Marcus024
Honorary Members-
Posts
28 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Infected with Fake OpenOffice
Marcus024 replied to Marcus024's topic in Resolved Malware Removal Logs
Hello Kevin, Thats great to hear! Means mbam and adwc really seem to have gotten all of it, damn. Oh nothing in particular, its just i wanted to do a FRST check just in case. -
Infected with Fake OpenOffice
Marcus024 replied to Marcus024's topic in Resolved Malware Removal Logs
Hello Kevin, Thank you for helping. Here are the two logs you have requested.FRST.txtAddition.txt -
Hello, A family member of mine who is not so good with computers has fallen for a cheap software redistribution bait. Some crappy site that has OpenOffice bundled with malware, claiming to be the official site. I have already ran malwarebytes and malwarebytes AdwCleaner multiple times. Both found a few things, but now neither are finding anything. Even tho i doubt this is anything serious, the paranoia and curiosity got to me and im wondering if there could be any residue. Would be nice if someone could help me try a few other things and maybe those will find something. Checked my startup programs. Found nothing suspicious there. Heres a few logs. Sorry that they are in German.adwcleaner_scan2.txtadwcleaner_scan1.txtmbam_scan2.txtmbam_scan1.txtmbam_realtime_protection_exploit_detected.txtmbam_realtime_protection_malware_detected.txtadwcleaner_clean2.txtadwcleaner_clean1.txt
-
47 False Positives RiskWare.Injector.Generic Official Windows Files
Marcus024 replied to Marcus024's topic in File Detections
Yeah, sorry.... I learned that the hard way now. Im not noticing anything yet, everything seems to be working fine for now but you never know, so I am going to try System Restore. EDIT: In the system restore points there was only one restore point that i could choose, that was about an hour after i screwed up, so that isnt gonna work :( -
I got this Problem today and was just about to make a Post about this with the logs when i realised the entire Forum is splattered with Threads about this and its a False Positive. Now, the Problem here is, i already quarantined and deleted all of those so... Did i just damage my Computer? Deleting official windows files doesnt sound very umm, healthy... Is there any way i can restore / repair this damage?
-
hi kevin, i am really sorry that i kept you waiting for so long. I was busy and i also forgot. important things to mention: while roguekiller scanned, it detected one thing, and after that suddenly windows defender picked up a trojan and quarantined it: Trojan:PDF/Phish.GA!MSR Roguekiller detected GameCenter as PUP.MailRU, but it shows as orange and you said only delete red so keeping it for now, also i have no clue what this GameCenter is, never downloaded it in the meantime while i had kept you waiting (sorry again) malwarebytes suddenly started blocking a lot of connections from my email providers website / server, i was already wondering why i wasnt getting any emails, the moment i included the website to the allow list, all of the emails that were being stalled i recieved and i was getting emails againmsert.logRoguekiller Deleting.txtFixlog.txtRoguekiller Scanning.txtmalwarebytes blocking my emails.txt Roguekiller Scanning.txt Roguekiller Deleting.txt Fixlog.txt
-
Hi kevin, Scan within Archives is on. Scan for Rootkits is on. Malwarebytes found nothing, Heres the log:Malwarebytes log.txt Updated AdwCleaner to newest version, ran with administrator, it found one PUP and two preinstalled softwares the PUP was new to me but the two preinstalled softwares always come up, theyre just some random stuff from ASUS and i heard its better to just keep them so i dont accidentally break something, so i kept them the PUP was some suspicious PremiumDownloadManager thing, so i quarantined it and deleted it from the quarantine / from my system completely, no reason to hold onto that crap for some reason it didnt restart my computer, so thats weird, maybe its because i have some settings in the general repair section turned off? right now theres only delete tracing keys and reset winsock, but the others seem like theyre turned off by default anyways, heres the log:AdwCleaner log.txt While i ran FRST, Windows Defender randomly found something: PUA:Win32/PiriformBundler (active) it says low beside the name, im guessing thats for threat level: low i googled it, it seems to be some garbage from ccleaner that appearently bundles a bunch of other products from them with ccleaner, scummy company wow, but it seems to just be harmless bloatware and i never noticed any new programs i didnt install, should i still press "take action"? side note: the FRST addition log said several times that windows defender was cancelled before finishing a scan, that wasnt me, so thats spicy anyways heres the FRST log and the addition:Addition.txtFRST.txt i also have malwarebytes anti rootkit, i downloaded and ran that a long time ago when i was constantly paranoid lol, it found nothing back then and i havent ran it in a long time, should i run that aswell just to be sure? cause idk the stuff i found so far seems like way too little for a bunch of suspicious russian IPs i might have a prediction where all of this comes from tho my dad downloaded a cracked version of vuescan recently, i told him not to because he had downloaded it many times before on other devices and we both knew it was infected in some way (malwarebytes always detected some "RiskWare.HackTool.Agent" thing) but he stayed stubborn and said its important and he needed it so yeah, when he downloaded it on this device as always, MBAM caught riskware hacktool agent, i quarantined and deleted it, and it never showed up again, that happend a while ago so i dont have the logs for that anymore sadly, tho im willing to bet theres still some leftovers from that crack garbage hiding deep inside this machine
-
Hi everyone, I have been experiencing a suspicious Problem. Malwarebytes has been acting up today. It has appearently blocked several websites due to trojans from steam and steam games. I have read a bit about this and most of the times, it seems to be a false positive, but in my case, the IPs that are actually blocked seem to come somewhere from russia, which is concerning to say the least... It always says the file is either steam.exe or the .exe of the respective game. Strangely, there seems to be no domain / URL. it just says N/A.log5.txtlog4.txtlog3.txtlog2.txtlog1.txt Here are the logs for all of the realtime detections today. Sorry if its a problem that theyre in german.
-
So i checked if the Java False Positive is still a thing, unfortunately it still is, but the Issue is that this time it broke Java so badly i cannot even uninstall it. Going to Programs and uninstalling results in nothing because Malwarebytes completely blocks access to do anything with those Folders, including Deletion. or Malwarebytes screwed them up so much that even the Uninstaller is confused. So i now have a Corrupted Java installation that i cant get rid of. Is there some way to manually uninstall it or fix this? I CAN delete it when i start in Safe Mode, but I dont think just deleting the Java Folder would uninstall it, im pretty sure there would still be a lot of residue leftover somewhere that might screw stuff up.