Jump to content
Gucci

jackielovesdogs' and then to 'beforwardreallygo

Recommended Posts

I have just seen my computer telling me it is downloading 'beforwardreallygo and it didn't ask my permission first.  I clicked on a link which went to a porn site and i just closed it.  I don't have a mac and my homepage isn't changed.  What can I do to delete it?  I have windows 10.  Thank you.

Share this post


Link to post
Share on other sites

I clicked on a link on a legal page and  jackielovesdogs' and then to 'beforwardreallygo opened up.  Then it automatically downloaded itself, then later my computer asked me with a Chrome pic in the corner if I wanted to create a character, but I don't know where it has downloaded to or how to clean it up as I can't find anything in my scans or chrome scan.  

Share this post


Link to post
Share on other sites

Hi, @Gucci     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.   I understand that your pc runs on Windows 10.


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.623.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

Thank you Maurice for your suggestion.  I will try that soon, although KEarley says that it made no difference.  I could stop using Chrome but my phone is a google phone so i wonder if my phone has this Malware also?

Share this post


Link to post
Share on other sites

This Thread/topic is for member  GUCCI only. who is the topic starter.

If you are not  Gucci   , do NOT post here  

 

Hello Gucci.

There is no basis to suspect that your phone would get a malware from the situation of your PC having Chrome.

Now then.... I was looking for the Support tool report so I can review and then guide you forward.

 

 

Share this post


Link to post
Share on other sites

Hello Maurice,  Ok I have saved the link you suggested on my desktop.  What next?  I am in the UK so time is different here.

Thanks

 

Share this post


Link to post
Share on other sites

Hi.

I am not sure what you mean by saved on desktop.   I very much need for you to ATTACH the ZIP fie produced by the Support tool into a REPLY here on this thread.

a file named mbst-grab-results.zip will be saved to your Desktop.
Please attach the ZIP file in your next reply.    Start a REPLY  and then use the guide below to go about ATTACHING  the ZIP file report.

 

  • To save attachments please click the link on your screen that is marked CHOOSE FILE. Then browse to where your file is located  on your system and select it and click the Open button.
  •   

_mb_attach.jpg

 

Share this post


Link to post
Share on other sites

Hi.  Thanks for sending the zip file report.  There will be more things to do later on.  Please have patience.

We will take one thing at a time.

This PC does not have Malwarebytes for Windows.  I suggest you get it  ( its Free to get & use  and will have a 14-day trial period running the Premium trial mode.)  + install it + do a scan with it.  How to get and install it is listed in the help article below.

I noticed that one of the things this PC has is something called  Pro PC Cleaner

That needs to be removed.

see Removal instructions for Pro PC Cleaner
https://forums.malwarebytes.com/topic/178455-removal-instructions-for-pro-pc-cleaner/

 

There will be more to do later.

Share this post


Link to post
Share on other sites

I have downloaded the premium version and run a scan and quarantined all the 78 items.  What shall I do now? Thank you.

Share this post


Link to post
Share on other sites

Hi.   

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Version 7.4 of Adwcleaner  detects factory Preinstalled applications too!

I  encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/.

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

I have done the adwcleaner scan but when it restarted I now can't find it.  I looked in program files and found it on my c drive but can't find the reports button

Share this post


Link to post
Share on other sites

@Gucci

See this help article on Adwcleaner.

Find the last ( most recent) Clean "C" report and attach it for me, into a new reply.

Share this post


Link to post
Share on other sites

I can't find the nice visual box so I can't find anything to click on. Where is it on my pc after a restart

 

Share this post


Link to post
Share on other sites

Look on the Downloads folder for "Adwcleaner"

Start Adwcleaner.   Then click on the button on the left marked "Log files"

 

I also need for you to run a different diagnostic report, so I can have new additional information.

RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.

  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

.

 

Share this post


Link to post
Share on other sites

Thanks for the reports.  The Adwcleaner has removed Amazon Assistant.

There is no need to rush to delete what is in Quarantine.  Things in Quarantine are inert & don't pose any threat now.  But yes, you can delete content of Quarantine.

 

Q:  How are things at this point in time ?   and can you fill me in as to    jackielovesdogs   +  beforwardreallygo    ?

Security sidenote:  This pc has an old Java release:   Java 8 Update 151

If you no longer need it, you should Uninstall it.

If you want to keep it, you need to get it Updated to Java 8 Release 221 .

See all the notes here - >   https://securitygarden.blogspot.com/2019/07/oracle-java-se-critical-security-update.html

 

Share this post


Link to post
Share on other sites

Ok great.  Well I just clicked on Google Chrome since all the things you've suggested and its said 'your Norton has exp;ired today, by beforewardreallygo.icu so it is still there.

Share this post


Link to post
Share on other sites

I may have to have you do a clean-boot-startup later on.   Lets slow down & re-gather some fresh reports.

In this here, it is super critical that you saved FRST64   to the Desktop folder.

 

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST64.


1: Please download FRST64 from the link below and save it to your desktop:


"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file


Run report with FRST64

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is checked    -    also check the box for Shortcut    listed under Optional scan on the FRST screen

and click the box "90 day files "
 

Press Scan button and wait.




The tool will produce three logfiles on your desktop: _FRST.txt_ , _Addition.txtShortcut.txt
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 3 files to your next reply.

Thank you.

Share this post


Link to post
Share on other sites

Thanks for the reports.

Some notes:  I do not see "  jackielovesdogs or 'beforwardreallygo"   shown on these reports.

That said, it is super-duper critical to pay attention as to just exactly where one starts Chrome.   Whether from the Start menu itself in Windows, OR if from some other specific shortcut link !!!   always pay attention from where you start a browser when you are having pressing issues.

You can start Chrome in very basic mode by using this special way.

if Chrome is "having an issue" in standard mode:
You can force Chrome to start in reduced mode, called Incognito mode, by putting a parameter at startup.
First, close any prior instances of Chrome via Task Manager.
Then press Windows-key+R for the RUN option and then put a command line similar to this {do use COPY & PASTE}

chrome.exe -incognito



Starting Chrome in Incognito mode may work for you, and allow you to make "changes" or tweaks in it.
Note also, Incognito mode is also an option in the Chrome menu {as long as it can start}.


Other suggestions, for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

 

[ 2 ]

This fix is for Gucci  only.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Desktop

The tool named FRST64.exe  is already on the Desktop folder.

Start the Windows Explorer and then, open the Desktop folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your reply.    Also advise on the situation after this run.

 

[ 3 ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

also, if you use Chrome or Firefox browser, install the Malwarebytes beta browser extension.  There is one for Chrome & another for Firefox.

To get & install the Malwarebytes beta Chrome extension,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

To get & install the Malwarebytes beta Firefox extension.

Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

Fixlist.txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.