Jump to content

kevinf80

Experts
  • Content Count

    26,132
  • Joined

  • Last visited

Everything posted by kevinf80

  1. Can you disable RDC, is that a possibility or does need to be active.. How to Disable Remote Access in Windows 10 Type “remote settings” into the Cortana search box. Select “Allow remote access to your computer”. This may seem counter-intuitive, but this opens the Control panel dialog for Remote System Properties. Check “Don't Allow Remote Connections” to this Computer. You've now disabled remote access to your computer.
  2. Hello InfectedHelppls and welcome to Malwarebytes, Post the log from Malwarebytes when the scan has finished and found entries have been quarantined.. For Defender; logs are usually saved here: C:\Windows\MicrosoftAntimalware\Support Thanks, Kevin
  3. Nothing of note in those logs, this is frustrating for sure. Are the redirects still happening in all browsers.. Try the following: Please read carefully and follow these steps. Download TDSSKiller from here http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on to run the application. The "Ready to scan" window will open, Click on "Change parameters" Ensure all entries are Checkmarked under Additionl Options, Ensure all entries are Checkmarked under Objects to scan When Loaded Modules is checkmarked a re-boot will be offered, allow that to happen... Continue after reboot select "Change Parameters" make sure entries are checkmarked and then Select "Start Scan" If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  4. Hiya Simone, To fix the current problem you will have to do what is called an "In-place Upgrade" that will not not lose anything but installed windows updates. So apps, personal stuff will not be lost. You will need to read the instructions a few times to fully understand the procedure, there is also a video to watch. I would not recommend upgrading to version 2004, that version has several issues which have not been fully addressed yet. I`ve not updated to 2004 yet, prefer to wait until it will be available without any problems.. Use the link I gave earlier, also is following in this reply.... When inplace upgrade is complete you will have to check for windows updates to get your system fully functional.... https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html An in-place upgrade is much better than a system refesh or reset..... Regards, Kevin
  5. Hiya Simone, Yes it certainly is not good, I believe the only way forward is a repair upgrade of your system. Have a read at the following link and tell me your thoughts... https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html Regards, Kevin...
  6. Hello Simone, Can you select the Windows flag key and R key together, in the run box type or copy/paste services.msc then select ok. The services window will open, scroll down to the "Windows Defender" section, what status and start up type do you see against the Windows Defender entries. I`ve attached an image showing my service settings, for the defender settings mine are manual as I use Malwarebytes as my primary protection. My Windows Defender Firewall is automatic and running..
  7. Hello Simone, Not sure what that program is, but is not correct. I want you to uninstall that asap... Download Revo Uninstaller Free Portable and save it to your Desktop from here: https://www.revouninstaller.com/download-free-portable.php Right click on the folder and select Extract All..., then click Extract Double click on the RevoUninstaller-Portable folder Right click on RevoUPort and select Run as administrator Click OK on the License Agreement From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists) QUOTE restoro If the program's uninstaller appears work through the steps to remove the program(s) Be sure the Advanced option is selected then click Scan For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion Once done click Finish, then reboot your computer Next, I attached a zip file, unzip that to your desktop, that includes the tool I gave instructions for you to use... FixWin 10.1.zip
  8. Hello CheeseGrater, Good to hear the issue is cleared, make sure to put your PC back to normal boot mode. Instructions are in the same link for clean boot.... Probably worthwhile running a scan with Malwarebytes to make sure it does work... Thank you, Kevin..
  9. Thanks for the update simone, continue: Cownload windows 10 repair tool from here: http://www.restoro.com/pages/lwdu/index.php?channel=twc&banner=direct&adgroup=direct&ads_name=direct&keyword=direct&lpx=lwdu The tool is portable no installation needed. Open the tool, scroll to and select 1. System Tools. From the list select the fix against :- Repair Windows Defender. Reset all windows defender settings to default. Then select the fix against :- Action Centre and Windows Security Centre does not recognize installed Antivirus and Firewall or still identifies old Av as installed. Then select the fix against :- Reset Windows Security Settings to default. When complete close the repair tool and reboot your system... Is the issue with Windows Defender fixed...? Thank you, Kevin
  10. Hello CheeseGrater and welcome to Malwarebytes, Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 Basically all none MS services are disabled, see how your system runs in that mode. Obviously 3rd party services that affect security or internet connection can be left active. Does Malwarebytes install in that mode.? Thank you, Kevin
  11. Hiya MRIZAK, Thanks for the log, if no remaining issues we can clean up... Uninstall the following program: Sophos AV Also delete this folder if still present C:\ProgramData\Sophos http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Right click on FRST here: C:\Users\cliot\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  12. FRST needs to be run from an account with Administrator status, can you run again please..
  13. Apologies, have given fix with wrong syntax, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply. To start the scan select OK in the "Run" box. The Windows Protected your PC window will open, select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed.... Thanks, Fixlist.txt
  14. Hello joeykilaita and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  15. Hello TheRealRaj, If you have backups can you reimage your PC and reload the backed up data. As FRST is being stopped from running it would seem your system is still infected. Ransomware is known to delete its tracks after encrypting all data and posting for a Ransom, no real reason to do any more damage... @AdvancedSetup removed the zip file, I just deleted the copy I had after checking to see if decyption was possible, not much more we can do... Regards, Kevin
  16. Hiya simone, If you want to remove all traces of Malwarebytes use the following: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system. Do not allow the reinstall... Thank you, Kevin
  17. Hello Bobsup and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  18. Hiya TheRealRaj Unfortunately I cannot remove the file, dont have the authority.... I`ll PM an admin guy see if they will do it... How do you have encrypted file and genuine file, do you have backup or image back up of your full system..? Unfortunately at this time there is no way to decrypt files that have .makop encryption, you may want to open a thread at Bleeping Computers Ransomware Forum. Although no decyption is available, there will be more help and advice.... https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/ Thank you, Kevin
  19. Yes please, zip all up and attach to next reply...
  20. Do you have the ransom note and or settlement email address, if so post them please we can see if the encryption can be defeated..
  21. Can you post the log from the fix, frstlog.txt, so I see if it worked correctly. Regarding the fix, the only obvious possibility was the VBS script running from a shortcut link. That is Visual Basic scripting that was originally developed my Microsoft to allow administrators to do advanced work on systems. Malware writers use it for very different reasons, obviously all malicious...
  22. Nothing of note in that log either, continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Thanks, Kevin fixlist.txt
  23. Hello TheRealRaj and welcome to Malwarebytes, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... When you`ve downloaded FRST64.exe, rename it to FRST64English.exe... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin..
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.