Satrana Posted March 1, 2019 ID:1301439 Share Posted March 1, 2019 Was in another part of the the forum and they told me to come here saying I am infected. Here is the link to the other thread I started. Now here is my Malwarebytes Premium Scan Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/1/19 Scan Time: 1:08 PM Log File: 03b0d73c-3c4d-11e9-973a-e0d55e3d81e7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9488 License: Trial -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: STEVIERAY\Sean T -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 325859 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 2 min, 10 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Will post FRST scan when it is done. Link to post Share on other sites More sharing options...
Satrana Posted March 1, 2019 Author ID:1301440 Share Posted March 1, 2019 Here are my FRST files FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Satrana Posted March 2, 2019 Author ID:1301511 Share Posted March 2, 2019 Also you may want to read this as actions were taken just a few days ago by Bleepingcomputer.com last time they helped was Feb. 26th https://www.bleepingcomputer.com/forums/t/691984/was-told-you-could-help/ Sorry it is a long one. Link to post Share on other sites More sharing options...
Satrana Posted March 2, 2019 Author ID:1301512 Share Posted March 2, 2019 Lastly can I play Destiny 2? The link for starting to use the programs and posting the results also said stay away from Torrent downloading and other P2P and Destiny 2 is P2P as the same for torrent downloading is used to connect players to play together. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2, 2019 Root Admin ID:1301535 Share Posted March 2, 2019 Hello @Satrana and Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Satrana Posted March 2, 2019 Author ID:1301540 Share Posted March 2, 2019 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/1/19 Scan Time: 10:58 PM Log File: 6e90a26a-3c9f-11e9-bbd6-e0d55e3d81e7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9488 License: Trial -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: STEVIERAY\Sean T -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 325867 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 min, 59 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Satrana Posted March 2, 2019 Author ID:1301541 Share Posted March 2, 2019 AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Satrana Posted March 2, 2019 Author ID:1301542 Share Posted March 2, 2019 FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301652 Share Posted March 3, 2019 The log indicates you have Avast installed but files, folders and processes don't seem to agree. Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software) I would recommend you run their removal tool to remove it. It seems you have some elements stopped in MSCONFIG and it's also having issues in the Event Logs. If you really want Avast then remove the current version and after clean up reinstall it again.http://files.avast.com/files/eng/aswclear.exe The use of Vuze and other similar bittorrent software can help lead to an infection on your computer. I would recommend against such use. The majority of uses are also illegal in most Countries. There is some legal use but not much. Please verify what this is doing. I've used many times in the past and it did not use any batch file so this seems new. Task: {E20145E9-E074-436E-8666-28640AE70D1B} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] <==== ATTENTION Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Once the above is completed please follow the directions from the following topic. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ Thanks Ron Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301653 Share Posted March 3, 2019 This {E20145E9-E074-436E-8666-28640AE70D1B} - System32\Tasks\npcapwatchdog => C:\Program [Argument = Files\Npcap\CheckStatus.bat] relates to Wireshark. Also I have used to Avast removal tool. You should real the link to bleeping computers and understand what all they did for me https://www.bleepingcomputer.com/forums/t/691984/was-told-you-could-help/ Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301655 Share Posted March 3, 2019 Ok ran avast removal tool. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301659 Share Posted March 3, 2019 No problem. Please run the other requested fix and the Google reset and post back the log. Thanks Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301660 Share Posted March 3, 2019 Fixlog.txt Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301662 Share Posted March 3, 2019 I am not resetting and resyncing Chrome because of a false positive on Malwarebytes, but I will shut it down to rerun malwarebytes not sure why as it does not even detect I have an infection. Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301663 Share Posted March 3, 2019 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/2/19 Scan Time: 8:18 PM Log File: 3bd4c848-3d52-11e9-9b1d-e0d55e3d81e7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9516 License: Trial -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: STEVIERAY\Sean T -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 325588 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 min, 58 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I am still getting this Message and the reason I came here Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/2/19 Protection Event Time: 7:03 PM Log File: c6943b5e-3d47-11e9-a943-e0d55e3d81e7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9488 License: Trial -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: www.poweriso-mirror.com IP Address: 166.62.97.253 Port: [52507] Type: Outbound File: C:\Program Files\PowerISO\PowerISO.exe (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301664 Share Posted March 3, 2019 (edited) Unless you have the paid version and not the free or cracked version then it's not a false positive. The free version uses an installer that uses marketing tricks That site was Blocked for Trojan.Generic.Mal.Suspicious You can upload the file and I can submit it for review if you like. As for not resetting Chrome that's up to you but if you think you can always use any browser without clean up maintenance you'll often experience odd behaviors in browsing. Edited March 3, 2019 by AdvancedSetup Updated typo Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301666 Share Posted March 3, 2019 I have 8 day left on my premium trial. It was one of you that told me I have an infection and not a false positive if you would have read the first link to the thread I started on your forums you would have seen this; but here it is again . This is not about odd behavior in browsing btw but a pop up by your software that I am trying to figure out what is causing it Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/27/19 Protection Event Time: 11:50 PM Log File: 5d4e67b2-3b14-11e9-a65c-e0d55e3d81e7.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9478 License: Trial -System Information- OS: Windows 10 (Build 17763.316) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: 005.0x1f4b0.com IP Address: 35.206.131.72 Port: [51760] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) this is what brought me here and the person that replied said I was infected yet Malwarebytes scan says no. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301669 Share Posted March 3, 2019 Again, it is my opinion that you should reset Chrome. It is not that you have an active live infection on your computer. It is the fact that one or more possible cross-site scripting threats or similar calls to a site by some site visit is behind this detection. Malwarebytes is only seeing the site in the list and it's known to be bad so it flags it. Normal browser operation tries to prevent some of that but there are always methods found to bypass normal security. Look into adding a script blocking addon for Chrome which can also help to prevent this. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301670 Share Posted March 3, 2019 Help Secure your browsers Please install uBlock Origin for your browsers to better protect your system FireFox, Chrome, Opera , Safari, Microsoft EdgeAdBlock for Internet Explorer Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Thank you for choosing Malwarebytes Link to post Share on other sites More sharing options...
Satrana Posted March 3, 2019 Author ID:1301671 Share Posted March 3, 2019 So the issue is between Chrome and Malarebytes? Am I correct in this is what you are saying? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2019 Root Admin ID:1301673 Share Posted March 3, 2019 There is no issue between them. It is the technology of how a browser works. Reset Chrome and I am pretty confident that this detection will go away. https://transparencyreport.google.com/safe-browsing/overview Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2019 Root Admin ID:1303997 Share Posted March 16, 2019 Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Recommended Posts