Your system Is In danger!

[network_joe]

After upgrading from Windows 7 Pro 64 to Windows 10 Pro 64, I started getting this pop-up:

 

 

It may have been on my system for some time dormant but it just started popping up after the upgrade. I was running Windows Defender and Malware Bytes PRO. After upgrading Windows, I'm still running Windows Defender but have upgraded to Malware Bytes Premium. Is this a virus or Trojan? Can you tell me what its intent is and help me remove it? Logs from Farbar Recovery Scan Tool attached.

 

Thanks,

Joe

FRST.txt

Addition.txt

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

When and how this warning appears?

---

[network_joe]

Thanks for the quick reply. If there's something on my system that I need to remove, I'm happy to do it along with following all instructions. I'm at your mercy. I haven't identified a specific trigger to the message. I leave my computer on 24x7, sometimes when I return to my computer this message is on my screen and it saves the html to my desktop. I've attached the file, the name (number) of the file is different with each presentation of it.

10846593.htm

[network_joe]

I found this other thread here where someone else had the same issue:

 

https://forums.malwarebytes.org/index.php?/topic/139586-you-system-is-in-danger-virus/

[network_joe]

TwinHeadedEagle​ hopefully you didn't take my comment as I found an answer. That other thread seemed very specific to that user and may not resolve my problem at all or completely. I realize you are in Serbia so hopefully that's why there hasn't been any further reply. At this point, I need to know what information you want me to collect and how to get it.

[TwinHeadedEagle]

Are you familiar with Jawbone?

Scan with Malwarebytes' Anti-Malware

Please re-run Malwarebytes' Anti-Malware.

• First of all, select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

[network_joe]

Jawbone is my Bluetooth headset for my cell phone.

 

Malwarebytes' Anti-Malware Premium is running 24x7 and updates automatically. I manually checked for updates at your request but there were none. (v 2.1.8.1057)

 

I had the settings at default so PUP was set to "Warn user about detections". I've changed it to "Treat detections as Malware".

On the Scan tab, mine said scan complete, it runs automatically ever night, so just 3 hours ago. I clicked finish and then went back to the scan tab. "Threat Scan" is checked automatically so I started the scan.

No threats were identified as it has been all the time.

Log attached.

​

08071501.txt

[TwinHeadedEagle]

How often do you get this warning above?

[network_joe]

It's random and I haven't identified a trigger yet. It seemed to be 1-2 times per day but I haven't had 1 since I asked for help because I haven't been using my PC. It is on 24x7 and I have MS Edge open to this forum and that's it.

[TwinHeadedEagle]

Let me know when you get it again. Note down what you did at that time when this happen again.

[network_joe]

I just came back to me computer, while I was gone it happened again 15 minutes ago. It was just sitting there. I can tell when it happened by the time stamp on the file. Did you look at the other thread I posted above with the same problem?

[network_joe]

Can I please get advice on what I should scan my computer with to identify and remove this virus/trojan? It's been a couple days and we haven't done anything to actively identify it yet. Malware Bytes and Windows Defender aren't identifying a threat, that is why I'm posting here for help. If the problem is the time zone difference, can I get someone from the US to help me?

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

[network_joe]

I've attached the log files for FRST to this reply.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• If security notifications appear, click Continue or Run.
• Accept the prompt about restoring services.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

---

 System File Checker

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• sfc /scannow

• Windows will begin with system scan.
• When done, please reboot your system.

System File Checker report:

• Press the  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

• Attach sfcdetails.txt from your Desktop in your next reply.

---

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

• Click the "Windows Orb" Start button, then click Computer.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
• Place a checkmark in both boxes > Start.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
• Re-start the computer. The disk will be checked when the system boots.
• This will take some time to run and at times may appear stalled but just let it run.
• When the disk check is complete, the system will re-start automatically and load Windows.
• A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.

  To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

[network_joe]

Fix with ESET Services Repair​

 

SvcRepair file attached.

-------------------------------------------------------------------------------

 

 System File Checker

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:
• sfc /scannow

​Got error message, had to run as administrator. Ran cmd as administrator and got the following output:

sfc.txt

Then rebooted.

 

System File Checker report:

• Press the  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:
• findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

​File attached - sfcdetails.txt

--------------------------------------------------------------------------------

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

 

• Click the "Windows Orb" Start button, then click Computer.
  • I think these instructions may be prior to Win10, "Computer" wasn't there. I double clicked on "This PC" on my desktop and followed the instructions below.
• Right-click on the drive that you wish to check > Properties > Tools tab
• In the "Error checking" section, click on Check now.
  • Clicking on the "Check" button returned the following message:
  • 
• Place a checkmark in both boxes > Start.
  • This option never appeared.
• If the disk you have chosen is the Windows system disk:
• A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
• Click Schedule disk check > OK and close all windows.
  • This was my system disk but never got this. Here is the detailed output.
  • 

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

• Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
• The Event Viewer window will open.
• In the left pane, expand "Windows Logs" and then click on Application.
• In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
• Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • There was no Wininit file from today, only one from August 2.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SvcRepair.log

sfcdetails.txt

[TwinHeadedEagle]

Good. I'll need to change my instructions as soon as I grab my Windows 10 copy.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

[network_joe]

That did take a while. I'm a little confused by the output. During the scan, it seemed to find 3 things all at the same time saying something about ask toolbar. Then it found 1 more thing, don't recall what it said, so a total of 4 threats. I figured the log file would have all the information, this is  all it had.

 

 

ESET_log.txt

[network_joe]

By the way, thanks for telling me I  could re-enable my protection software, I understood the initial instructions in the forum to leave it off during this process. Also, while typing out this post, the virus message popped up again.

[TwinHeadedEagle]

ESET report you attached is empty.

Does this warning appears in browser or out of browser?

[network_joe]

Yes, the ESET report is empty, that's what I was aying and I don't understand why. When the report ran, it identified 4 threats. The first 3 popped up together and it said something about Ask toolbar. The 4th threat popped up about 15 minutes later but I couldn't see what it referred to. I figured I'd be able to see more information in the log file. I was surprised to find it empty. Is there anything we can do with it?

 

I alltached the html file I get as a pop-up above. It is always a numbered file and the number changes. It appears in the browser.

 

This shouldn't be a learning experience. I've found reports of this since like 2006-2007. It's been around for quite a while. That's why I was surprised between Malware Bytes PRO and Windows Defender, it wasn't caught.

[TwinHeadedEagle]

Your PC is clean, there is no active or dormant infection. This is happening perhaps by visiting compromised website.

[network_joe]

But I've had the message pop up while my PC was sitting here idle on this web page.

[network_joe]

Thinking about it though, I'm wondering if I had another web page open in another tab. I go to www.Mustang6G.com often and sometimes leave that web page open. I'll try to test that out.

 

What about the 4 threats that ESET found? I'm not sure why the log file was empty but it was on the display. These are the options I had set so it shouldn't have cleaned anything.

 

[TwinHeadedEagle]

These 4 threats are probably quarantined by the tools we used. Check Remove found threats and repeat the scan.