Jump to content

Recommended Posts

Malwarebytes was not able to detect and remove Bonefreeze.com. Please help

Share this post


Link to post
Share on other sites

Hi,  @Gledders

I will be helping and guiding you, going forward.
IF this machine runs on Windows XP, please stop and tell me about that.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

Hello, @Gledders

Did you see my reply ?  Are you still needing help ?

Please advise.  I am looking for the support tool report in order to help you.

Cheers.

Share this post


Link to post
Share on other sites
Quote

I have been away but cannot see a support tool report, can you please send?

 

Share this post


Link to post
Share on other sites

 

I have seen the support tool report, I had to scroll up, not down!

Share this post


Link to post
Share on other sites

Hi.  Thank you for the support tool report.

There are 2 cleanup tasks listed below, to help out with the issue of the "bonefreeze" block notices.   Just keep in mind that the website protection is keeping this pc safe.

[ 1 ]

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder 

The tool named FRSTENGLISH is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

[ 2 ]

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close EDGE browser and or any open web browser after you have saved the Adwcleaner and before you start Adwcleaner.

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

 

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

Also, attach the log file named Fixlog.txt

fixlist.txt

Share this post


Link to post
Share on other sites

Hello Gledders,

How are you doing?

Share this post


Link to post
Share on other sites

Thank you for asking. I have been away from my desk the last two days, returning late today. I hope to be able to devote time to this tomorrow Wednesday.

Can you please explain why Malwarebytes is not able to remove Bonefreeze.com itself and why all this procedure is necessary.

Will I have similar situations with possible future malware?

Share this post


Link to post
Share on other sites

This is one of those where some thing has got onto a web browser  ( it can be different things).

This requires getting a report  ( like the ones I asked for) in order to determine what exactly it is.

In other words, it is a situation where review by a malware removal expert is called for.  In the scale of things, this is more a case of a browser pest.

Share this post


Link to post
Share on other sites

I am away from my office and my computer and will not be able to progress this until Monday - possibly Sunday. Please be patient!

Share this post


Link to post
Share on other sites
On ‎6‎/‎9‎/‎2019 at 4:00 PM, Maurice Naggar said:

Hi.  Thank you for the support tool report.

There are 2 cleanup tasks listed below, to help out with the issue of the "bonefreeze" block notices.   Just keep in mind that the website protection is keeping this pc safe.

[ 1 ]

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) in the Downloads folder 

The tool named FRSTENGLISH is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

[ 2 ]

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close EDGE browser and or any open web browser after you have saved the Adwcleaner and before you start Adwcleaner.

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

 

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

Also, attach the log file named Fixlog.txt

fixlist.txt 94 B · 3 downloads

I cleared some time to do this as you had warned that I need a lot of time. However when I started I realised that the file that I was expecting "custom Fix script which is going to be used by the FRSTENGLISH tool." was not present. Please can you send?

Thank you

Share this post


Link to post
Share on other sites

Hi, Gledders.

First, it is not necessary to click on the "Quote" button when you start a reply.  This thread is only just for you and me.  I get all replies.

Just do a normal reply.  Thanks.

An exta new copy of FIXLIST.txt   is attached with this message.   Keep me advised.    Thanks.

fixlist.txt

Share this post


Link to post
Share on other sites
On ‎6‎/‎7‎/‎2019 at 4:30 PM, Maurice Naggar said:
22 hours ago, AdvancedSetup said:

I am sorry but I do not understand the way that the messages are sent and how I should reply. The emails are listed as 'No reply'. Please tell me how you want me to reply.

The only file I see is a .txt one with the following which I am sure is not right 

Start
CreateRestorePoint:
CloseProcesses:
CMD: ipconfig /flushDNS
EmptyTemp:
Reboot:
End

Please help. I normally understand things like this but I am confused.

 

 

 

Hello, @Gledders

Did you see my reply ?  Are you still needing help ?

Please advise.  I am looking for the support tool report in order to help you.

Cheers.

 

On ‎6‎/‎9‎/‎2019 at 8:42 AM, Gledders said:

 

I have seen the support tool report, I had to scroll up, not down!

I will do the next stage when I get back to my office

Share this post


Link to post
Share on other sites

 

Maybe this is how you want me to reply

 

I am sorry but I do not understand the way that the messages are sent and how I should reply. The emails are listed as 'No reply'. Please tell me how you want me to reply.

The only file I see is a .txt one with the following which I am sure is not right 

Start
CreateRestorePoint:
CloseProcesses:
CMD: ipconfig /flushDNS
EmptyTemp:
Reboot:
End

 

Please help. I normally find these things easy but I am confused. Where is the attached file? Maybe just send it as an attachment to my email steve.gledhill@outlook.com

Share this post


Link to post
Share on other sites

The file is a script to be used.   For a fix.

IF this file opened up in Notepad .....please Close the file.

The FIXLIST.txt is meant to be SAVED    ....   as  is   .....to the folder   Downloads

This is a custom fix script that will be used as follows.

The tool named FRSTENGLISH is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

 

Share this post


Link to post
Share on other sites

I have made progress. Fixlog.txt is attached.

I have stepped working on it now as it late (22:20hrs UK) but will continue with ADWCLEANER tomorrow

Fixlog.txt

Share this post


Link to post
Share on other sites

The fix run is a good one.   Bravo.  Thanks for sending.

Have a good rest.  I will check with you on this case this tomorrow,  after the next reply.

Cheers.

Share this post


Link to post
Share on other sites

I ran Adwcleaner and attach the results in attached file 'AdwCleaner[C00] Gledders1.txt'.

Also attached is file 'Fixlog Gledders1.txt'which is the same Fixlog file that I sent recently but renamed with Gledders1 at end

Having rebooted I went into Edge and entered a word to search but got the page which I attach as a screen grab 'Bonefreeze Malwarebytes page.jpg'. Edge goes to https://go.bonefreeze.com/**************** so it looks like bonefreeze has not yet been removed.

Please let me know what I should do. Thank you

Bonefreeze Malwarebytes page.jpg

AdwCleaner[C00] Gledders1.txt Fixlog Gledders1.txt

Share this post


Link to post
Share on other sites

Good morning.

Thanks for the info & reports.   This here is my first suggestion  ( at this point);  though I will post more after this.

I would like for you to run this test.

Use the keyboard shortcuts to start an elevated command prompt.
Press and hold the Windows-flag key on keyboard & tap the X key
On the flyout menu, select "Command prompt (Admin)"
Click Yes to confirm

In the Command prompt, Copy and Paste this
start microsoft-edge:https://bing.com

Then do some normal, typical things in Edge.

Share this post


Link to post
Share on other sites

This is part 2 for this morning.   Be sure you have done the quick ( short ) test mentioned in the preceding reply of mine.

 

For the time being, rather than typing a search in the address bar .....  First, use the address bar to go to either bing.com or google.com first

and then do the search on the search engine itself.

 

[ 2 ]

Drill thru the EDGE settings and look real close at the choice for SEARCH preference.

With EDGE open, look on the address bar on the very far right, look for & Click on the ... icon

Click Settings

Click the left <

so that you see a flyout list ( on the General tab)  that lists 4 sub-options on the left

look for Advanced and click on that.

You should see a tab "Advanced"  with Site settings

Scroll all the way down to the "Address bar search"

click the bar marked " Change search provider "

 

Take a look at what is listed as the ( default  )

If the default is not what you want, click it to select it.   Then click on the button Remove.

The goal here is to have the search engine of your choice listed here.

.

[ 3 ]

Next

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close EDGE browser and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

 

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

 

When done with Adwcleaner, click the X button to Exit out.

Thank you.

 

Share this post


Link to post
Share on other sites

I did as suggested "Press and hold the Windows-flag key on keyboard & tap the X key"

However "Command Prompt (Admin)" is missing on the flyout menu. Cropped screen clip is attached as JPG file to illustrate.

I Googled for this problem (which is well recognised) but am not sure which of many different approaches to take.

What is your recommendation please?

Thanks

Command Prompt (Admin) is missing.jpg

Share this post


Link to post
Share on other sites
Posted (edited)

Yours shows Windows Powershell (Admin)   whereas the typical norm is to have "Command Prompt (Admin) ".

Do this instead

Press Windows-flag-key +R key

In the text box of the Run option type in ,

cmd.exe

Copy and Paste this  into the Command prompt window
start microsoft-edge:https://bing.com

Then do some normal, typical things in Edge.

 

Then please also be sure to also do the tips on my second ( other) reply from yesterday.

Edited by Maurice Naggar
updated for cmd.exe

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.