BruceJohnson Posted September 21, 2019 ID:1336185 Share Posted September 21, 2019 Hey so MalwareBytes finds the PUP as listed in the subject line, but if I try to quarantine it, my computer shows a black screen after log-in with no taskbar/icons/desktop and only cmd prompt is visible. I tried removing it about three times and each time this happened and I had to perform a system restore. I've attached my logs any advice would be appreciated. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 21, 2019 ID:1336204 Share Posted September 21, 2019 Hi, BruceJ My name is Maurice. I will be helping and guiding you, going forward on this case. Let us begin ( as a first step) to get your pf to have the very latest version 3.8.3 for Malwarebytes for Windows. The version it has now is a Old version 3.5.1 Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool. Uninstall and reinstall using the Malwarebytes Support Toolhttps://support.malwarebytes.com/docs/DOC-2674 [ 2 ] Lets do a cleanup of 2 not-needed auto-started settings on this machine. One of them is about the "RiskWare.BitCoinMiner.COMSPECRST" This custom script is for BruceJohnson only. Please Close and save any open work files before you start this next step. It will involve a Windows Restart at the end of it. I am sending a custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder The tool named FRSTENGLISH.exe tool is already on the Downloads folder. Start the Windows Explorer and then, open the Downloads folder. Double click FRSTENGLISH to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply Let me know how things are after this. Let me know after this has been done. We can then proceed with other steps. Fixlist.txt Link to post Share on other sites More sharing options...
BruceJohnson Posted September 23, 2019 Author ID:1336432 Share Posted September 23, 2019 Fixlog attached. Malware looks to be gone, Malwarebytes isn't finding it anymore and my PC is running like it should. Thanks for the help! Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 23, 2019 ID:1336544 Share Posted September 23, 2019 That run was good. Thanks for the log report. I am glad to know things are normal. Best wishes to you. . See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". . Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet. Do a Windows Update. Make certain that Automatic Updates is enabled.https://support.microsoft.com/en-us/help/12373/windows-update-faq Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" Sincerely, Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 23, 2019 ID:1336545 Share Posted September 23, 2019 p.s. You should delete the file FIXLIST.txt & Fixlog.txt You may delete any files, tools I had you download. Link to post Share on other sites More sharing options...
Recommended Posts