Hec Posted August 15, 2017 ID:1153692 Share Posted August 15, 2017 recently i have been trying to resolve issues with malwarebytes 3 the problem has gotten worse as i can no longer turn on web or exploit protection web protection is stuck in starting and exploit protection is outright disabled i cant turn it on i run malwarebytes premium, sophos endpoint/intercept x, and comodo firewall i checked my email and had an alert from sophos central saying: This email alert was generated by Sophos Central. Do not reply to this email. Sophos Central Event Details for srgsrgsfd What happened: We detected ransomware trying to encrypt files. Where it happened: DESKTOP-V0AEIFA User associated with device: DESKTOP-V0AEIFA\Hectorivanxbox How severe it is: High What Sophos has done so far: We have blocked the ransomware’s file-system access. If the computer is a Windows workstation, we clean up the ransomware automatically. If it’s a Windows server or Mac, you need to clean up manually. What you need to do: For Windows computers: If you still need to clean up: Move the computer temporarily to a network where it is not a risk to other computers. Go to the computer and run Sophos Clean (available in the Sophos directory). If automatic sample submission isn't enabled, send us a sample of the ransomware. We'll classify it and update our rules: if it's malicious, Sophos Central will block it in future. Go to Sophos Central, go to Alerts, and mark the alert as resolved. For Macs: Move the computer temporarily to a network where it is not a risk to other computers. Go to the computer, look in the Quarantine Manager to locate the detected ransomware, and then remove it manually. Go to Sophos Central, go to Alerts, and mark the alert as resolved. So i look through my files i see nothing encrypted the sophos virus removal tool no longer works i re installed it i ran a scan with hitman pro mbam comodo firewall and sophos nothing found, i did see several taskbar icons no longer appeared they just looked like a blank page a few seconds later im able to turn web protection on the protection events list an ip just 0.0.00 ect.. the second protection event lists utorrent's website everything seems fine now but i want to be sure nothing bad happens. Link to post Share on other sites More sharing options...
Hec Posted August 15, 2017 Author ID:1153706 Share Posted August 15, 2017 I don’t know if this is related to recent events but its like the browser was encrypted look Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 16, 2017 Root Admin ID:1153927 Share Posted August 16, 2017 Hello @Hec Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Hec Posted August 16, 2017 Author ID:1154256 Share Posted August 16, 2017 Sorry about the trouble advanced setup it seems I was a false positive I couldn’t figure out how to get the file location from Sophos until today it was a gimp update from the looks of it Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 16, 2017 Root Admin ID:1154276 Share Posted August 16, 2017 Okay, sounds good. Thanks for the update. I'll go ahead then and close your topic. Take care and stay safe out there. Don't forget your backups Backup Software Cheers Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 16, 2017 Root Admin ID:1154277 Share Posted August 16, 2017 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts