Jump to content

Recommended Posts

Malwarebytes popups inform me that powershell was prevented from contacting beautyfile.info.  How do I get rid of this entirely?

Here's the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/14/17
Protection Event Time: 10:30 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1505
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: beautyfile.info
IP Address: 81.171.14.67
Port: [50601]
Type: Outbound
File: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

(end)

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Ok, thanks TwinHeadedEagle.  I ran the tool and it indicated it was successful and afterwards it restarted the computer.  Attached is the Fixlog.txt. I haven't seen any indications from Malwarebytes regarding "beautyfile.info" since the fix - hooray!  One small hiccup is Chrome indicated the user preferences were invalid and popped up a tool to report the problem to Google.  Perhaps one of the registry keys removed was legitimate for Chome, but there doesn't seem to be any real impact with Chrome, so just mentioning as an FYI.

I noted these folders in ProgramData folder - ok to delete these?

01/21/2017  12:52 AM    <DIR>          {06A9B5CD-B102-0266-7C54-F07046937939}
01/20/2017  08:08 PM    <DIR>          {199BBADA-AE30-0D71-0D49-9757EF2B9BAF}
01/23/2017  10:00 AM    <DIR>          {856281D0-32C9-367B-41BF-9F6B92C08C6F}
01/20/2017  08:08 PM    <DIR>          {AF2AEA20-1881-5D8B-49C4-972EDD70E5C0}
01/23/2017  09:48 AM    <DIR>          {FD893465-4A22-83CE-DF1B-04F31A47BB50}

Thanks very much for you help!

Fixlog.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.