Worrier
Honorary Members-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Worrier
-
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Thanx Kevin. Will use that one then. Regsrds. Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Kevin. Hi Kevin. I will difinately look at following your advice. Thanx again for all your help and patience. I see with Panda USB Protection it forms part of free antivirus.... Do you thes sugest I Rather go that route? -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Good day Kevin. Thank you for the welwishes. Windows has now been freshly installed on my pc, but i still have to install all 3rd party apps. (Not sure though whether windows security is sufficient or should i go with another. (Unfortunately i have to go with free versions as this lockdown has also placed restrictions on the backpocket). Regards Worrier. -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Good day Kevin. Yes I still am. I will reload Windows duri g the weekend. My son is writing exams now and with he is using the mashine most of the time for assignments etc. Will let you know when done if OK? -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. everytime I try to run (even as Admin) from command prompt I receive a message stating that the drive (X) is locked? I also tried from cmd as admin and CHKDSK /r would not rus on restrt, but if I go to Event Viever there is a log available. See attached. Also checked the D/L folder in Admin user ad that one is not corrupted. CHKDSK r.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. At last...Exam time and all 1) I have tried to reset this PC (Keeping my files), But received a error message to the following extent. There was a problem resetting your pc. 2) (With Deleting Everyting) Startup repair couldn't repair your pc. Press Advanced Options to try other options to repair your pc or "Shut Down" Log file D:\WINDOWS\system32\logfiles\srt\srttrail.txt (but this dvd writer does nor work, so no logfile, sorry) I then inseted a bootalble usb with an O/S and went to Command prompt... Ran CHKDSK from there and it worked, I will attach the logfiles generated although I received a message stating"failed to transfer logged messages to the event log with status 50" A rundown of the result attached as "CHKDSK log" Also tried CHKDSK /scan and CHKDSK /spotfix Not one of the last 2 scans ran at restart... Still cannot delete, copy and paste new Downloads folder from root Regards Worrier CHKDSK 2 log.txt CHKDSK log.txt CHKDSK scan log.txt CHKDSK spotfix log.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. Not yet. Haven't had time to get to it. Will try to tonight when I get home from work. Thanks for your patience. Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin I am now back on the original user. Also a no go on the CHKDSK as ADMINISTRATOR. I tried 3x with normal restarts and hard power down. Also tried the sfc /scannow in command prompt. Also did not execute. Then I tried to run Easeus Tools M out of frustration, but there it would not even let me choose the drive (same as when we started this whole process.) Question from a total novice. Would a repair from installation disk not do the trick? Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi there Kevin OK will do and report back. ... -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
OK. Sorry For that, Quick test still shows pass. Waiting far Extended to finish.... Attached log as required Thanx DLGDIAGLOG Test Results.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
OK. Sorry For that, Quick test still shows pass. Waiting far Extended to finish.... -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. SMART Status = Pass (All Attribute Names has a Green Check mark next to it) Thank you Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi there Kevin Attached the VEW Log Regards VEW Log.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi there Kevin I tried to follow the steps to copy the and paste the "Downloads" folder, But the system would not allow me to delete the original d/l folder. (On rightclick I get the option to delete, but then nothing happens) Have also tried chkdsk again and restarted but restart was normal with no scan. I did run the fix you requested, and restarted the machine as per popup. Log attached... (And oh, FRST did an update first) Regards Fixlog.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Thanx for the info Kevin. No the school admin should not have access, as we do homeschooling, and I never gave explicit permissions to them either. This "intrusion" had to have happened remotely. Will you please elaborate on your term "enigma" please. Thanx Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. Wi do use this pc for school use but my knowledge is way below that level as admin to even start to understand exactly what all this means... To answer your last question. Nope. Not sure how to do it. If you can assist i'll appreciate Worrier -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Kevin. Here's the article copied and pasted. FullscreenxUpdate: The story was updated with Kaspersky Labs comments.This is a story of how a “feature” that exists in all of Kaspersky Lab’s antivirus software for Windows since 2016, which was discovered by a German journalist earlier this year, led to a major security issue that let cybercriminals track millions of Kaspersky customers without their knowledge.It all started when Ronald Eikenberg, a reporter at German computer magazine C’t, began testing antivirus software for the March issue of his publication. Several months later he made a strange discovery in the HTML source code of a website he was visiting and found that Kaspersky’s antivirus software was injecting some code (a Javascript script) into webpages.“It looks as if Kaspersky was looking for a way to interact with websites without requiring the installation of a browser extension on the user’s system,” Eikenberg told me. “One of the purposes of the script is to evaluate Google search results displayed in the user’s browser. If a link is safe, the Kaspersky software will display a green shield behind it.”From spying to possible cyberattacksHowever, in order to be able to insert the script, the Kaspersky software is analyzing the user’s web traffic including SSL-encrypted connections, Eikenberg added. Which is for me a major security and privacy issue right there as Kaspersky has now the knowledge of all of the websites its customers are visiting, including inside secure corporate networks.“Before that day, I had observed such behavior only from online banking Trojans which is malware built to manipulate bank websites, for example, to secretly change the recipient of a money transfer,” wrote Eikenberg. “So, what the heck was Kaspersky doing there?”I’ve contacted Kaspersky’s U.S. office regarding Eikenberg’s data leak discovery as well as Eugene, the company’s CEO and co-founder, and I will update this report with their response (see below).Furthermore, Eikenberg also found out that Kaspersky’s servers were injecting a unique identifier into the HTML source code of the visited Web page that not only identifies a particular user but also the computer used.“Even the incognito mode did not offer any protection against the Kaspersky-infused tracking,” added Eikenberg. “At this point, it was clear that this was a serious security issue.”Atherton Research InsightsLast month, Kaspersky issued a patch which gives the same identifier for all the users of a specific version of the Russian company’s antivirus software (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security) which still allows a malicious hacker to know that an antivirus software is installed on the machine and whether the version has already been patched against the ID leak—which is still very valuable information for an attacker.To prevent Kaspersky’s antivirus to inoculate the problematic Javascript script—which it does by default—we recommend to manually uncheck it in the software settings, depending of course on how you feel about being spied upon. Below is Kaspersky Labs’ response to our story:Kaspersky has changed the process of checking web pages for malicious activity by removing the usage of unique identifiers for the GET requests. This change was made after Ronald Eikenberg reported to us that using unique identifiers for the GET requests can potentially lead to the disclosure of a user’s personal information.After our internal research, we have concluded that such scenarios of user’s privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process.We’d like to thank Ronald Eikenberg for reporting this to us. -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Hi Kevin. Private pc. I read an article today that Kaspersky also insetrs certain scripts (dont know if it's true though) will post the link if you need to read it. -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Good evening Kevinf80 I have run the Scan The logs are attached, but I do not agree with the date and time. This scan completed about 20:00 my time 2020-05-08 Rgds Worrier mrt.log -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Good evening Kevinf80 I have run the Fix... restarted the machine, ran Farbar. The logs are attached Rgds Worrier Fixlog.txt FRST.txt Addition.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
I do not mind replacing the Downloads folder. Would you mind elaborating on the process how to please? I will be offline now until tomorrow again. Thanking you in advance for your assistance thus far. Worrier FRST.txt Addition.txt Search.txt -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
There should be... although I can't see any of it at this stage...Attachents from e-mails etc. Now it won't download with error "Download failed" most probably due to the corrupt downloads folder which is inaccessable... -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Manual -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
When I try to open it the following error pops up:Downloads is not accessable. The file or directory is corrupted or unreadable. I noticed it trying to download from all browsers. Chrome, Edge and Internet Explorer... -
I'm infected - What do I do now?
Worrier replied to Worrier's topic in Resolved Malware Removal Logs
Kevinf80 Thank you for the reply, and thank you for the assistance here is a copy of the command prompt: I will also attach the log file... C:\WINDOWS\system32>DISM /Online /Cleanup-Image /CheckHealth Deployment Image Servicing and Management tool Version: 10.0.17763.771 Image Version: 10.0.17763.1158 Error: 87 The cleanup-image option is unknown. For more information, refer to the help by running DISM.exe /?. The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log C:\WINDOWS\system32> Ps. Are you aware that my downloads folder is corrupt? Thanks Worrier dism.log