Jump to content

What do I do with this?


Recommended Posts

If memory serves me right my windows 10 had a auto update and then a few hours later, I opened up a PDF file and received this notice upon opening up the file:

Adobe.thumb.JPG.32820bd868525a1772916a37dd33aee0.JPG.

 

Then I received a popup notification from Malware Bytes saying something was blocked and I needed to reboot now, which I did.

Here is the log report MWB stored of this virus being blocked;

1366533178_MWBImage.thumb.JPG.c37da9db283fc7e23c6e155093ba1cc4.JPG

 

Now whenever I try to open a PDF file with Adobe as the defaulted program I get the above error of the AppContainer.

 

Can anyone help me? I did open/download a pdf file from a vendor that I was having issues with but I never had a alert once I opened their file, why is this happening and am I truly infected?

6.14.2019 Report.txt

Link to post
Share on other sites

Hello moetee,

My name is Maurice.  I will be helping and guiding you on this case.

Lets start with a special scan,

 

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.

When scan is all completed,      In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your email. Thank you.   We will do more later on.

.

Link to post
Share on other sites

Hello @moetee

I am sorry but Malwarebytes had had a false positive about the Adobe DLL you wrote about.  A database update was pushed out earlier today.

See 

 

Just do an Update run in Malwarebytes to be sure that it has the latest database definitions.

Start Malwarebytes for Windows.  On the Dashboard screen, look on the far right frame, under "System"

Click the blue line next to Updates.

After that, let me know if the situation is cleared up.

 

Link to post
Share on other sites

4 hours ago, Maurice Naggar said:

Hello moetee,

My name is Maurice.  I will be helping and guiding you on this case.

Lets start with a special scan,

 

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.

When scan is all completed,      In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your email. Thank you.   We will do more later on.

.

Hello Maurice,

Thanks for your prompt response.

 

  • Scan for rootkits has already been ON.
  • The threat scans did it 3x times and nothing was detected.
  • There is no update that populated when I checked for updates.

Second Scan.txt First Scan.txt

Link to post
Share on other sites

59 minutes ago, Maurice Naggar said:

Thanks for the reports.   Your system is good to go.   The original issue was a false positive.   That was corrected thru a database update.

We can close this case.

Is there anything else you need?

Maurice

I think you may have misunderstood me.

This happened to me at 11:55pm last night and this alleged update fix was announced that it was released 10-15 hours later. I still have yet to receive this update patch through my Malware program?

And I am still getting this error when I'm opening up Adobe.

Link to post
Share on other sites

I am sorry to hear that.

Please be sure to do a new Update run today, on the Dashboard screen of Malwarebytes.

 

[ # 2 ]

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

Link to post
Share on other sites

4 hours ago, Maurice Naggar said:

I am sorry to hear that.

Please be sure to do a new Update run today, on the Dashboard screen of Malwarebytes.

 

[ # 2 ]

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

It's 4 hours since your post and I just hit the "Current" feature on the dashboard and MBW starting to Download and then Apple such Updates.

I went back to open a PDF file via Adobe and I have the same error of Appcontainer. But. no notification of MWB blocking that mentioned Backdoor.Remco virus, why is that?

Also, please see attached file as per your request. Thank you for your prompt assistance!

mbst-grab-results.zip

Link to post
Share on other sites

When replying, there is no need to press the "Quote" option.

Thanks for the report.

The Malwarebytes database is all up to date  ( as of this writing).  It is Current.

If you have not done one Windows Restart today, please do so now.

The Malwarebytes program is good to go.

.

There are no website block events logged for today.

The last ( oldest ) Remcos notice was from the 15th.

.

How are things now ?

 

Run a scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed.

When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your
reply.

Cheers,

 

Link to post
Share on other sites

There is a DLL file in Quarantine that you need to Restore ......  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll

Start Malwarebytes.

Press the Quarantine button.    Look for the C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll

Click the check box on that line.   Then press the Restore button  & follow the prompts.

Close the program window when done.

Link to post
Share on other sites

There was a false positive yeterday in Malwarebytes about the DLL.   and it got put into Quarantine.

If you would just Restore it now, the Adobe app should do ok.

False positives can happen on any security program.

If after the restore the Adobe is not ok, do a new install of the Adobe.

.

The thread about the information on the false positive is on this thread

 

Link to post
Share on other sites

2 hours ago, Maurice Naggar said:

Hello,  How is the situation at this time?

Well, I have Nitro PDF editor and I am using that as a default PDF reader.

I feel weary to remove the that DLL out of MBW, but your saying its a clean DLL file right?

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.