Fake Virus Alert/Help Desk - MBAM and other programs can't find it

[JORDAN8]

Hi -
This is a problem on my mom's laptop; I've been trying to help her.  It seems to be, basically, the Fake MS Help Desk Tech Support Scam from 2016.  I cleaned that off her system then, including following the steps from a 'remove tech support scam popups' blog (but it took more than just those).  But I had info on that virus saved, which is why I say it's nearly the same thing.  It was talked about here: https://www.bleepingcomputer.com/virus-removal/remove-microsoft-help-desk-tech-support-scam

So she told me about this in May, and had been having the problem for...maybe a month or so.  She mostly gets the screen with the MS Security Essentials 'castle,' but sometimes she'll get that bright orange screen.  It locks up her system and she has to go into Task Manager to get out of it.  So I ran some basic steps: AdwCleaner, Tweaking (because I always forget to backup the Registry first), MBAM, HitmanPro, Zemana.  None of those seemed to find anything, so I did a restart of her laptop, then followed some other steps: Rkill, Tweaking (yup, again), MBAM, FRST.  I didn't notice that anything seemed to "catch" anything.  I thought it must have gotten it.  But she let me know later that she was still getting the popups and her system was still being locked up.  I ran more stuff a couple weeks after the first time.  I didn't write down each step, but assume it was much the same, including an in-depth scan by MBAM that took several hours to run.  Nothing was found.  She was still having the problem.

At that point, I thought maybe it wasn't on her computer but somewhere else.  And there was all that stuff about routers.  So I had her re-boot her router.  I didn't have ALL the steps to be done for that, though, so a re-boot is all that was done.

She says she usually gets it when she's playing Words with Friends in Facebook.  But she doesn't do a lot else online--checks her email (yahoo), maybe reads a news article or 2, spends time on Facebook (much of that playing games there).  I was on her computer (via TeamViewer) about a week ago, and played a game of Words with myself.  I was hoping the problem would happen while I was "in," so I could see it and maybe get some more info on what was happening.  Of course, it didn't.
(She's also been having a big problem with Facebook--it will get really laggy/slow, then lock up.  Almost always when she's playing Words.  It did that to me when I was 'playing' myself.  On my laptop, there was NO slowdown and no problems.  She's got something/s that are constantly loading when she's in Facebook, and I found that was being discussed quite a bit by FB users about 3 years ago.  I tried switching her to a different browser (the one I was using that didn't have a problem--Firefox), but she has the same problem.  So I think this problem she's having is Facebook-specific, and that it's un-related to the popup scam virus problem.  But I'm mentioning it just in case.)

So now I don't know what to do.  Web searches didn't show this to be a common problem any more, so I didn't find suggestions.  I found what seemed to be a similar problem on this other thread here, but I didn't do any of the steps recommended there because...time to get some help before I completely mess something up.  https://forums.malwarebytes.com/topic/231525-wmc-agent-folder-trojan-yelloader-will-not-disapppear/

I have FRST.txt, addition.txt, and MBAM scan results from both May 31, and June 22.  I have Rkill.txt from 5-31.  I grabbed some screenshots of Processes of all users from yesterday, when Facebook locked up.  I'll attach the files from 6-22, but wait to be asked for anything else.  (I also attached the 5-22 MBAM, because it DID find 36 PUP files at that time.)

Please know that I'm trying to help her remotely.  For the most part, that's been okay. (Although the last week or so, I had trouble connecting to her computer and got booted off of it a lot.  I'm not sure what's going on with that--I know a virus could do that, but it's only happened recently, and I've been looking for the problem on her system for about 6 weeks now.)  So it might take me a little extra time to complete any steps that are given.
Thank you very much for any help you can offer!

5-31_MBAM scan results--36 PUP files.txt

6-22_MBAM scan results--No Threats Detected.txt

FRST_6-22-18.txt

Addition_6-22-18.txt

[JORDAN8]

I found this other thread shortly after starting mine here.  Ditch67 describes pretty much EXACTLY what is happening on my mom's computer.  He/She is running Win10 and using Edge in addition to Chrome.  And he/she doesn't mention seeing the MS Security Essentials fake popup.

It was interesting, and a little frightening, to read thru that thread.  Because Ditch67 was instructed to do the same things over and over yet nothing seemed to resolve the problem.

 

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your issue with Malwarebytes was not the same as that of the other topic.

Now all your logs are clean.

If you still have some issues with this computer please advice.

[JORDAN8]

Sigh.  I actually FIGURED the logs would show that everything was/is clean.  AND YET...my mom keeps seeing those fake tech alerts.

It was/is NOT just an issue with Malwarebytes.  The title says "MBAM and other programs."  NOTHING--NONE OF THE PROGRAMS--found a problem (just like in the other thread).  And yet problems kept/keep happening.

I did the steps recommended by someone else in the other thread.  I see (when I got in here tonight) that all of that was deleted by the administrators, presumably after you asked them to look at the thread.  I find it interesting that it appears you didn't ask an administrator to look at the thread because the problem wasn't getting resolved in spite of the OP doing everything you suggested, but that you asked an admin to look because someone else had accidentally posted some suggestions in violation of the rules.
I also found it interesting that the OP on the other thread ALSO took the advice of that [evil and dangerous] newcomer (who was also looking for help with this exact problem).  And it just might have resolved the OP's problem.  But, like me, there's no way to tell immediately.  Which leads right into...

I'm still waiting to see if the evil suggestions might have resolved the problems of some sort of persistent-yet-hidden malware/virus.  Because--JUST LIKE IN THE OTHER THREAD--the appearance of the malware/virus is SPORADIC and it can actually not appear for a week or longer.  It may be some time before my mom and I know if those steps worked.

You completely missed the point of the very long and detailed post I wrote out asking for some help.  How did you miss that I ran all the "cleaning" programs twice, that the logs are from those sessions spent cleaning her system, and that I'm posting here asking for help because THE PROBLEM KEEPS HAPPENING??

[nasdaq]

Remove and reinstall FireFox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords

If you are Syncing Firefox it with other Devices remove it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

When all is well you can re-sync your devices. NOT NOW.
<<<>>>

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Restart the computer normallhy.

Install the latest version of the application.
https://www.mozilla.org/en-US/firefox/new/

Import your Bookmarks. Same link as the Export function above.

Restart the computer normally.
 

Keep me posted.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks