Jump to content
Costa-VA

Fake Microsoft & Mozilla Warning in Firefox locks up Malwarebytes

Recommended Posts

Hello,

I have a system with current Malwarebytes Premium 3.8.3 installed.  It appears to have been hit with malware.  During browsing a page showed up with a fake page stating Mozilla Firefox had a problem and provided a fake Microsoft number for the user to call.  The LAN cable was pulled immediately and a full scan with Windows Defender was run that took 7 minutes, then the Malwarebytes scan hung up during the files scan segment and won't progress. I read the pinned info 'I'm infected...' and downloaded FRST and ran it however I'm concerned the malicious program could embed itself to the files on the USB drive created post-FRST.  Putting that drive into a network connected system could allow replication/migration to all the other PCs and Servers on the LAN.  Is there another way to provide info to Malwarebytes for our next steps processes?

System is a Windows 10 Pro, current on patches for the OS, FF Browser, Malwarebytes, Defender, etc. What additional information will be beneficial to get this process moving forward to remove the infection?  I have access to multiple programs I normally run offline on suspect systems, e.g. RogueKiller, Malwarebytes, Hitman Pro, ESET, Emisoft Emergency Kit, and on rare occassions, Power Eraser.

I can rewire my entire LAN and bypass the network switches putting the infected system directly into the WAN Router by itself to then upload files to this message.  I just find it interesting it is recommended an infected computer remain connected and then to set up a session with your forum system.  I await your advice before moving forward.  BTW, I'm USA East Coast time zone, just to assist in expectations of responses, etc.

Share this post


Link to post
Share on other sites
Hello Costa-VA and welcome to Malwarebytes,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Kevin,

Thank you for replying, however your cut/paste of the forum pinned post I referred to as having already read in my original post seems to indicate you didn't read my original post.  Please let me know how best to communicate with you so we can move forward, or if you are overloaded but still attempting to assist I appreciate it, just let me know.

Thanks, Costa

Share this post


Link to post
Share on other sites

Hello Costa,

I believe from your initial response only your infected PC would be connected, all other systems were disconnected. Hence I ask that you download and run FRST and post logs, I never ask for you to use USB device..

Thank you,

Kevin

Share this post


Link to post
Share on other sites

Kevin,

Thank you, I appreciate your response. 

We can close this topic, I've already used other programs to clean the system and have restored it plus repaired Malwarebytes as this was required.  The PC is back up and fine.

Thanks, Costa

Share this post


Link to post
Share on other sites

Hello Costa,

Thanks for the update, good to hear you have self fixed the issue. Will close out your thread as requested..

Regards,

Kevin.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.