloads folder........RIGHT-click on FRSTENGLISH.exe and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. ( 2 ) Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file.
  7. See this F-Secure article link You need to disable turn OFF protections of F-Secure until the next Windows Restart ....before doing the next special custom-fix There is a serious infection of a fake "Googleupdater" scheduled task along with two bundled "googleupdater" services. Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. NOTE-1: This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will remove the "GoogleUpdater" exploit malware infection. It will attempt to run one Quick scan with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  8. Be extremely careful where you get games. What do you know about C:\Battlestate Games\EFT\EscapeFromTarkov.exe ? Is it a known legitimate game ? It seems to be a source of trigerring a LOT of I P block events from Malwarebytes.
  9. Just a few remarks. This Windows has installed as the resident antivirus the F-Secure Version: 19.2. Is that a paid-for license, or is that a trial install ? With F-Secure installed we likely will have to take some extra measure to temporarily turn it off when we do some special runs. Make sure to know the way / the procedure to temporarily turn it off. Other remarks, like what you said, way at the top, about Chrome. If there was a Chrome big problem, or if Chrome was exploited, we do not choose to do a Restore tabs option, Try to just only use the EDGE browser instead of Chrome. And by the way, be sure to not do loose web surfing, and do not play any games of any sort for the duration of the case. I see lots and lots or references to Steam games. Is this box mainly a game box ? Stick with me. I will have more for you soon.
  10. Next things to do after sending the report. First some housekeeping, and then one Scan. There will be more later after all this. Start Malwarebytes. Click Settings ( gear ) icon. Next, let us make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. now Click the General tab. Under Application updates, click the Check for updates button. When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 ( 2 ) Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it guide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article NOTE: IF Adwcleaner in the results shows "no items" flagged, then please click on the button marked "Run Basic Repair" Attach the clean log from Adwcleaner when all completed.
  11. Hello. My name is Maurice. I will guide you. Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start. 1. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ 2. Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ 3. I would like a report set for review. This is a report only. This is the first beginning step so I can see what is what on this particular machine. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Attach the mbst-grab-results.zip from the Desktop to your reply..
  12. The custom run result is excellent. I expect that the original problem has been squashed, As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. If upon launching the Esetonlinescanner, there is a windows-message box displaying A driver cannot load on this device. Driver ehdrv.sys then, please, TICK the check-box "Don't show this message again" and then, click the Close button on that window-box. The ESET scan will proceed forward. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review
  13. Hello. My name is Maurice. I will guide you. Please provide the support-tool report cited above by Porthos. Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going At your next opportunity, do this. If possibly you have a browser issue, can you try using a different web browser? But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer. and only then, launch it from there. Let's do one special run with Malwarebytes Adwcleaner. It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button. First download & save it download link Then go to where the EXE file is saved. Start Adwcleaner. Do not rush. There are a few first choices to set as I have listed below. Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window by clicking their button to the far-right for ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset IE Policies Reset Chrome policies Reset Winsock Reset HOSTS file ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan. This can take several minutes. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the “Continue” button to finish the removal process. Guide article Do stick with me. These are only initial tasks. We will need to check more and do more, later. Have lots of patience. Also know, I am a volunteer here. And that I am not on all the time. I volunteer as personal time and opportunity permit.
  14. Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. NOTE-1: This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. There is a rogue scheduled task that is the source of the trouble. It will be removed.. It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt<- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  15. Hello @liam8481 . My name is Maurice. I will guide you. Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going Allow me a few minutes to review your reports.
  16. Six spyware threats found and removed by TrendMicro Housecall. Let us do a new scan with a different scanner. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand. This link is for the 64-bit version of MSERT.exe . Be sure you save the file first Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well Launch MSERT.exe Accept the agreement terms of Microsoft Select CUSTOM scan Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned. Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.
  17. We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you
  18. One other scan here. TrendMicro HouseCall scan from this Link First, Download & Save to your Downloads folder the appropriate HouseCallLauncher Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it. The program will check with TrendMicro & do a update run. Next it will show the Disclosure window. Click Next to proceed. The end user license agreement is presented. Click the Accept radio button & click Next to proceed. I suggest a CUSTOM scan on C drive. IF you wish a Full scan or a Custom scan, first click on the Settings then you can select which drives you want to include in the scan. The default is a Quick scan. Click Scan now when ready. The scan progress will then be displayed. Monitor the progress or just leave it alone until it finishes this phase. When the scan phase has completed, if any items are tagged, you will see a list, showing the file & its location, the classification of the threat, the type, risk, and Action option. If you see an item that you know is safe, you can click the Action , and select Ignore. When all done & ready, click the Fix now button. The "Summary" at the end at "Review Results" is what matters.
  19. These applications need your attention. Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Discord v.1.0.9006 Warning! Download Update Telegram Desktop v.4.9.9 Warning! Download Update After that, this routine will cleanup the tools I had you use. 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. After that is done, Delete mb-support-1.9.7.1002.exe Delete mbst-grab-results.zip on the Desktop. Your system is good-to-go. 😎 Sincerely.
  20. Alright, Thanks. Now a different scan with another security scanner. You should first Close as many of your open-user app-screens as possible. That is to say, Exit all that you do not need to have open. This with Kaspersky KVRT tool. Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Next, Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\gregbuck\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\gregbuck\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important. To start the scan select OK in the "Run" box. The Windows Protected your PC window "may" open, IF SO then select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" Go slow & careful on this part. In the new window select "Change Parameters" In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and "Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. you completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_202401025_203000.klr Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply Have lots of patience, as this will most likely run for many hours. Also, be aware I am a volunteer here. I help here as personal time permits. I am not on all the time.
  21. Kaspersky report is great. No need for you to fret about cleaning up the tools. I will provide directions on that before we wrap up. For now, I would like a readout report. SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Thank you
  22. Sorry, It is not real clear to me what you mean by that line. But the Fixlog report looks good. I believe this system is in the clear. Let us just get this fresh readout report. SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Thank you
  23. That is very excellent. Now a different scan with another security scanner. You should first Close as many of your open-user app-screens as possible. That is to say, Exit all that you do not need to have open. This with Kaspersky KVRT tool. Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Next, Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\nicot\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\nicot\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important. To start the scan select OK in the "Run" box. The Windows Protected your PC window "may" open, IF SO then select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" Go slow & careful on this part. In the new window select "Change Parameters" In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and "Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. you completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_202401025_203000.klr Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply Have lots of patience, as this will most likely run for many hours. Also, be aware I am a volunteer here. I help here as personal time permits. I am not on all the time. And be very sure to let me know, Has the rogue CMD 'black' window issue that started this case....IS it now GONE Away ??
  24. The thing was that Powershell was mis-used. ie, attempted invocation by the "goobers" C:\Users\gregbuck\AppData\Roaming\vjjrj1cicjp.aqqkdy5w1ky The Malwarebytes real-time web protection STOPPED any potential harm. The attempts were STOPPED. period. I look forward to getting log result from the ESET scan. Once you start ESET and it is underway, you do not need to watch it. Just insure it gets started then take a huge long break.
  25. Thank you. That result is great. Now a different scan with another security scanner. You should first Close as many of your open-user app-screens as possible. That is to say, Exit all that you do not need to have open. This with Kaspersky KVRT tool. Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Next, Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\pgcb1\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\pgcb1\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important. To start the scan select OK in the "Run" box. The Windows Protected your PC window "may" open, IF SO then select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" Go slow & careful on this part. In the new window select "Change Parameters" In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and "Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. you completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20240124_203000.klr Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply Have lots of patience, as this will most likely run for many hours. Also, be aware I am a volunteer here. I help here as personal time permits. I am not on all the time.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.