Jump to content

Recommended Posts

Sorry for my bad Ebglish but is not my first lenguage

i get a lot of this tipes of messages

-Dettagli log-
Data evento di protezione: 08/07/19
Ora evento di protezione: 18:06
File di log: 5877a1b2-a19a-11e9-88ff-88d7f631dce7.json

-Informazioni software-
Versione: 3.7.1.2839
Versione componenti: 1.0.586
Aggiorna versione pacchetto: 1.0.11454
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 17134.829)
CPU: x64
File system: NTFS
Utente: System

-Dettagli siti web bloccati-
Sito web nocivo: 1
, , Bloccato, [-1], [-1],0.0.0

-Dati sito web-
Categoria: Adware
Dominio: saltjs.01bd.ru
Indirizzo IP: 104.27.139.14
Porta: [53193]
Tipo: In uscita
File: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Also i can't access antivirus sites and my google account from my browsers(Chrome, Edge, Internet explorer)

i'm writing from another PC Bocause i can't connect to these forums from the infected PC

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Hi,  @darkgoogol    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please try not to self-medicate while this case is on-going here.  I notice the use of special tools like Rogeukiller.  Dont self-medicate.

and if you are getting help elsewhere, Stop and let me know.

 

What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out.

There is a how-to at Tenforums. Use either option one or two or three

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

[ 2 ]

This next action is a first step.

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Desktop

The tool named FRST64.exe  is already on the Desktop folder.

Start the Windows Explorer and then, open the Desktop


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Kindly attach the Fixlog.txt with your next reply

Fixlist.txt

Share this post


Link to post
Share on other sites

Thanks for the scan report from Malwarebytes for Windows.  That is good.

 

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

Please download  Malwarebytes AdwCleaner from here:
Click the blue Download button.   ( do not pay attention to the other text displayed on that screen).

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click AdwcleanerGUI  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

Very good result from the Adwcleaner scan.  Thanks.

 

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

Then let me know, How is the overall situation ?

Share this post


Link to post
Share on other sites

The situation is the same as before.

I continue to recive messages from Malwarebytes about saltjs.01bd.ru, i can't access my Google account and i can't open Sites about antivirus and antimalware

Share this post


Link to post
Share on other sites

Which specific web browser  (s)  are these?   What is the specific error message from the browser ?

Let me know that later, after this next run, in your next reply.

 

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from here this link

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

Share this post


Link to post
Share on other sites

humhh

Just try doing a Windows Restart.   Try just one more time.

Share this post


Link to post
Share on other sites

Hello.

I have a two step procedure to help with the DNS errors situation.   Close the MBAR screen if it is still open.

[ 1 ]

Use this article as a guide.  Pick either OPEN DNS or Google DNS  for the DNS servers.

https://www.howtogeek.com/164981/how-to-switch-to-opendns-or-google-dns-to-speed-up-web-browsing/

 

[ 2 ]

Start NOTEPAD { you can press Windows-key+R keys to get the RUN option
and then type in

NOTEPAD.exe


and press Enter key to start NOTEPAD.

Check and make sure "word wrap" is off. 
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines below to Notepad:


@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1
del %0




now Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

 

[ 3 ]

Try one more time the MBAR anti-rootkit tool.

 

Regards.

Share this post


Link to post
Share on other sites
Posted (edited)

This Thread/topic is for member  darkgoogol   only. who is the topic starter.

If you are not  darkgoogol   , do NOT post here  

I have asked Admin to split off the 2 posts by the other party.

Hi, Darkgoogol.

Thanks for the MBAR log.  The clean result from MBAR is very encouraging.

Lets see about getting a different report, please.There is a report tool named OTL , Oldtimer's ListIt
We need to create an OTL Report

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the otlicon.png icon on your desktop.
  4. Reply YES when prompted by Windows whether to allow it to Run
  5. Click the "Scan All Users" checkbox.
  6. Push the runscan.png button.
  7. Please have Lots of Patience as this report my well take several minutes.  Let it run.
  8. Two reports will open, please Attach the 2 files with your Reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

     

Sincerely,

Maurice

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Thank you for the OTL reports.   Comments to follow later.

At this time though, lets have you, one by one, Start each web browser  & Delete all Cache  & all History

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for each of your web browser programs.
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/ 

Share this post


Link to post
Share on other sites

This Thread/topic is for member  darkgoogol   only. who is the topic starter.

If you are not  darkgoogol   , do NOT post here  

 

Thanks again for the OTL reports.   There was no mention there of .ru  or of 01bd.ru

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows, without having to create bootable media.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
Then look on the right hand side and click on Windows Defender.
Then, scroll all the way down on the scroll bar, down to where you see "Windows Defender Offline"
Click on the button Scan Offline to start the process and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

Share this post


Link to post
Share on other sites

That is very good.   How are things now ?

 

I would like to have you run a different report tool, so I can review.

Please download and Save this next tool to the DESKTOP ( if possible) or else to the Downloads folder ( so you can get to it easily).
Please note that the results of the following scans are not necessarily indicative of malware on your computer.

 RogueKiller Scan

  •  
  • Save the file first,
  • Close any running programs that you started on your own ( if any).
  •  
  •  
  • Follow the prompts. If a browser window opens, close the window.
  •  
  • In the HOME tab, click Start Scan.
  • Upon completion, a browser window may open. Close this window.
  •  Please do not have RogueKiller remove any detected items.
  • Click the HISTORY tab followed by Scan Reports.
  • Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
  •  


Thank you.

Share this post


Link to post
Share on other sites

Hi,  I am glad to know that all is well.

You should keep Adwcleaner.  You can run that on occasion manually, as needed, to check for adwares.

All the other tools that I had you download you can delete.

.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

.

I am glad to have helped.  If you need something else at this point, let me know.

I will have this thread marked for Closure.   All best wishes to you.

Sincerely,

Maurice

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.