Jump to content

dgheorghiu

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by dgheorghiu

  1. I saw MB keeps all the quarantined items: you don't need their list, do you? I had been set sms-authentication or phone app authentication already for ALL email services or other important sites/services. The attacker had been changed the passwords one time because I couldn't rescue the browser completely at that moment as to permit navigation on all the sites and change the authentication mode to sms-authentication. One morning I received a noisy (nasty) SMS on my phone, it was written in the Russian alphabet and was a pin code authentication message for booking.com or Proton mail or zoho mail : the attacker was trying to change my credentials and he wasn't able to work it out! He got no money at all. But all mail accounts were keeping one, two, three "mail sent" emails with attachements with about a page of mu usernames ans passwords from all they got. A good way of thinking was that I was been keeping the passwords in LastPass since long time ago and Keepass too, which were accessible to work through, although the browsers were prevented to take act from a plenty of attacker's actions. He gave his name, a Spanish (bogus) name he has, I didn't remember at all the first, last name of him.
  2. C:\ProgramData\360Quarant C:\$360Section C:\Windows\SysWOW64\Drivers\360AvFlt.sys C:\Program Files (x86)\360 How these can be detected because I can't find them? kprm-20230504001923.txt
  3. From all the entries of the list there are no visible folders in my folder tree.
  4. The FFDC234A-CE9B-08F9-406B-F876951CE066 register contents I;ve been deleted now. Also the mouse HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [184320 2008-03-19] () [File not signed] can be a problem as my mouse use it?
  5. 360 total security is at this registry I can't delete this registry. I'm OK now 360.txt Addition.txt
  6. Hello and good night! 1) The mouse register Amoumain is there because the mouse (an electromagnetic A4Tech Battery-Free) was not detected by Windows in a suddenly anouncement of my Windows OS and the vendor old driver was outlined by MS Windows; since than I have an USB HID-compliant driver for the mouse which is the actual driver. 2) I want to say that 360 Antivirus is not installed (can't be executed), yet it is detected by FRST or other scan tools because their registers are not deleted after the installation. Maybe it was long time ago when that malicious add masked by that AV whom I did not pay attention clicking without been cognitive at the virus 360 notice in my mind when the 360 add showed on my screen done its job and then I installed it without knowing it's not OK I don't know. So I didn't scan with 360 AV : it's not installed effectively, although the tool says yet it's even updated. 3) No threats found by Sophos. Sleep well, I will be back at this thread 10 hours later when we'll discuss furthermore! SophosScanAndClean_20230503_0922.log
  7. Hello! I must say there are 100 quarantined items in my MB Premium out-of-Trial and 150-200 history events since early weeks before, a lot of them I've recognized as OS functional items and I used this MB option of ignoring them. I am in a very delicate situation when I asked myself what to do with them. Windows Defender is very week at this job at detecting them. If I run daily a MB Threat Scan, it's maybe OK but not to install Android software on PC anymore. I have "360 Total Security" installed here from the former analysis of the tools downloaded during these days. I don't know how to escape (delete) it since it looks like no folders but only registers keep this AV alive. I'm holding out my hand and shake your hand!🙂Especially many thanks to you! Blast them out! Addition.txt FRST.txt MB History event 26 04 23.txt MB Report May 02 23.txt AdwCleaner[C01].txt
  8. Thank you, guys! This is it! It worked! I don't know how thankful to be to you! Some updates had been downloaded and installed and a big update is installed now at 21%. Till I'll see the "You're up to date" screen, I must say on the first half of April I'd been reading an email message - inbox another than Google - with all my account credentials hosted into my PC (a long, huge text) plus a sent email containing the plain password and username of that private mail service account of mine to a specific yahoo mail address (the attacker) and of course a pdf letter which was saying : If you read this, I tell you I know everything about you and if you're not uploading to this account of telltale cryptocurrency an amount I think equivalent to some thousands of $, then I'm gonna sent to all of your contacts pornographic photos of you because I'd copied all of your hard disk data to my storage. Boom! I don't care. I'd changed all mail accounts passwords and 2 steps authentication and beyond, booking.com with France trips now in August valued at hundreds of thousands USD with language set to Russian (approx. 20 heavy charged and detailed trips from US to France I don't know why even now). Microsoft was set up with 2 steps Authentication before the attack so that's what it permitted to me as some sites opened by the browsers were visible to get a solution of salvation and bring back to full function the browsers. Now it's FINISHED! I will send my keyboard skills to a rest! Now Windows Update says "Restart required to install the updates!" If nothing will happen after the restart, peace be with you, guys! I'm happy! Cheers!
  9. Good night! I'm just fine with the virus many thanks to your colleague MKDB so I'm using my PC to FB, watching videos, etc... Sleep well! I will wait to more repairing till you wake up tomorrow!
  10. I'm very slowly because I'm trying to keep learn speak English as US speak. I'm just in the job boot up. Look, I wanted to post a lot of details in the first post, but it looked like the thread couldn't accept all my first words, so I ended being short and simple. I wanted to delete bloatware fom my new Android because a wallpaper peeve moment of mine as I think now. I'd download a programming Android vendor specific tools and run to install other specific Java and I didn't notice why the prompt windows were such fast running, but only because my Windows was 2 steps authentication and very few others escape me from the nighmare of such a desaster I'll prevent in the last moment. Take administrative control by an attacker of all my browsers etc, ok I'm fine now after 3 weeks of fighting. I can not post because of the forum rules of spam.
  11. Hello @AdvancedSetup! I've done a net search about Delivery Optimization Services, and I found some interesting things, so I opened the Local Group Policy Editor - look at the attached screenshots: I found accordingly in the web page shown in the screenshots that this Download Mode for DOsvc is not set. Can I set it? FSS.txt
  12. Before I've done that, I run: sfc /scannow dism /online /cleanup-image /scanhealth dism /online /cleanup-image /restorehealth This job before your last post. So, I run the job of FRST fix after. No better result. Fixlog.txt
  13. I want to say I'd uninstalled before work today a windows app I'm not sure its license is continuous free because it's not a payed license. Its name is TOTAL COMANDER which I used as a FTP tool for my Wi-Fi FTP Android server transfer between PC and wireless Android. Addition.txt FRST.txt
  14. I'd run the FRST tool in fix mode and after prompting restart, I follow the restart and after that completed the Windows Update screen looked like 👇 (it's been showing the updates list but can't download them). I rebooted the OS again as Windows Updates had been recommending as a fix to this ("Restart your device may help") and after that updates wouldn't be downloaded again. But I'd tried an additional step whom I'd thinked upon ... the Window Troubleshooting entry from Settings. After running Win Updates Troubleshooter, it displayed that it had fixed up an issue (which has been listed below - view the screen capture attachment file) and then I'd documented the Troubleshooting process explanation: I'd copied/pasted the result inside the attachment file "WinUpdateTroubleshooting2.txt". I rebooted the system, and it can't download no updates at all either. WinUpdateTroubleshooting2.txt Fixlog.txt
  15. After completing the download of FSS.exe, the file was inaccessible to open (the browser downloads pop-up displayed an "attention" message explicitly): it has been needed to allow "the threat or file" which OS suspected to be a malware by using the Windows Security protection history recommended actions. Addition.txt FRST.txt FSS.txt
  16. Windows Updates is not working, the same as I initially reported. FSS.txt Addition.txt FRST.txt
  17. FRST worked out in few seconds and after restarting it doesn't show up its running any more in my opinion. I didn't want to restore the ESET found malware because I think they're not false ones, so I accepted to be quarantined. It's not needed the scan log? Windows Defender found some malware in the meantime whom ESET was running on and quarantine them. Fixlog.txt ESSETONLINEscanlog.txt
  18. Windows Defender doesn't permit Bleepingcomputer site any file download. So, I used Softpedia or CNET for the FRST and FSS downloading. FSS.txt Addition.txt FRST.txt
  19. Now Windows Security shows "No current threats" but can't check for updates in Windows Update. Fixlog.txt
  20. I got infected after install some PC utilities for Android on Windows 10. The principal concern is that Windows Update can't check for updates since approx. 20 days when I installed Malwarebytes trial. Also, I found a now closed topic that seems to address a quasi-identical issue. I am calling for help as in that topic the issue was happy solved! MBFullScanReport04-23-23.txt Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.