Jump to content

Maurice Naggar

Experts
  • Posts

    35,965
  • Joined

  • Days Won

    169

Community Answers

  1. Maurice Naggar's post in Malware scan gave 6 file detections, am I cooked? What should I do? was marked as the answer   
    Next steps. First some housekeeping, and then one Scan.  
    Start Malwarebytes. Click Settings ( gear ) icon. Next, let us make real sure that Malwarebytes does NOT register with Windows Security Center
     
    Click the Security Tab. Scroll down to
    "Windows Security Center"
     
    Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center".
    { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. }
     
    This will not affect any real-time protection of the Malwarebytes for Windows 😃.
     
    now Click the General tab.
    Under Application updates, click the Check for updates button.
    When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds.
    If prompted to do a Restart, just please follow all directions.
    Next, the Malwarebytes scan
     
    Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan.
     
    When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
     
    >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢
     
    MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg
     
    Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark
     
    Then click on Quarantine button.
    MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg
     
    Then, locate the Scan run report; export out a copy; & then attach in with your reply.
    See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
  2. Maurice Naggar's post in Help needed to remove Trojan:Win32/Wacatac.B!ml was marked as the answer   
    Next, After you are all caught up.
    Please SAVE the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
     
    Please Close all open work, Now I need for you to Logoff and Restart Windows into Safe Mode.
     
    we need to place Windows into SAFE mode
    You may begin to do this from the Windows-sign-in-screen. See this Microsoft support how-to-article]
     
    You would need to first do a LOGOFF so that then you see a fresh sign-in screen.
    FRSTENGLISH,exe  program location:   Downloads folder. The tool is already on system. That is what we will use.
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
  3. Maurice Naggar's post in Infected after Crypto Scam, FRST and MBytes logs included. was marked as the answer   
    Comment. I often do like to run ESET Onlinescanner first.  But the order I used here does not carry significance. All the scanners that we use here are known and trusted.
    The Malwarebytes scan result is Perfect.
    These applications need your attention. Insuring they are Up-to-date is part of Security practice.
    Notepad++ (32-bit x86) v.8.5.3  Warning! Download Update
    Microsoft Office Professional Plus 2010 v.14.0.4734.1000  Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
    TeamViewer v.15.49.3  Warning! Download Update
    Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 v.14.32.31332.0  Warning! Download Update
    Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 v.14.32.31332.0  Warning! Download Update
    TreeSize Free V4.7 (64 bit) v.4.7  Warning! Download Update
      
    WinRAR 5.91 (64-bit) v.5.91.0  Warning! Download Update
    mIRC v.7.63 Warning! Download Update
    Windscribe v.2.6.14  Warning! Download Update
     
    VLC media player v.3.0.12  Warning! Download Update
     
    Google Chrome v.121.0.6167.85  Warning! Download Update
    Mozilla Thunderbird (x64 en-US) v.115.4.2  Warning! Download Update
      
    Windows Live Essentials v.16.4.3528.0331  Warning! This software is no longer supported.
    Bonjour v.3.0.0.10  Warning! Your pc does not need this.UNINSTALL.
  4. Maurice Naggar's post in RTP detection of a website was marked as the answer   
    Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes.
    Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center
    Click the Security Tab. Scroll down to
    "Windows Security Center"
    Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
    { We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
    IF that line-selection is greyed-out  unavailable, do not fret. Just skip over that.
    This will not affect any real-time protection of the Malwarebytes for Windows    😃.
    Close Malwarebytes.
    >
    The following should squash a rogue pest  GoogleUpdater
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  It removes the rogue GoogleUpdater. This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
    Try to remember what app or tweak or game you downloaded before the current troubles began.
    NOTE: After this run I would expect the IP Block events to cease, and I expect your system to be running better than before.
  5. Maurice Naggar's post in Windows defender got deleted. was marked as the answer   
    Per the SecurityCheck report, thse applications need your attention and follow-up.
    Microsoft Visual Studio Code (User) v.1.83.0  Warning! Download Update
    Microsoft Office Enterprise 2007 v.12.0.6612.1000  Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

    Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0  Warning! Download Update
    Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0  Warning! Download Update
    Microsoft Office 2007 Service Pack 3 (SP3)  Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

    7-Zip 22.00 (x64) v.22.00  Warning! Download Update
    Uninstall old version and install new one.
    WinRAR 4.00 (64-bit) v.4.00.0  Warning! Download Update
    WinRAR 5.91 (32-bit) v.5.91.0  Warning! Download Update
    Java 8 Update 251 v.8.0.2510.8  Warning! Download Update
    Uninstall old version and install new one (jre-8u401-windows-i586.exe).
    VLC media player v.3.0.17.4  Warning! Download Update
    K-Lite Codec Pack 17.6.0 Full v.17.6.0  Warning! Download 
    Update
    Mozilla Firefox (x64 en-US) v.119.0.1  Warning! Download Update
    Google Chrome v.120.0.6099.227   Warning! Download Update
    NOTE that the Microsoft Defender antivirus is reported as Running. And the FSS report is all good, as concerns MS Defender.
  6. Maurice Naggar's post in Malware doesn't allow me to update windows and blocked antivirus websites was marked as the answer   
    Hello. I do not now see that this Windows got the FRST64.exe tool by Farbar. I need you to insure to download, and SAVE it to the DESKTOP.
    download & save a new copy of the tool FRST64.exe from this link
    Insure it is now on the Desktop.
    Next, Close all apps that you started that are open. AND then be sure to do a Windows RESTART.
    The, I need you to run a custom script.
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It attempts to check for and list missing Windows services. It will attempt to run one Quick scan with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    FRST64 program location:   Desktop folder. That is what we will use.
    Please download the attached fixlist.txt file and save it to Desktop
    Fixlist.txt- < - - - -
    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Desktop folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    Also, kindly attach this report file D:\Error404\Downloads\Runlog
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  7. Maurice Naggar's post in Powershell outbound connection blocked was marked as the answer   
    CureIt reported 
     
    One other scan here.
    TrendMicro HouseCall scan
    from this Link
    First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
    Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
    The program will check with TrendMicro & do a update run.
    Next it will show the Disclosure window.
    Click Next to proceed.
    The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.
    I suggest a CUSTOM scan on C drive.
    IF you wish a Full scan or a Custom scan, first click on the Settings
    then you can select which drives you want to include in the scan.
    The default is a Quick scan.
    Click Scan now when ready.
    The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.
    When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
    If you see an item that you know is safe, you can click the Action  , and select Ignore.
    When all done & ready, click the Fix now button.
    The "Summary" at the end at "Review Results" is what matters.
  8. Maurice Naggar's post in Windows Powershell sending Outbound connection to IP address constantly was marked as the answer   
    One other scan here.
    TrendMicro HouseCall scan
    from this Link
    First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
    Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
    The program will check with TrendMicro & do a update run.
    Next it will show the Disclosure window.
    Click Next to proceed.
    The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.
    I suggest a CUSTOM scan on C drive.
    IF you wish a Full scan or a Custom scan, first click on the Settings
    then you can select which drives you want to include in the scan.
    The default is a Quick scan.
    Click Scan now when ready.
    The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.
    When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
    If you see an item that you know is safe, you can click the Action  , and select Ignore.
    When all done & ready, click the Fix now button.
    The "Summary" at the end at "Review Results" is what matters.
  9. Maurice Naggar's post in Concerned that I might be infected, need help was marked as the answer   
    This machine does not have Chrome browser. It has Firefox as the default browser. Yet, even though there is no Chrome browser, the machine does have two fake "Googleupdater" services and a fake scheduled task related to the fake googleupdater. These will be removed.
    IF you recently downloaded a highly questionable game or app  especually one that may be a crack or hack, be sure you let me know what exactly you recently accepted or downloaded and ran.
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  It removes two fake "Googleupdater" services and a undesirable scheduled task related to the fake googleupdater. These will be removed.  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    It also initiates a CHKDSK for the next time that Windows is Restarted / rebooted.
    Please Close all open work before you actually do begin this run.
     FRSTENGLISH,exe program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    Have Lots of patience and do not interfere with the CHKDSK on the next Windows Restart.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  10. Maurice Naggar's post in Sometimes my machine works slowly was marked as the answer   
    The ESET Onlinescanner no threat; no virus. 😃
    One other scan here.
    TrendMicro HouseCall scan
    from this Link
    First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
    Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
    The program will check with TrendMicro & do a update run.
    Next it will show the Disclosure window.
    Click Next to proceed.
    The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.
    I suggest a CUSTOM scan on C drive.
    IF you wish a Full scan or a Custom scan, first click on the Settings
    then you can select which drives you want to include in the scan.
    The default is a Quick scan.
    Click Scan now when ready.
    The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.
    When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
    If you see an item that you know is safe, you can click the Action  , and select Ignore.
    When all done & ready, click the Fix now button.
    The "Summary" at the end at "Review Results" is what matters.
  11. Maurice Naggar's post in VirTool:Win32/DefenderTamperingRestore was marked as the answer   
    Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes.
    Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center
    Click the Security Tab. Scroll down to
    "Windows Security Center"
    Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
    { We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
    IF that line-selection is greyed-out  unavailable, do not fret. Just skip over that.
    This will not affect any real-time protection of the Malwarebytes for Windows    😃.
    Close Malwarebytes.
    >
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run one Quick scan with Microsoft Defender antivirus. Depending on the speed of your computer this fix may take 50 minutes or so.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  12. Maurice Naggar's post in Help was marked as the answer   
    ESET Onlinescanner reports no threats found.
    16/01/2024 19:11:05 Files scanned: 603078 Detected files: 0 Cleaned files: 0 Total scan time: 01:22:45 Scan status: Finished I cannot possibly tell what that python script was about.
    Now a different scan with another security scanner. 
    You should first Close as many of your open-user app-screens as possible. That is to say, Exit all that you do not need to have open.
    This with Kaspersky KVRT tool.
    Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

    Next, Select the Windows Key and R Key together, the "Run" box should open.



    Drag and Drop KVRT.exe into the Run Box.



    C:\Users\Alex\DESKTOP\KVRT.exe will now show in the run box.



    add -dontencrypt Note the space between KVRT.exe and -dontencrypt

    C:\Users\Alex\DESKTOP\KVRT.exe -dontencrypt 
    should now show in the Run box.



    That addendum to the run command is very important.


    To start the scan select OK in the "Run" box.



    The Windows Protected your PC window "may" open, IF SO then select "More Info"



    A new Window will open, select "Run anyway"



    A EULA window will open, tick both confirmation boxes then select "Accept"



    Go slow & careful on this part.  In the new window select "Change Parameters"


      In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and "Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. you
    completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20240118_203000.klr
    Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply Have lots of patience, as this will most likely run for many hours. Also, be aware I am a volunteer here. I help here as personal time permits. I am not on all the time. Keep sticking with me, until I do give the all clear.
  13. Maurice Naggar's post in 2 New Detections was marked as the answer   
    ESET Onlinescanner found and removed npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. It attempts to help regarding the block events. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm. There is customization specific to this particular system.
    After this run, we want to monitor to see whether any new I P Block events happen that mention "trackmenow.life" or "hj5ozcalb.puzztake.com"
  14. Maurice Naggar's post in Atuctservice - PUP.Optional.BitCoinMiner removal was marked as the answer   
    Hello. Good day to you. I am very happy to finally have these FRST reports. This here is the first round with the goal of getting leftover traces of Reasonlabs RAV Endpoint removed  AND to get Microsoft Defender antivirus enabled, updated  and on.  More round later for other things. Stick with me.
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  It will attempt to run one scan with Microsoft Defender antivirus. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    ENGLISHFRST program location:   Desktop folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Desktop
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, ENGLISHFRST and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  ENGLISHFRST and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Desktop folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
    Fixlist.txt
  15. Maurice Naggar's post in RegAsm Assembly Continuously Pops Up was marked as the answer   
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to remove the rogue Adobe Photoshop 2022 v23.5.0.669. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    Farbar  FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
    Stick with me. After this we will need to run some security and antivirus scans with different trusted tools.
  16. Maurice Naggar's post in I think I may be infected with a bitcoin miner. was marked as the answer   
    The latest scan by Malwarebytes is all good. Plus, I notice that the Windows operating system build is the latest one, ....Windows 11 Pro Version 23H2 22631.3007 (X64)
    Bravo 😀
    SecurityCheck by glax24              

    I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.
    Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe.   Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt  



     
    Thank you
  17. Maurice Naggar's post in Another virtool:win32/defendertamperingrestore threat in MS defender issue was marked as the answer   
    The Three lines about "anti-spyware" were all dated the Thirtieth of December at the same time. This "protection history" is not being cleared in a proper manner. There is NO current undealt-with item. We will run this next run to do a cleanup.
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    Please Close all open work before you actually do begin this run. This run should be fairly quick.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  18. Maurice Naggar's post in virtool:win32/defendertamperingrestore threat in MS defender since MWB was marked as the answer   
    It seems as if we just cannot catch a break here.  << sighhh >>
    First of all, look on the Downloads folder for FIXLIST.txt    IF present, please insure to Delete it.
    I believe you mentioned you now have Malwarebytes Premium.
    Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes.
    Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center
    Click the Security Tab. Scroll down to
    "Windows Security Center"
    Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
    { We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
    IF that line-selection is greyed-out  unavailable, do not fret. Just skip over that.
    This will not affect any real-time protection of the Malwarebytes for Windows    😃.
    Close Malwarebytes.
    >
    I am going to suggest saving this new custom-fix script and then placing Windows in SAFE mode. Only then running this script.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlisr.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
     
    we need to be sure to place Windows into SAFE mode  (before we do the run).
    You may begin to do this from the Windows-sign-in-screen. See this Microsoft support how-to-article]/url]
    You would need to first do a LOGOFF so that then you see a fresh sign-in screen.
    Once your machine is in SAFE MODE
     
    Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
  19. Maurice Naggar's post in Bitcoin miner virus in my PC was marked as the answer   
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. Depending on the speed of your computer this fix may take 50-55 minutes or more.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
  20. Maurice Naggar's post in RTP Connection Blocked every few minutes was marked as the answer   
    Your machine has a Fixlist which I must ask you to Delete
    C:\Users\elask\Downloads\Fixlist.txt
    You have tried a Fixlist on your own?  why ?? Most all Fixlists on this board have customizations specific to the unqiue machine involved. And that is over and above the user-specific environment variables.
    Has this system always had BITDEFENDER ? or is that a recent Trial setup ?
    You ran KPRM on your own ?? why ??
    Please do not do any further self-modifications or runs of tools on your own. I am guiding you
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will clear a unwanted Restriction on Microsoft Windows Update. It will attempt to clear Cache files of web browsers.  It will attempt to clear temporary file areas. Depending on the speed of your computer this fix may take 50 minutes or so.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
     
  21. Maurice Naggar's post in Trojan.crypt.generic & GoogleUP exploit & Windows Update fails was marked as the answer   
    Hello. This system does not have malware infection at this point. The main original issue of this thread was cured a good while ago. And I would remark that being able to maaually update the Microsoft Defender definitions is a good factor.
    So, no malware being present, I will mark this case as resolved. For the issues of failing updates with Windows Update I am referring you to Sysnative forum,
     I very much regret the on-going repeating issue with Windows updates.
    There are extremely able specialists at the Sysnative forum who could help you with the Microsoft Windows Update.
    Joining the forum is free.  You just need to register and get a forum account there.  The help is free.
    Just have lots of patience till you get a human-expert helper.  This is a holiday period and they stay very busy.
    The main forum link is  https://www.sysnative.com/forums/
    After you have an account,  then do the preliminaries suggested at this pinned topic
    https://www.sysnative.com/forums/threads/windows-update-forum-posting-instructions.4736/
     
    Provide them with a summary of the situation. Mention I sent you there. You may also provide them a link to this case. Have much patience there since it is now the end-of-year holiday season.
    Let me know if I can otherwise do anything else for you. 
    To cleanup the tools I had you use here:
    👌💢 Temporarily disable Microsoft SmartScreen to download the next software below
    Let's go ahead and do some clean-up work and remove the tools and logs we've run.
    Please download KpRm by kernel-panik and save it to your desktop.
    right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) Delete mb-support-1.9..995.exe Delete mbst-grab-results.zip on the Desktop. Your system is good-to-go.    😎
    Sincerely.
     
  22. Maurice Naggar's post in virtool:win32/defendertamperingrestore - is it actually dangerous? was marked as the answer   
    Hello. The Windows Defender antivirus is actually, truly in good normal state. All the prior messages are actually not applicable. All it is, is, the MS Defender is not "clearing" Old alerts in a timely manner. We are going to do a special custom fix. And we need it to be done in the SAFE mode of Windows.
    When you have quiet time, do these steps.
     FRST64 program location:   :D drive  Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to  :D drive  Downloads folder.
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.
    NEXT, get the Windows system into SAFE Mode. See the Microsoft how-to-guide
    .
    Once in Windows Safe mode, do this.
    Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
     
  23. Maurice Naggar's post in PowerShell Bitcoin Miner trojan was marked as the answer   
    Hello. It is quite unfortunate that the run went past the 60 minute time limit. We will need to do a new run.
    This time, please be sure you do one Windows >>>Shutdown >>> Restart.
    Then look on the folder C:\Users\ADMIN\Desktop\Diagnostics
    Look for and Delete any file named Fixlist.txt
    Also delete any files named Fixlog.txt
    Once that is done, we need to do this new run. This run should certainly only really take less that 20 minutes or so.
     
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    Please Close all open work before you actually do begin this run.
    FRST64.exe program location:   C:\Users\ADMIN\Desktop\Diagnostics  folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to C:\Users\ADMIN\Desktop\Diagnostics  folder.
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the C:\Users\ADMIN\Desktop\Diagnostics  folder. folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
  24. Maurice Naggar's post in Trojan:Win32/Wacatac.B!ml was marked as the answer   
    There were some items flagged from before by Malwarebytes, that do need to be removed  Quarantined
    First some housekeeping, and then one Scan. 
    Start Malwarebytes. Click Settings ( gear ) icon. Next, let us make real sure that Malwarebytes does NOT register with Windows Security Center
    Click the Security Tab. Scroll down to
    "Windows Security Center"
    Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
    { We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }
    This will not affect any real-time protection of the Malwarebytes for Windows    😃.
    now Click the General tab. Under Application updates, click the Check for updates button. When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.
    If prompted to do a Restart, just please follow all directions.
    Let me know how that goes.    Next, the Malwarebytes scan
    Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.
     
    When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
    >>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢
     

    Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark
     
    Then click on Quarantine  button.

     

    Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
    See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
     
    (  2   )
     
    Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.
    It will not take much time,
    First download & save it
    guide & download link
    Then be sure to close all web browsers after the download & before launching the tool.
    Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner
    Guide article
     

    Attach the clean log from Adwcleaner when all completed.
  25. Maurice Naggar's post in Atruic Service was marked as the answer   
    If you have a antivirus application that is NOT by Microsoft, you will need to first disable that antivirus application.
    Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine.
    NOTE-1:  This custom fix will attempt to  remove the remainders of the pest whose display service name is Atruic.  This is a serious infection.
    Please Close all open work before you actually do begin this run.
    FRSTENGLISH program location:   Downloads folder. The tool is already on system. That is what we will use.
    Please download the attached fixlist.txt file and save it to Downloads
    Fixlist.txt<- < - - - -
    NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.
    Right-click with your mouse on  FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important.
    next, press the Fix button just once and wait.
    You will see a green-color scroll display while FRST is running.
    If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
    The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.
    Note: If the tool warned you about an outdated version please download and run the updated version.
    The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.
    NOTICE: For potential outside readers,  This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm.
    Stick with me. We will need to do more checks and another report or two.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.