Jump to content

kevinf80

Experts
  • Content Count

    26,132
  • Joined

  • Last visited

Everything posted by kevinf80

  1. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  2. Hello Maheyyy and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  3. Hiya Heavyoak, Yes the issue was a definite False Positive (FP) and can be reinstated from quarantine. I asked for the FRST logs before it was realized that the file removed was infact a FP, you do not need to post the produceed logs. To remove FRST: Right click on FRST64 and rename to uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Thank you, Kevin
  4. Hiya Coco4556, There is no obvious signs of Malware or Infection in the FRST logs, other scan logs posted are also clean. Lets try the following: Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana again then do the following to get the latest report Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply.... Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those two logs... Thanks, Kevin
  5. Hello Coco456 and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  6. Hiya Heavyoak Have a look at reply #12, #13, and #14 here: https://forums.malwarebytes.com/topic/261952-malware-bytes-removed-this-but-i-need-to-know-where-it-came-from/ Is FP...
  7. Hello Heavyoak and welcome to Malwarebytes, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... When you`ve downloaded FRST64.exe, rename it to FRST64English.exe... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin..
  8. Hello Snuffles, Thanks for the update, all we do now is to clean up... Right click on FRST here: C:\Users\Tyler\Desktop\FARBAR\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  9. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  10. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  11. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  12. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  13. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  14. Hiya Snuffles, Thanks for that log, what is the current status of your PC; any remaining issues or concerns... Reards, Kevin..
  15. Thanks for those logs, one more FRST fix... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Thanks, Kevin fixlist.txt
  16. Thanks for that log, continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Thanks, Kevin fixlist.txt
  17. You`re very welcome Simone, it was a pleasure to work with you.... Regards, Kevin...
  18. Hello Vigneshr22, Thanks for the update, we can clean up now.... Uninstall the following program: Sophos AV Also delete this folder if still present C:\ProgramData\Sophos http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Right click on FRST here: C:\Users\dell\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  19. Hello Facco, Avast is still showing as installed in the security center, but not in the installed programs list. Must be remnants from a previous install, run the Avast removal tool to clear out all remnants... https://www.avast.com/uninstall-utility Next, Uninstall the following program: Sophos AV Also delete this folder if still present C:\ProgramData\Sophos http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Right click on FRST here: C:\Users\simon\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  20. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you
  21. there was no signs of malware or infection in your logs, nothing to be concerned about...
  22. Hiya Facco, You already have Avast installed, so that will work ok for you. Keep malwarebytes free for occasional scans maybe weekly, obviously free version does not offer realtime protection.. i will give clean up procedure later, have to go out very shortly.. Thanks, Kevin
  23. Hello Facco, Any remaining issues or concerns...? Thank you, Kevin
  24. Hello tokis and welcome to Malwarebytes, The file you mention appears to be related to Microsoft Teams, if you want confirmation it is legitimate upload to VirusTotal, https://www.virustotal.com/gui/home/upload Let me know the outcome... Thank you, Kevin
  25. Hello Vigneshr22, What is the current status of your system, any remaining issues orconcerns... Thank you, Kevin.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.