Marcus024

Hello Kevin, Thats great to hear! Means mbam and adwc really seem to have gotten all of it, damn. Oh nothing in particular, its just i wanted to do a FRST check just in case.

Hello Kevin, Thank you for helping. Here are the two logs you have requested.FRST.txtAddition.txt

Hello, A family member of mine who is not so good with computers has fallen for a cheap software redistribution bait. Some crappy site that has OpenOffice bundled with malware, claiming to be the official site. I have already ran malwarebytes and malwarebytes AdwCleaner multiple times. Both found a few things, but now neither are finding anything. Even tho i doubt this is anything serious, the paranoia and curiosity got to me and im wondering if there could be any residue. Would be nice if someone could help me try a few other things and maybe those will find something. Checked my startup programs. Found nothing suspicious there. Heres a few logs. Sorry that they are in German.adwcleaner_scan2.txtadwcleaner_scan1.txtmbam_scan2.txtmbam_scan1.txtmbam_realtime_protection_exploit_detected.txtmbam_realtime_protection_malware_detected.txtadwcleaner_clean2.txtadwcleaner_clean1.txt

Yeah, sorry.... I learned that the hard way now. Im not noticing anything yet, everything seems to be working fine for now but you never know, so I am going to try System Restore. EDIT: In the system restore points there was only one restore point that i could choose, that was about an hour after i screwed up, so that isnt gonna work :(

I got this Problem today and was just about to make a Post about this with the logs when i realised the entire Forum is splattered with Threads about this and its a False Positive. Now, the Problem here is, i already quarantined and deleted all of those so... Did i just damage my Computer? Deleting official windows files doesnt sound very umm, healthy... Is there any way i can restore / repair this damage?

hi kevin, everything has been pretty calm for a few days now...

hi kevin, did that, heres the logs FRST.txtAddition.txt

my pc is doing pretty fine right now, nothing really out of the ordinary but just yesterday it happend again that some window popped up and closed immediately i never have enough time to even read what it is or atleast get a glance of it, happens pretty randomly, like once a week?

hi kevin, i did that, heres the logSearchReg.txt it seems to be something from warface, i dont even play that game anymore

hi kevin, i am really sorry that i kept you waiting for so long. I was busy and i also forgot. important things to mention: while roguekiller scanned, it detected one thing, and after that suddenly windows defender picked up a trojan and quarantined it: Trojan:PDF/Phish.GA!MSR Roguekiller detected GameCenter as PUP.MailRU, but it shows as orange and you said only delete red so keeping it for now, also i have no clue what this GameCenter is, never downloaded it in the meantime while i had kept you waiting (sorry again) malwarebytes suddenly started blocking a lot of connections from my email providers website / server, i was already wondering why i wasnt getting any emails, the moment i included the website to the allow list, all of the emails that were being stalled i recieved and i was getting emails againmsert.logRoguekiller Deleting.txtFixlog.txtRoguekiller Scanning.txtmalwarebytes blocking my emails.txt Roguekiller Scanning.txt Roguekiller Deleting.txt Fixlog.txt

Hi kevin, Sorry to keep you waiting, i am currently very busy and will be gone for up to a whole week. I hope this does not bother you. Just saying this so the thread doesnt get closed.

Hi kevin, Scan within Archives is on. Scan for Rootkits is on. Malwarebytes found nothing, Heres the log:Malwarebytes log.txt Updated AdwCleaner to newest version, ran with administrator, it found one PUP and two preinstalled softwares the PUP was new to me but the two preinstalled softwares always come up, theyre just some random stuff from ASUS and i heard its better to just keep them so i dont accidentally break something, so i kept them the PUP was some suspicious PremiumDownloadManager thing, so i quarantined it and deleted it from the quarantine / from my system completely, no reason to hold onto that crap for some reason it didnt restart my computer, so thats weird, maybe its because i have some settings in the general repair section turned off? right now theres only delete tracing keys and reset winsock, but the others seem like theyre turned off by default anyways, heres the log:AdwCleaner log.txt While i ran FRST, Windows Defender randomly found something: PUA:Win32/PiriformBundler (active) it says low beside the name, im guessing thats for threat level: low i googled it, it seems to be some garbage from ccleaner that appearently bundles a bunch of other products from them with ccleaner, scummy company wow, but it seems to just be harmless bloatware and i never noticed any new programs i didnt install, should i still press "take action"? side note: the FRST addition log said several times that windows defender was cancelled before finishing a scan, that wasnt me, so thats spicy anyways heres the FRST log and the addition:Addition.txtFRST.txt i also have malwarebytes anti rootkit, i downloaded and ran that a long time ago when i was constantly paranoid lol, it found nothing back then and i havent ran it in a long time, should i run that aswell just to be sure? cause idk the stuff i found so far seems like way too little for a bunch of suspicious russian IPs i might have a prediction where all of this comes from tho my dad downloaded a cracked version of vuescan recently, i told him not to because he had downloaded it many times before on other devices and we both knew it was infected in some way (malwarebytes always detected some "RiskWare.HackTool.Agent" thing) but he stayed stubborn and said its important and he needed it so yeah, when he downloaded it on this device as always, MBAM caught riskware hacktool agent, i quarantined and deleted it, and it never showed up again, that happend a while ago so i dont have the logs for that anymore sadly, tho im willing to bet theres still some leftovers from that crack garbage hiding deep inside this machine

Hi everyone, I have been experiencing a suspicious Problem. Malwarebytes has been acting up today. It has appearently blocked several websites due to trojans from steam and steam games. I have read a bit about this and most of the times, it seems to be a false positive, but in my case, the IPs that are actually blocked seem to come somewhere from russia, which is concerning to say the least... It always says the file is either steam.exe or the .exe of the respective game. Strangely, there seems to be no domain / URL. it just says N/A.log5.txtlog4.txtlog3.txtlog2.txtlog1.txt Here are the logs for all of the realtime detections today. Sorry if its a problem that theyre in german.

I tried killing MBAM in Task Manager and it didnt work. So i thought that the Uninstaller itself was broken. Trying this right now... Thank you, that worked.

So i checked if the Java False Positive is still a thing, unfortunately it still is, but the Issue is that this time it broke Java so badly i cannot even uninstall it. Going to Programs and uninstalling results in nothing because Malwarebytes completely blocks access to do anything with those Folders, including Deletion. or Malwarebytes screwed them up so much that even the Uninstaller is confused. So i now have a Corrupted Java installation that i cant get rid of. Is there some way to manually uninstall it or fix this? I CAN delete it when i start in Safe Mode, but I dont think just deleting the Java Folder would uninstall it, im pretty sure there would still be a lot of residue leftover somewhere that might screw stuff up.

Okay so that kind of only partially worked, Twitch now launches on startup again and it seems to be there but there is no Shortcut and its not being shown up as an installed App. Not that big of a deal really, was planning to uninstall GTA V anyway (havent played that in Ages and not planning to, is just taking up unnecessary disk space) Ill just backup my Twitch Files and reinstall Twitch. Apart from that, i think we are done here Fixlog.txt

Wait, youre also getting a block notice? So thats not just me having a hijacked Browser or something? Well this changes everything, guess ill try to contact Curse about that, that doesnt seem right if thats something on their End... I already deleted the corrupted Shortcuts as trying to execute them obviously said the standard response "this shortcut leads to a file that seems to have been moved or deleted bla bla bla delete this shortcut etc." will that screw up the Fixlist?

I dont get anything on https://www.curseforge.com either. It is only on that specific Page that the weird Craftprimes thing happens for some reason: https://www.curseforge.com/minecraft/mc-mods/immersive-railroading I dont get Website blocked Messages from Malwarebytes anymore, as the Browser Guard already picks up and blocks the Connection before Malwarebytes itself notices and blocks it.

What do you mean by that? Of course im not directly visiting craftprimes.com. I am directly visiting CurseForge, whats wrong with that? Its an official Game Modding Website by Twitch. That weird Craftprimes.com Connection tries to connect and gets blocked when opening that specific CurseForge Page.

I just noticed something else. After the Script ran and did its thing and the PC restarted, my Desktop Icons for Twitch and GTA V shortcuts are gone. Its just blank and they dont work anymore. Launching Twitch directly doesnt work anymore. It seems like it corrupted or deleted those two for some reason.

Browser Guard still blocks Craftprimes.com on that CurseForge Page. https://www.curseforge.com/minecraft/mc-mods/immersive-railroading This time, Windows Firewall popped up saying it blocked some Features from Chrome when opening that Page. I just klicked Cancel and didnt allow it private or public network stuff. Im starting to doubt this whole Thing. Maybe that specific Page has been hijacked somehow? CurseForge is usually a safe Site, its owned by Twitch. I also noticed something. When first opening Task Manager, the CPU usage shows something like 60-80% for a split second, displaying everything thats running at 0,0% for that duration and then jumps back to normal idle CPU usage (about like 5%.) Is that normal?

Greetings, Enabled Show Hidden Folders. Disabled The Registering of Malwarebytes Thingy. Checked for Updates. MBAM is at the newest update. Saved the Link to the Downloads Folder. Ran FRSTEnglish As Administrator. It said something about Update complete, just klicked Okay. Klicked Fix and waited for it to run. It restarted, and then CCleaner asked to make changes (UAC.) I klicked Yes? Was that a bad thing? Doesnt seem like it did anything. I thought it was part of the Script. heres the fixlog.txt. Fixlog.txt

Installed the Browserguard now, Works like a Charm, blocks Ads and also blocks that weird Craftprimes Connection on CurseForge. I was just browsing through CF when it first happend. One particular Page then showed that Craftprimes.com was blocked. Ive actually had this happen before on another CF Page, but i dont remember which Page it was and it was some other Trojan / Malware blocked, not Craftprimes. Also, i can see that the MB Support Tool has an integrated Version of FRST. Heard thats a good Scanner appearently. Does it show anything detected? Also heard of ESET once. Should i try a Scan with ESET, whatever that is? mbst-grab-results.zip

Cheers, In the Homepage Box theres only the standard go.microsoft.com Adress. Did what you told me to with IE, i checked temporary files, history, download history, and in addition i also checked to delete all cookies. On Chrome, did what you told me to aswell, Reset the Sync, cleared absolutely everything in browsing data (there was nothing of importance to me anyways so i just went to advanced and checked absolutely everything) Chrome is not set to reload the last page. I also followed the Article and completely blocked any Notifications in Chrome aswell. Thanks, will try the Browser Guard. Unfortunately, it seems that the Internet Explorer thing didnt Work. Weird Craftprimes IP still gets blocked on that random CurseForge Page. Huh, i just tried, its happening on Chrome again aswell.

Hi, Heres the AdwCleaner log. As expected, it only finds the 2 Preinstalled ASUS Thingies.AdwCleaner[S04].txt Those are obviously fine. The weird Craftprimes Connection happend when opening a specific CurseForge Page. Doesnt happen on that Page anymore after having reinstalled Chrome, which leads me to believe that my Browser was hijacked, But still happens on Internet Explorer, but as far as i know there is no way to uninstall / reset Internet Explorer. I mean, i dont use Internet Explorer anyways, but i still dont want it to stay hijacked.