Zurinto

You were of great help! I really appreciate all the help, I was also able to learn a thing or 2 about dealing with malware, as well as what programs to use when dealing with it. My PC is running much smoother and I no longer get a cmd prompt open everytime my system starts, that definitely was something bad we got rid of, I will watchout for that in the future. Once again thank you very much, I wouldn't have done it without you. Have a great day and weekend!

I got rid of the Online fix, it was for a game I didn't touch in a long time so I also removed it. Here come all the fresh logs! SecurityCheck.txt FSS.txt FRST.txt Addition.txt Malwarebytes Scan Report 2024-07-26 103557.txt AdwCleaner[S02].txt

I got rid of the java development kit, I set up my DNS's, I was able to fix the windows update by expanding the partition, I did the fixlist in safe mode and lastly I finished the ESET scan, it was a long one. Here are the requested logs. The detection in ESET is nothing to worry about, so it basically came clean. Fixlog.txt ESET log.txt

Changed the setting and restarted, here are the new logs Addition.txt FRST.txt

Chrome is now up to date. I don't think clearing chrome is necessary, I keep an eye on the extensions and keep myself safe on the web not clicking any shady links, I also do not want to lose my passwords or important data while doing so. If you do think it's really necessary then I will give it a go. I did run the kaspersky removal tool, I can do so again and provide the logs from it. I am getting support from the VB team to solve the driver issue. What kind of restrictions are those?

Oh sorry, I did not think there is still so much to do. I have solved the issues with software, one issue I had was with installing a windows security update. https://learn.microsoft.com/en-us/answers/questions/1552756/how-to-fix-the-problem-of-update-windows-10-(-down I tried the fixes from this post, but it still did not work, maybe it will work a bit later. I have all the fresh logs. SecurityCheck.txt FSS.txt FRST.txt Addition.txt ZURIS-BEAST.zip mbst-grab-results.zip

I definitely want to take the time and make sure all is safe and sound. I was just wondering if you were able to tell from what we did so far if there was potential malware. I will let you know if malwarebytes catches any other connections. I've still got 12 days on my trial, if by then nothing appears I guess it will be fine, we shall see then. Thank you a lot for your time and help today

So basically I should be fine? There is no malware or spyware or anything of that sort? Do you know if the suspected session hijacks I had happen were caused by something on my pc? I would really like some kind of definitive answer, as much as that is possible.

I just got done with the FRST Fixlist, here is the fixlog. I guess that would have been useful but Revo uninstaller does a great job, I am certain that now there is nothing left of Kaspersky. Fixlog.txt

Void that, I was able to get rid of it with the revo uninstaller, using the advanced scan option of left over files and registry. After a quick computer reset it's all gone. I will proceed with the fixlist now.

So regarding kaspersky, I have stopped using it before and attempted to uninstall it in the past, it removed the majority of it's files, but whenever I try to get rid of it, it says that the program is updating and and the uninstallation process get's canceled. Whenever I check the task manager for any processes that belong to kaspersky I find none. I tried uninstalling using both the windows uninstaller and Revo uninistaller, the end result is always the same. How can I get rid of it fully?

I have done all the scans in the order specified following all the steps. Here are the fresh logs. The 2nd scan with ADWCleaner found nothing so there is no C01 file, that's why I uploaded the C00 once again. AdwCleaner[S01].txt AdwCleaner[C00].txt Malwarebytes Scan Report 2024-07-24 152138.txt FRST.txt Addition.txt

Hi, about 2-3 months ago I accidentally ran an exe file that I think may have been a virus, it didn't pop up any window neither did it seem to do anything. The moment I realized something is up I killed the task with task manager and then removed the file entirely. Next I scanned my PC using both the malwarebytes and windows defender, nothing came up. About a month later I had someone hijack my browser session(I think) on steam, there was no login to my account and I do have 2FA, but there was a computer from russia that accessed my account somehow via web browser. Once again I ran a scan on malware bytes and windows defender, additionaly I ran a microsoft program that scans and checks all the system files for corruption, I forgot the name of it. It took a solid 4 hours to do and also found nothing. Lastly a few days ago I had someone access my twitch account while I was using it, I did not get any kind of notification that someone logged in or anything at all, so again I'm suspecting session hijacking. I once again scanned using malwarebytes and again found nothing. I went ahead and used my free trial of the premium version and today I got a notification that it blocked an outbound connection from scvhost. Here is the log of the scvhost detection. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/24/2024 Protection Event Time: 1:48 PM Log File: 967f83f6-49b2-11ef-a115-1831bfdd0aeb.json -Software Information- Version: 5.1.6.117 Components Version: 1.0.1280 Update Package Version: 1.0.87120 License: Trial -System Information- OS: Windows 10 (Build 19045.4651) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: IP Address: 91.206.244.10 Port: 51032 Type: Outbound File: C:\Windows\System32\svchost.exe (end) https://forums.malwarebytes.com/topic/286933-svchostexe-outbound-connections-being-flagged-what-is-it/ I have found this post that had the same kind of popup as me, I have followed as many steps as I could, here are all the logs from the programs the user was asked to run. Since there isn't much in the logs and scans come clean, are the 2 incidents of what could have been session hijacking connected in any way to this scvhost detection or is it just coincidence? SecurityCheck.txt AdwCleaner[S00].txt Addition.txt FRST.txt