Jump to content

Repeat malware infections


Recommended Posts

Hello, all. I have VIPRE protection installed (by the company admin), which first alerted me of a problem on 1/24. After a full scan, a few threats were reported and quarantined. Thought I'd try Malwarebytes as a second opinion, so I installed it and registered for Premium. Now I'm receiving reports from Malwaybytes real-time that my computer continuously gets re-infected by something. Scanning, repairing, rebooting is not destroying the threat. Attaching logs and screenshots, as instructed. Thanks for any info!

Addition.txt

FRST.txt

mwb_log.txt

ss_1.png

ss_2.png

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Your copy is not signed and could be compromised.
If you need it please download the latest version from this site.
https://www.cpuid.com/
===


Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and you Sync Chrome with other devices

Remove it to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>


 

fixlist.txt

Link to post
Share on other sites

Nasdaq:

No further reports of trojans/malware on my system so far. However, just this morning, I visited dictionary.com, using Chrome, and Malwarebytes reported a website is blocked. I ran another scan with MWB, but nothing was reported as evil.  Here is a screenshot and log file. Is this something to be concerned about?

chrome_dictionarydotcom_website_blocked.thumb.png.d7c26572f8a998b2340d76c828edeef9.png

chrome_dictionarydotcom_website_blocked.txt

Link to post
Share on other sites

Hi,

I visited the site with Chrome and had no problems.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

If you go to  dictionary.com and do not search do you get notified my MBAM?
===

If the problem persists and you Sync Chrome with other devices

Remove it to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Keep me posted.

Link to post
Share on other sites

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

	Start
	CreateRestorePoint:
EmptyTemp:
CloseProcesses:
	HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
AlternateDataStreams: C:\ProgramData\PACE:DDFF9CB9A38BA44E [1]
	Reboot:
End


Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

Link to post
Share on other sites


Hi,

The bad file has shown his ugly head.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt for my review.

Let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.