icotonev

Thanks for letting me know ..! 🙂 No problem, we will wait until you have the opportunity ..! Regards..! 🙂

Hello, urboisus ...! Let's check what it's all about ..! 🙂 Please follow the steps in the following instruction:

Hello, kzymon ...! Please follow the steps in the following instruction: In your next reply, please include: FRST.txt Addition.txt Scan log of Malwarebytes

I think you should first follow my instructions above and publish two logs FRST.txt and Addition.txt. Next is an analysis of these logs and only then a correction, if necessary ..! 🙂

Hi, Blondii_-...and ..! Please follow the instructions below with the Malwarebytes program: If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. ..next: Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. ...next: Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Hi, dindin ...and ...! Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Hi, Quantum ...and Please download the Farbar Recovery Scan Tool and save it to your desktop --> IMPORTANT. Note: You need to run the version compatible with your system.You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.

I understand ..! Then..: Re-scan with FRST Double-click FRST.exe/FRST64.exe to run it. Press the Scan button. When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from. Please copy and paste the logs in your next reply. Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.

Good morning. 🙂 How does your computer work ..? What problems do you observe ..? AdwCleaner (Clean mode) Double click AdwCleaner.exe on your Desktop, to run it as you did before. Click Scan Now. When the scan has finished a Scan Results window will open. Please check all the boxes and then click Quarantine. Click Next. If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it. Check any pre-installed software items you want to remove. Click Quarantine. A prompt to save your work will appear. Click Continue when you're ready to proceed. A prompt to restart your computer will appear. Click Restart Now. Once your computer has restarted: If it doesn't open automatically, please start AdwCleaner. Click the Log Files tab. Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number) A Notepad file will open containing the results of the removal. Please post the contents of the file in your next reply. In your next reply, please post: The AdwCleaner[C0*].txt

Are you still with us..? Are you having issues getting the logs for us? Do you encounter any problems with the instructions..?

Glad we could help..! Safe internet 🙂 Thank you..! 👍

Hi, sorry for the late reply. Follows: Malwarebytes Anti-Malware If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. Run AdwCleaner (Scan mode) Download AdwCleaner and save it to your desktop. Double click AdwCleaner.exe to run it. Click Scan Now. When the scan has finished, a Scan Results window will open. Click Cancel (at this point do not attempt to Quarantine anything that is found) Now click the Log Filestab. Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number) A Notepad file will open containing the results of the scan. Please post the contents of the file in your next reply. Microsoft Safety Scanner The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Please let me know the results of this scan. The log is named MSERT.log the log will be at %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your next reply.

Uninstall a Program Press the Windows Key + R. Type appwiz.cpl in the Run box and click OK. The Add/Remove Programs list will open. Locate the following program(s) on the list: McAfee Consumer Product Removal Tool Note: This tool will uninstall all McAfee products from your PC. If you are using a paid version of McAfee, please be sure you have safely stored your product key. Download MCPR (McAfee Consumer Product Removal Tool) and save it to your desktop. Right-click MCPR.exe and click Run as Administrator. At the "McAfee Software Removal" window, click Next. Accept the license agreement. Complete the "Security Validation" question and click Next. You will receive a message that the removal of McAfee products is complete. Restart the computer. Re-scan with FRST Double-click FRST.exe/FRST64.exe to run it. Press the Scan button. When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from. Please copy and paste the logs in your next reply. --------------------------------------------------- In your next reply, please include: FRST.txt Addition.txt

What you are showing are encrypted files after an Ransomware attack ..! To find out what you are dealing with, please go to this topic: ID Ransomware (malwarehunterteam.com) Tell me the result...!

Are you currently using McAfee software..? What makes you think your system is infected ...? Can you tell me a little more ...? SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Please run the following fix: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt

HI , @PST ..and I will review your diaries and return the answer soon ..! Thanks..! 🙂

Wonderful ..! Your system is clean ..! I think we should finish: The following tool will remove the tools we used as well as reset system restore points: Download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please copy and paste its contents in your next reply.

Hello, @1Lurker1 ..and Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.

+ Control scan: Download ESET Online Scanner and save it to your desktop. Right-click on esetonlinescanner_enu.exe and select Run as Administrator. When the tool opens, click Get Started. Read and accept the license agreement. At the Welcome to ESET Online Scanner window, click Get Started. Select whether you would like to send anonymous data to ESET. Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan. Click on the Full Scan option. Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan. ESET will now begin scanning your computer. This may take some time. When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue. ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue. On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback. Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Please consider updating the specified software ..!

No active infections can be seen from the provided logs ...!!! SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Hello , @packers37 ..and I think Malwarebytes has done its job and is blocking a malicious site. He suggests we do an additional check to make sure everything is OK. Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Note: Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thanks 🙂

Hi , @David4974789..! 🙂 Are you still with us..? Are you having issues getting the logs for us? Do you encounter any problems with the instructions..?

TDSS Killer -- 1st Scan OptionsPlease download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!! Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista - W7 users: Right-click and select "Run As Administrator". If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension. Click the Start Scan button. Do not use the computer during the scan! If the scan completes with nothing found, click Close to exit. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options. Ensure SKIP is selected... DO NOT attempt to FIX anything yet! Now click on Report to open the log file created by TDSSKiller in your root directory C:\ A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:). Copy and paste the contents of that file in your next reply. Eset scans for MBR malware at boot time via it's startup scan. I would boot into Win Safe mode and run an Eset on-demand scan from there. Hopefully, Eset can clean it from Safe mode. These two diaries are not complete..!