Jump to content
Davide07

Malware and Pop up, Help

Recommended Posts

Hello everybody.

I need support about an Exploit warning (popping out a few minute after i'm using  Chrome). Before installing Malwarebytes, there was  a pop-up like this one: https://www.youtube.com/embed/40TkkbVmOGg?start=10

It says: "there was a problem starting C:\WINDOWS\System32\vccorelib141xvd.dll The specified module could not be found"
 

This is the report with Malwarebytes:

 

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data evento di protezione: 19/07/19
Ora evento di protezione: 20:19
File di log: b82a22aa-aa51-11e9-834e-bc5ff42c0392.json

-Informazioni software-
Versione: 3.8.3.2965
Versione componenti: 1.0.613
Aggiorna versione pacchetto: 1.0.11632
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 18362.239)
CPU: x64
File system: NTFS
Utente: System

-Dettagli exploit-
File: 0
(Nessun elemento nocivo rilevato)

Exploit: 1
Malware.Exploit.Agent.Generic, , Bloccato, [0], [392684],0.0.0

-Dati exploit-
Applicazione interessata: cmd
Livello di protezione: Application Behavior Protection
Tecnica di protezione: Exploit payload process blocked
Nome file: C:\WINDOWS\system32\rundll32.exe rundll32.exe C:\WINDOWS\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Hi, @Davide07    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

 

This Thread/topic is for member  Davide07  only. who is the topic starter.

If you are not Davide07    , do NOT post here  

 


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

Thanks for the report. 

I have listed 2 things to do.  The first is a small cleanup.

[ 1 ]

This  is for Davide07  only.

  

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder

The tool named FRSTENGLISH.exe  is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

[ 2 ]

Keep going with this.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/it-it/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

[ 3 ]

Kindly attach the Fixlog.txt with your next reply

Let me know if the block notice " Exploit payload process blocked "   happens.

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Done, but the problem still persists as you can se:

Quote

UFP7Z0T.png?1

Quote

sHPEOja.png.e6b5d6734af23b1d8052c095d80b4725.png

With Microsoft Safety Scanner hasn't found any Virus

Quote

b7cbcce.png.5e1bad7a5ac0268f7eb68d2ee79a972d.png

i attach the Fixlog.txt 

Fixlog.txt

Share this post


Link to post
Share on other sites

This is report with Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data evento di protezione: 20/07/19
Ora evento di protezione: 16:04
File di log: 503ac798-aaf7-11e9-966d-bc5ff42c0392.json

-Informazioni software-
Versione: 3.8.3.2965
Versione componenti: 1.0.613
Aggiorna versione pacchetto: 1.0.11642
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 18362.239)
CPU: x64
File system: NTFS
Utente: System

-Dettagli exploit-
File: 0
(Nessun elemento nocivo rilevato)

Exploit: 1
Malware.Exploit.Agent.Generic, , Bloccato, [0], [392684],0.0.0

-Dati exploit-
Applicazione interessata: cmd
Livello di protezione: Application Behavior Protection
Tecnica di protezione: Exploit payload process blocked
Nome file: C:\WINDOWS\system32\rundll32.exe rundll32.exe C:\WINDOWS\System32\vccorelib141xvd.dll vcrt_InitializeCriticalSectionEx
URL: 

(end)

Share this post


Link to post
Share on other sites

Thanks for the reports and screen captures.   Note, I do not need screen image of Malwarebytes.

It looks to me that there are some other things going on here that complicate the situation.   One of them is Avast antivirus.

Can we temporarily uninstall Avast antivirus.  Uninstall Avast using the standard way to do that in Windows.

Press and hold the Windows-key on keyboard and then tap the R key to get the RUN option.

Then type in  

Quote

appwiz.cpl

Find AVAST in the list & do a right-click and choose Uninstall.

Close the window after it is completed.

 

After uninstall of Avast please download and run their clean up tool  http://files.avast.com/files/eng/aswclear.exe

This is running Windows 10 which has the excellent Windows Defender antivirus.

[ 2 ]

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not


We will do more later.   But I would like to know, each time you reply, IF the "RunDLL"  message notice,  OR the " Malware.Exploit.Agent.Generic" notice from Malwarebytes happens .

By the way, the RUNDLL message window is from Windows itself.

Sincerely.

 

Share this post


Link to post
Share on other sites

Tanks  for the reply, good sir

No threats found after running Kaspersky, and the message " Malware.Exploit.Agent.Generic"  from Malwarebytesproblem still persist.

Share this post


Link to post
Share on other sites

Sorry to hear of the latter.

On a side note, unrelated, the Java on this box needs to be updated to the latest security update.

Java SE   8   version 221

    Release Notes: https://www.oracle.com/technetwork/java/javase/8u221-relnotes-5480116.html
    Download:  https://www.java.com/en/download/manual.jsp

.

There is a way to troubleshoot this type of issue.  By doing a clean-boot startup.  Then one by one re-enabling some of what you temporarily turned off.

Get a notebook and pencil handy.  Keep good notes on what you turn off  ( in the auto-started programs).

You can do it in thirds or halfs.

How to perform a clean boot startup of Windows

https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

The concept is to see which of the auto-started programs is the source of the issue.

Share this post


Link to post
Share on other sites

Ok, done,

The issue keeps occurring even if i have disabled all services. BUT i have noticed that the ‘warning’ sign of malwerebytes shows up only when i use chrome...

Share this post


Link to post
Share on other sites

Hello.

Thanks for letting me know that Chrome is the suspected source.  You should go back & re-enable other programs you turned off from auto-start.

 

These next 2 tips may help with Chrome.  If not, later on, I may well suggest a uninstall of Chrome followed by a new install.

[ 1 ]

Please use Chrome  you to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[ 2 ]

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

Please download  Malwarebytes AdwCleaner from here:
Click the blue Download button.   ( do not pay attention to the other text displayed on that screen).

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click AdwcleanerGUI  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

Thank you for the adwcleaner report.  Regret to read that the issue is still on-going.

if Chrome is "having an issue" in standard mode:
You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.
First, close any prior instances of Chrome via Task Manager.
Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE}

chrome.exe -incognito



Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it.
Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}.


Other suggestions, for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )


Still in Chrome, press ALT+F then Settings
Click Extensions on the left.
Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Also see these Google - Chrome articles and take appropriate measures !!
Reset browser settings
https://support.google.com/chrome/answer/3296214

.

Share this post


Link to post
Share on other sites

i've done all your step, but the problem is still here, i can't believe it :wacko:

i've disable all the extensions and i've done a clearing browsing data.

Only one positive thing: i don't have anymore the error "RunDll".

Share this post


Link to post
Share on other sites
41 minutes ago, Davide07 said:

Only one positive thing: i don't have anymore the error "RunDll".

That is at least, a good thing.

 

You should consider to reset Chrome back to defaults to completely clear out what is going on.

You can keep the bookmarks by exporting them - 
http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816 Export Bookmarks


Follow instructions to remove all Google Sync data - 
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/



Now we need to uninstall Chrome 

make sure to select the "Also delete your browsing data" tick box

https://support.google.com/chrome/answer/95319?hl=en-US

Re-install Chrome:
https://www.google.com/chrome/browser/desktop/

.

 

Next,     See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.


After you have Chrome reinstalled please check things out and let me know how it is doing.

 

Share this post


Link to post
Share on other sites

Ok, no more ‘warning’ sign of malwerebytes when i'm using Chrome...BUT ffs there is again the error "RunDll" when i start Windows 10. 

Share this post


Link to post
Share on other sites

Hello,

My first question:  Can you confirm that you uninstalled and did a brand new install for Chrome just like I listed in post # 16 ?

Question # 2:  Are you reporting that the Run DLL error happens even when you open any folder using Windows File Explorer ?

Please just reply to all that along with the next report.   That is to say, do the report below and provide all in one single reply.  There is no need to rush.  No need to do multiple replies in a row.  Take your time  and gather all   .....before pressing Submit.

 

The report tool FRSTENGLISH is on the Downloads folder.  We will use that to do a search  & then you will send me the report, after that.

Use Windows File Explorer and go to the Downloads folder

Start FRSTENGLISH  by double clicking it.
Type the following into the search box exactly as show then press the Search Files button

SearchAll: vccorelib141vxd

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

Share this post


Link to post
Share on other sites
15 hours ago, Maurice Naggar said:

Hello,

My first question:  Can you confirm that you uninstalled and did a brand new install for Chrome just like I listed in post # 16 ?

Question # 2:  Are you reporting that the Run DLL error happens even when you open any folder using Windows File Explorer ?

Please just reply to all that along with the next report.   That is to say, do the report below and provide all in one single reply.  There is no need to rush.  No need to do multiple replies in a row.  Take your time  and gather all   .....before pressing Submit.

 

The report tool FRSTENGLISH is on the Downloads folder.  We will use that to do a search  & then you will send me the report, after that.

Use Windows File Explorer and go to the Downloads folder

Start FRSTENGLISH  by double clicking it.
Type the following into the search box exactly as show then press the Search Files button

SearchAll: vccorelib141vxd

Please wait while the program searches for all entries relating to this program, when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

 

 

1) Yes

2) Yes OR when i right-click mouse button on a file as you can see:

Quote

933220079_UntitledProject.thumb.gif.33b2e531e5e7315f533577a862373994.gif

 

 

FRST.txt

Share this post


Link to post
Share on other sites

You sent a FRST.txt

What I am looking for is different.  Did you do the Searchall procedure ( I last outlined that ) ?

Then I was looking for the result file named search.txt log    < < - - - - - -

 

What the Windows (File ) Explorer screen shows, points to a setting of some sort for the right click context menu in Windows  ( for Windows Explorer ).

Share this post


Link to post
Share on other sites

Thanks for the log, "Search".   Alas, there is nothing there,   The mystery is what is calling for that DLL.   It likely has to do with the Windows right-click context menu options.

The behavior and result is a glitch in this Windows.   It is not any infection.  The search did not find the DLL anywhere.

I suspect if you do not do a right-click  that you would not see that error message from Windows.

I will get back with you on this, after I have the time & opportunity to do some additional research.

 

Share this post


Link to post
Share on other sites

N.B.   I do have a question at this time.  What is the active / resident antivirus presently on this machine?

Is it Kaspersky ?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.