Jump to content

Recommended Posts

So, my wife got a nasty virus I think it's a rootkit deal.  I sent a support ticket but I was not logged in as a MWB premium user should I re-submit the ticket?  Just wondering cause they had me send the logs from the infected computer then went dark. 

I just wanted to know if I needed to take a hammer to 500 bucks in brand new drives. (thank goodness I refuse to network our PC's - BSG paranoia).  My MWB Premium purchase said faster access to support but I have no idea "how" I get faster access?

No idea how this got past MWB but it's a little concerning.  I am going to have to firewall the heck out of my wife's FB "wandering" in the future.  What ever this it it deleted MWB and Avast and shuts the PC off any time you try to reinstall them.

Share this post


Link to post
Share on other sites

Hello N2HC.

I understand that you have a ticket with Malwarebytes support.  What is the ticket number ?

When did you first create that ticket?

Has a actual agent replied to it ?

 

Please know that tickets created on the weekend would not be worked  ( until the next work week)  since Support has a very small staff on the weekends.

The staff replies to new cases in the order of oldest one first.   First in, first out.

 

Out of curiosity, you mention

Quote

my wife got a nasty virus

but without any detail of any sort.    What did she or you see exactly ?  where ?  how ?   any description of any sort ?  Is a web browser involved ?

Did you run a scan with Malwarebytes for Windows ?   result of that scan ?

 

but you also mention this

Quote

What ever this it it deleted MWB and Avast and shuts the PC off any time you try to reinstall them.

Which if so, may well mean there is serious infection that blocks all security softwares.

Go to this pinned topic on top of this sub-forum.   Get, save, then run the special Malwarebytes anti-rootkit tool

 

Let me know about this run.

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Share this post


Link to post
Share on other sites
8 minutes ago, Maurice Naggar said:

Out of curiosity, you mention

Quote

but without any detail of any sort.    What did she or you see exactly ? 

Basically this: 

 

Okay that's three days of crazy stuff involving USB thumb drives and stuff I am unfamiliar with...this is why I got MWB Prem so I would "hopefully" not have to do stuff like this.  I honestly want to WIPE all her drives and start over.  So my original question to support was "can I wipe these drives and kill it", or is a hammer in my future?  ( I already hammered an 18 gig thumb drive.)

Quote

Which if so, may well mean there is serious infection that blocks all security software.

Go to this pinned topic on top of this sub-forum.   Get, save, then run the special Malwarebytes anti-rootkit tool

Yes I agree, Nasty dam thing.  I ran Farbar recovery scan tool from your link from: the Director of Global Support not sure if I can paste his name here.  He had me do a https://support.malwarebytes.com/docs/DOC-2388
 

My ticket is Your support ticket 2685112
 

I had already been messing with FarBar before I put a ticket in.  I have the PC in safe-mode with network support and Farbar open and the virus (or what ever) has not been able to shut the PC down "yet".  This allowed me to install a new MWB but it scanned with nothing detected.  I am running a CCleaner atm and Western Digital wiped my SSD blue (data drive) clean with a "low pass"?  Anyway that drive was wiped with noise so they say and I did not reformat it yet. The WD Black NVMe is all that is left.


Look I am going to be honest with you.  I have an aliment from my time in the service and it causes major anxiety.  I know you guys care about saving data but in this case I just want to nuke it from orbit..it's the only way to be sure.  =p

Share this post


Link to post
Share on other sites

Anti-root kit says no malware detected.

Share this post


Link to post
Share on other sites

I have a number of tips for you.  Please have patience.  Please not be looking at some other person's old post.

I would like a copy of the MBAR run log

you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

and

if you have run the FRST tool lets get the 2 reports attached  from that tool.   Attach FRST.txt   and Addition.txt

 

Please do not go "nuking" or "wiping" anything without guidance.

Also please understand that I am a volunteer here.

  •  

Share this post


Link to post
Share on other sites

LoL Okay, sorry I understand.  Um, I will have to log in on her PC not transferring a file to my PC give me a few.

Share this post


Link to post
Share on other sites

Do you want any of the Farbar docs?

 

Share this post


Link to post
Share on other sites

Thanks very much for that log.

Please look at where you saved the FRST tool

I would like very much for you to attach the 2 report files  named FRST.txt   and Addition.txt

Share this post


Link to post
Share on other sites

Keep in mind before I posted here I was in a panic so the "K" drive has been wiped by Western Digital support in case it is in the logs. (I know don't nuke anything else before you can help) 

Share this post


Link to post
Share on other sites

Thanks for the FRST.   Remarks, follow

Even when this pc is in Safe Mode (with Networking)   the Malwarebytes for Windows is running.   and the resident antivirus is the Windows 10 Windows Defender.

Avast is not set as the resident AV.

You should be able to run a scan with Malwarebytes for Windows   ....lets do that as a sanity check.

If you get any "exception" message from Malwarebytes, just keep going forward.

This run may take several hours.    Please have lots of patience.  It is worth doing.

 

I  suggest you do a CUSTOM scan on the whole C drive !

Open Malwarebytes

Click the Settings menu followed by the Protection tab.

Scroll down to Scan Options and turn the Scan for rootkits setting on.

 

Next, click the icon button at left marked SCAN

 

Then, from the 3 panel choices, click on the middle one marked CUSTOM

( IF you see a summary white screen with a green check, click on the Close X spot on the right side so you get to that out of the way & then click Scan button on the left & then Custom scan on the middle selected .)

 

 

Then click on Configure Scan button

 

be sure the Scan for rootkit on left is ticked

 

Be sure to click on the box marked C on the right.

You want to scan the whole C drive.

 

Then click Scan Now button.

 

Then see what the result is.

.

 

Share this post


Link to post
Share on other sites

Okay doing so now.

Share this post


Link to post
Share on other sites
Posted (edited)

OK.   Just let the scan run  and be confident.   Monitor from time to time.   Just relax and perhaps have a iced tea.   A custom scan will take several hours.  A lot depends on how may files are on that C drive  and the speed of the machine.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hi.  Just so you know, a Support agent will be replying and taking care of your Support ticket.

I have relayed a few basics about the situation.   I would advise that you let the custom scan finish.

I still would like to know the result of it.

I will be planning to close this ticket here on the forum.   We cant have 2 pilots in the wheelhouse.

Sincerely,

Share this post


Link to post
Share on other sites

Sorry for multiple messages.  Did you run MBAR on the suspected machine ?

and further, when you ran that tool & the FRST ......was Windows logged into with  a different user-Login-account  ( Windows )  from the one that your spouse uses ?

Share this post


Link to post
Share on other sites

Hey, thanks.

Result: no threat detected...did take hours.  

Thanks for your time I hope they can help.

Share this post


Link to post
Share on other sites

I am very glad to hear that the Custom scan has found no malware.

I am glad to have helped.  I am now marking the case for closure since you are now in active touch with a support agent on your support ticket.

We cant have 2 pilots in the wheelhouse.

All my best to you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.