Jump to content

fake movie that actually ran powershell


Recommended Posts

Hi,

I downloaded a movie that was names .avi but was actually a shortcut, and it ran something in powershell similar to what this user saw

I followed the instructions from that thread and below attached are the files generated

what should I do next?

thanks

 

 

 

 

Edited by AdvancedSetup
files deleted per request
Link to post
Share on other sites

when I google something on chrome, it seems like additional ad-like links are added to the top of the list but made to look like part of the regular search (attached pic). also, I'm not able to make or reply to posts on this forum in chrome, but it does work on IE

image.thumb.png.96a546a9aa3e9b974f9449d185cf2d0c.png

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run Malwarebytes and delete all the items listed.

After a restart of the computer run the Farbar program and post a fresh FRST.TXT log for my review.

Link to post
Share on other sites

Hi,

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

For your security please enable these programs.
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know if you have any remaining issues with this computer.

 

Edited by AdvancedSetup
files deleted per request
Link to post
Share on other sites

Thanks. I ran the fix with FRST and turned on restore. 

However, I don't remember disabling this and windows defender. the chrome problems still exist.

When I try to enable defender, I see this

image.png.cea2eea1b64ea2989e234f461d760a35.png

image.png.b13f11161b6ac25d0ff78d959d2b0309.png

 

 

Edited by AdvancedSetup
files deleted per request
Link to post
Share on other sites

Hi,

This should restore your Windows Defender.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start
	CreateRestorePoint:
CloseProcesses:
	HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
	Reboot:
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Something compromised Chrome.
Unable to say what.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.