Jump to content

DG2020

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by DG2020

  1. Thanks Kevin, my PC is running smoothly now without any obvious interference. It did so even before we performed the extensive cleaning today, though. Just wanted to make sure that there was no further malware left on my system that I had not caught with the initial AM measures I did yesterday on my own. Thanks again for your help!
  2. Hi Kevin, here are the logs. Some parts (system cmd outputs) are in German because that's my system language. --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.331.2325.0) Started On Thu Mar 04 13:41:57 2021 ->Scan ERROR: resource process://pid:268,ProcessStart:132593351438457103 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:700,ProcessStart:132593351462189236 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:908,ProcessStart:132593351537524752 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:848,ProcessStart:132593351556975913 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:948,ProcessStart:132593351557000821 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:184,ProcessStart:132593351557391813 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2780,ProcessStart:132593351561467834 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4628,ProcessStart:132593351573155195 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5000,ProcessStart:132593351573255724 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5656,ProcessStart:132593351573909632 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11748,ProcessStart:132593351654823151 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11084,ProcessStart:132593352788475859 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1044,ProcessStart:132593352815048992 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4628,ProcessStart:132593351573155195 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5656,ProcessStart:132593351573909632 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5000,ProcessStart:132593351573255724 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11748,ProcessStart:132593351654823151 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:11084,ProcessStart:132593352788475859 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1044,ProcessStart:132593352815048992 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource process://pid:5000,ProcessStart:132593351573255724 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5000,ProcessStart:132593351573255724 (code 0x00000005 (5)) Quick Scan Results for 56D26B01-B1DF-4DA3-888D-BA9821FB12E2: ---------------- Threat detected: VirTool:Win32/DefenderTamperingRestore regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware SigSeq: 0x0000055555C57273 Quick Scan Removal Results ---------------- Start 'remove' for regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware Operation succeeded ! Results Summary: ---------------- Found VirTool:Win32/DefenderTamperingRestore and Removed! Microsoft Safety Scanner Finished On Thu Mar 04 13:46:55 2021 Return code: 6 (0x6) Fixlog.txt
  3. Kevin, thank you for your reply. Here are the requested logs. They appear to be clean. # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-03-03.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-04-2021 # Duration: 00:00:08 # OS: Windows 10 Pro # Scanned: 3595 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/4/21 Scan Time: 10:37 AM Log File: 49efe504-7ccd-11eb-b9a5-005056c00001.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37771 License: Premium -System Information- OS: Windows 10 (Build 19042.844) CPU: x64 File System: NTFS User: xxxxx-xx\Mxxxx -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 393998 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Addition.txt FRST.txt
  4. Hello, yesterday my PC got infected. Here are the details: - Windows started up in safe mode without any apparent reason - next start I was greeted by RelevantKnowledge Adware - Windows firewall service was disabled and inaccessible (greyed out in services management console) - UAC was disabled - Malwarebytes was non-functional (could not connect to service) - Windows was set to a completely different timezone Al in all symptoms of a severe infection I guess. I removed the adware and then fixed / reinstated the mentioned security settings and reinstalled Malwarebytes. After that a scan with Malwarebytes Premium just found a single Adware in registry, nothing else, no rootkit, nothing. Several scans with online scanners from other AV companies resulted clean as well. Is messing up Windows security a known behavior / pattern of RelevantKnowledge Adware? Anyway, I am not fully convinced that my system is really clean now. Any suggestions? P.S. When trying to reinstall Malwarebytes, I was prompted to reboot again and again (see attached screenshot). The reason is that Malwarebytes installer installs a temporary service in TEMP folder. My TEMP dir is located on a non-persistent RAM disk, though. After restart the service exeutable is gone. Had to relocate TEMP for Malwarebytes installation to succeed. Took me a while to figure that out.
  5. @AdvancedSetup This is great news. I am about to jump ship from another full-featured VPN solution. Looking forward to the "VPN kill switch" implementation, which is essential in my opinion. Had some MB Privacy VPN disconnects myself while just surfing the web. One server was Amsterdam, the other one Oslo. When the disconnects occured, immediate reconnect to the said servers was not possiible. Switching to another one worked instantly, though.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.