Nemi5150 Posted February 17, 2019 ID:1299128 Share Posted February 17, 2019 A girl I am helping opened an attachment to a phishing email and got infected with a trojan (several actually). It started because Windows Defender wanted to reset the settings in chrome and asked. I then ran a scan using Windows Defender and it found a ton of trojans. I removed them all and downloaded Malwarebytes. I ran the scan using Malwarebytes and it was clean. I reran Windows Defender and it found a couple more trojans. Then Malwarebytes (which was running in the background) periodically was blocking an outbound connection to a site (attached). I would like some help to make sure I got everything, if someone could. Attached is the following: Malwarebytes scan report Malwarebytes Blocked site summary FRST.txt Addition.txt Any help would be appreciated! FRST.txt Addition.txt MWB.blockedSite.txt MWB.scan.txt Link to post Share on other sites More sharing options...
nasdaq Posted February 18, 2019 ID:1299256 Share Posted February 18, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Remove these programs in bold via the Control Panel > Programs > Programs and Features.App Explorer (HKU\S-1-5-21-547725178-2149078600-563960083-1001\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTIONApp Explorer (HKU\S-1-5-21-547725178-2149078600-563960083-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02152019142747469\...\Host App Service) (Version: 0.273.2.988 - SweetLabs) <==== ATTENTION Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Reset Chrome... Open Google Chrome, click on menu icon or the 3 vertical dots located right side top of the google chrome. Click "Settings" then "Show advanced settings" at the bottom of the screen. Click "Reset and clean up" > "Restore settings to their original defaults" Restart Chrome. <<<>>> Please post the Fixlog.txt and let me know what problem persists. fixlist.txt Link to post Share on other sites More sharing options...
Nemi5150 Posted February 18, 2019 Author ID:1299265 Share Posted February 18, 2019 I was at the location yesterday but had to leave. I know you guys don't like people you are helping to make changes outside of the replies you give, but I had to leave. I saw the ATTENTION markers in the logs so I removed that product using the uninstall functionality in add/remove programs. I also reset Chrome settings from the dialog that appeared from Windows Explorer, so I think both of these are done. I was there an hour and did not see any blocked outbound attempts in Malwarebytes. I have a message to the person to let me know if they get any other outbound blocks or prompts to reset Chrome again. I am glad you seem to have found nothing more than I did in this logs. I will post again if anything new develops. Thank you for looking at this. Link to post Share on other sites More sharing options...
nasdaq Posted February 18, 2019 ID:1299280 Share Posted February 18, 2019 Glad we could help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 1, 2019 Root Admin ID:1301320 Share Posted March 1, 2019 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts