Jump to content

icotonev

Experts
  • Posts

    156
  • Joined

  • Last visited

Everything posted by icotonev

  1. Hello, kzymon ...! Please follow the steps in the following instruction: In your next reply, please include: FRST.txt Addition.txt Scan log of Malwarebytes
  2. I think you should first follow my instructions above and publish two logs FRST.txt and Addition.txt. Next is an analysis of these logs and only then a correction, if necessary ..! πŸ™‚
  3. Hi, Blondii_-...and ..! Please follow the instructions below with the Malwarebytes program: If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. ..next: Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. ...next: Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
  4. Hi, dindin ...and ...! Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
  5. Hi, Quantum ...and Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
  6. Hello...! I see that the problem has not been fixed yet ...! Despite the intervention of another assistant ..! πŸ™‚ Please tell me do you still have a problem ..?
  7. Unfortunately the fixes didn't work..Something prevents this from happening ..?!? Very strange...! Has any antivirus software been installed besides windows defender (For example Аvast)..? Fresh FRST Scan You should still have FRST64.exe on your Desktop, if it is not here, copy it here! Please close all open programs and windows. Right-click FRST64.exe and select "Run as administrator..." to run it. When the tool opens click Yes to the disclaimer if it is occurred. Please be sure that 90 Days Files check box under Optional Scan section is checked. Please be sure that Addition.txt check box under Optional Scan section is checked. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad. Please post the content of the both FRST.txt and Addition.txt in your next reply.
  8. I understand ..! Then..: Re-scan with FRST Double-click FRST.exe/FRST64.exe to run it. Press the Scan button. When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from. Please copy and paste the logs in your next reply. Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
  9. We do this to insure ourselves in case of a problem and if something goes wrong in the next procedure with the registers ...! Open the unzipped folder and start:
  10. Good morning. πŸ™‚ How does your computer work ..? What problems do you observe ..? AdwCleaner (Clean mode) Double click AdwCleaner.exe on your Desktop, to run it as you did before. Click Scan Now. When the scan has finished a Scan Results window will open. Please check all the boxes and then click Quarantine. Click Next. If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it. Check any pre-installed software items you want to remove. Click Quarantine. A prompt to save your work will appear. Click Continue when you're ready to proceed. A prompt to restart your computer will appear. Click Restart Now. Once your computer has restarted: If it doesn't open automatically, please start AdwCleaner. Click the Log Files tab. Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number) A Notepad file will open containing the results of the removal. Please post the contents of the file in your next reply. In your next reply, please post: The AdwCleaner[C0*].txt
  11. Good morning..! Yes, the system is clean, but we need to restore the consequences ..in your case a damaged windows defender..! Please do the following: Tweaking.com Registry Backup Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop. Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All". Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button. Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract". From the newly extracted files, right click on and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup. (Windows Vista/7/8 users: Accept UAC warning if it is enabled.) A screen like this should appear: This image has been resized. Click this bar to view the full image. Type a custom name in Backup Name if you want, then choose Backup Now. If backup is successful, a message will appear at the lower half of the screen with an option to view logs. The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings. Close Tweaking.com Registry Backup when done. * VERY IMPORTANT* Registry Script Download the attached files (SecurityHealthService , wscsvc.reg, wuauserv.reg and windefend.reg) and save them to your desktop. SecurityHealthService wscsvc.reg wuauserv.reg windefend.reg Double-click SecurityHealthService Allow the information to be merged into the registry if prompted. (click Yes) Restart the computer. Repeat the process for wscsvc.reg Restart the computer. Repeat the process for wuauserv.reg Restart the computer. Repeat the process for windefend.reg Restart the computer. Re-scan with Farbar Service Scanner Right-click FSS.exe on your desktop and select Run as Administrator. Check the following boxes: Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. --------------------------------------------------- In your next reply, please include: FSS.txt
  12. Hi, KrisRonaldy...because it's too late, it's 11:00 PM for me. I'm pretty tired ...! I suggest we continue tomorrow ..! For now, just one more thing: Fresh FRST Scan You should still have FRST64.exe on your Desktop, if it is not here, copy it here! Please close all open programs and windows. Right-click FRST64.exe and select "Run as administrator..." to run it. When the tool opens click Yes to the disclaimer if it is occurred. Please be sure that 90 Days Files check box under Optional Scan section is checked. Please be sure that Addition.txt check box under Optional Scan section is checked. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad. Please post the content of the both FRST.txt and Addition.txt in your next reply.
  13. Would you do the following scans for me: Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
  14. Again, you didn't do that ..! πŸ˜€ AdwCleaner (Clean mode) Double click AdwCleaner.exe on your Desktop, to run it as you did before. Click Scan Now. When the scan has finished a Scan Results window will open. Please check all the boxes and then click Quarantine. Click Next. If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it. Check any pre-installed software items you want to remove. Click Quarantine. A prompt to save your work will appear. Click Continue when you're ready to proceed. A prompt to restart your computer will appear. Click Restart Now. Once your computer has restarted: If it doesn't open automatically, please start AdwCleaner. Click the Log Files tab. Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number) A Notepad file will open containing the results of the removal. Please post the contents of the file in your next reply. In your next reply, please post: The AdwCleaner[C0*].txt
  15. Π’hanks..! Sorry, when you scanned with Malwarebytes, you didn't take any action ... to do so: Malwarebytes Anti-Malware If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. Run AdwCleaner (Scan mode) Download AdwCleaner and save it to your desktop. Double click AdwCleaner.exe to run it. Click Scan Now. When the scan has finished, a Scan Results window will open. Click Cancel (at this point do not attempt to Quarantine anything that is found) Now click the Log Filestab. Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number) A Notepad file will open containing the results of the scan. Please post the contents of the file in your next reply. Microsoft Safety Scanner The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Please let me know the results of this scan. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your next reply.
  16. Are you still with us..? Are you having issues getting the logs for us? Do you encounter any problems with the instructions..?
  17. Glad we could help..! Safe internet πŸ™‚ Thank you..! πŸ‘
  18. Hi, sorry for the late reply. Follows: Malwarebytes Anti-Malware If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. Run AdwCleaner (Scan mode) Download AdwCleaner and save it to your desktop. Double click AdwCleaner.exe to run it. Click Scan Now. When the scan has finished, a Scan Results window will open. Click Cancel (at this point do not attempt to Quarantine anything that is found) Now click the Log Filestab. Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number) A Notepad file will open containing the results of the scan. Please post the contents of the file in your next reply. Microsoft Safety Scanner The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Please let me know the results of this scan. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your next reply.
  19. Uninstall a Program Press the Windows Key + R. Type appwiz.cpl in the Run box and click OK. The Add/Remove Programs list will open. Locate the following program(s) on the list: Please run the following fix: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt
  20. Hi, KrisRonaldy ...and Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
  21. Uninstall a Program Press the Windows Key + R. Type appwiz.cpl in the Run box and click OK. The Add/Remove Programs list will open. Locate the following program(s) on the list: McAfee Consumer Product Removal Tool Note: This tool will uninstall all McAfee products from your PC. If you are using a paid version of McAfee, please be sure you have safely stored your product key. Download MCPR (McAfee Consumer Product Removal Tool) and save it to your desktop. Right-click MCPR.exe and click Run as Administrator. At the "McAfee Software Removal" window, click Next. Accept the license agreement. Complete the "Security Validation" question and click Next. You will receive a message that the removal of McAfee products is complete. Restart the computer. Re-scan with FRST Double-click FRST.exe/FRST64.exe to run it. Press the Scan button. When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from. Please copy and paste the logs in your next reply. --------------------------------------------------- In your next reply, please include: FRST.txt Addition.txt
  22. What you are showing are encrypted files after an Ransomware attack ..! To find out what you are dealing with, please go to this topic: ID Ransomware (malwarehunterteam.com) Tell me the result...!
  23. Are you currently using McAfee software..? What makes you think your system is infected ...? Can you tell me a little more ...? SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
  24. Please run the following fix: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt
  25. HI , @PST ..and I will review your diaries and return the answer soon ..! Thanks..! πŸ™‚
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.