Jump to content
jdod

"Your PC is broken" pop up lead to these discoveries

Recommended Posts

Hello,

Today I was reading news articles linked from MSN I think using the Microsoft Edge browser and while reading one I got a pop up that exclaimed my PC was broken and that I needed to do something all the while a stead tone was screaming through my PC speakers.  I didn't fall for it and did not click the OK or do whatever they wanted me to do next, I just closed the browser.  I ran Malware bytes and another popular spyware finder and neither found anything.  Then I opened my task manager to see what I could find was running that might surprise me and found this process.  I don't recall it ever being there before but I cannot be sure of that.

image.thumb.png.c83a8b3c8b64173afd98adacc0c41f2c.png

Then I opened Edge again then re-opened the task manager and looked at the detail for Edge and some of what I found does not look good to me. The only tab opened at this time was Gmail, that is all.

image.png.57eb4415b4b2bd2df2bc45d8ff0ad504.png

My PC is not misbehaving in any way.  I don't perceive any bad stuff going on but if any of this is nefarious, I would like to remove it.

Thank you for your assistance!

Jeff

 

Share this post


Link to post
Share on other sites

Hello Jeff.

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

.

The screen grab for Edge does not show abnormal things.  What you described at the top is a scam page on Edge intended to lure you into a scam.

Closing the tab-page that carried that would have stopped the audio scare, as well as stopping the screen display.

I can provide more tips on that later on, if you wish.

.

Look at the following Malwarebytes Blog article and scroll down to the section marked *Clear your browser's cache* 
and do that for each of your web browser programs.
https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/


 

Let us begin by using this first special mini-tool.

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

 

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please post the log

 

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

But whatever happens, be sure you go ahead and do the following report for sure.   Thanks.

 

[  2  ]

We need to get detail information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support- 1.5.1.681.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites

Thank you for the reports.

I noticed a whole big raft of opened Chrome tab pages listed as open.  You should see about closing those you do not absolutely must have open.

 

Below here I have listed 3 different tips.

[  1  ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

[   2   ]

 

I suggest you install the Malwarebytes Browser guard on to Chrome browser.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome browserhttps://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

To get & install the Malwarebytes Browser guard for Firefox

Open this link in your Firefox browser:   https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

[   3   ]

Let’s do  a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

 

image.png.83cff0b3d102d3ed7e1781974c95aada.png

Then you can proceed to click on the blue button Quarantine selected.


In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply.

Sincerely.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Thanks.   That is excellent.  I do believe that this pc is way past the original issue where Edge browser got a scam / false tech support lure display.

I am listing below 2 other checks to run as follow up.   They will not take that much time.  The first one should be less than 15 minutes in total.

Just take your time.

[   1   ]

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Version 7.4 of Adwcleaner  detects factory Preinstalled applications too!

I  encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/.

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

 

[   2   ]

Keep going with this.

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Let me know how all this goes.

Sincerely,

Maurice

 

 

Share this post


Link to post
Share on other sites

The 2 scan logs are attached.  I have not "continued" with ESET yet, to permanently delete the files, I scanned through and there does not appear to be anything was found that if I need it and it is safe, I can't replace.

ESET-Deleted.txt AdwCleaner[C06].txt

Share this post


Link to post
Share on other sites

Thanks.   The report result from Adwcleaner is very good.

The ESET scan did find a number of P U P  ( potentially unwanted add-ons) and removed them.

I believe your system is now in good shape.   But you can run a different scan, for another opinion.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

 

Share this post


Link to post
Share on other sites

I ran the  Microsoft Safety Scanner as suggested.  The scan found the following:

image.png.5d0ff8a9aea6846b207ae880b716f350.png

The top 3 when clicked upon all recommend steps using Windows Defender.  Opening the Task Scheduler as described here:

https://support.microsoft.com/en-us/help/17464/windows-10-help-protect-my-device-with-windows-security#1TC=windows-10

then clicking Windows Defender does not show anything in the center panel. Upon checking further, searching for Windows Defender in my Start Menu and finding Windows Defender there, clicking I see Windows Defender scanning is off:

image.png.a7dd8e1e2abc2a73bd9ffaaa80b950a7.png

Should I turn it on?

When I continued with ESET, I was given an opportunity to allow ESET to periodically scan.  Is there any value in that? I didn't allow for now.

Thank you.

Share this post


Link to post
Share on other sites

Thanks for the info.   As to Windows Defender, you can turn on periodic scanning.

As to the ESET one, no, do not take that option.   The ESET tool was meant to be used only once or so.   Now that we are done,you should delete the ESET downloaded file named  "esetonlinescanner_enu.exe"

 

You may delete other files I had you download.

I do have a suggestion for Windows:   To get the latest available Build from Microsoft Windows Update.

I would suggest  to upgrade to the Windows 10 build 1903 ( or 1909 if available).  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

image.png.38a1544615b790441225310234612167.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

I turned on and started a full Windows Defender scan, it has been stuck here for about an hour.  Should I expect it to eventually continue on?

image.png.4e4891896e07d492cc481b2368ebb871.png

Share this post


Link to post
Share on other sites

If it does not progress in another 15 minutes,  then go ahead and Close it.

But also see about Closing other windows / programs that are open too.....so that there is a minimum of competition.

Also, see if you can move the mouse pointer around,  just to see if that will get the screen moving along.

Just allow 15 minutes for it to get moving.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Cancelled the current session, closed another app and ran again.

It found precisely what the other Microsoft tool found:

image.png.144a1b7890f1595a0e1f3d6b00380f43.png

I let it take action and remove, the result:

image.png.e31de3dbafb04a777001ff02a4c57540.png

So I appear to be clean now.  :)

Like I said, I bought Malwarebytes Premium when I began this thread.  What else should I be doing to keep my PCs clean?

Thank you for your help!

Jeff

 

Share this post


Link to post
Share on other sites

As suggested previously, first thing now, do the Windows Update run with an eye towards getting Windows 10 Build 1903  or later.

suggest  to upgrade to the Windows 10 build 1903 ( or 1909 if available).  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

image.png.38a1544615b790441225310234612167.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

Share this post


Link to post
Share on other sites

I am part way through the update, it seems to be a very major update, new functionality, new look, thank you for bringing it to my attention.

At this stage of the update, Microsoft Edge opened to the Microsoft start page with this temporary welcome back message at the top:

image.thumb.png.982542f084bcf8242aa789443e22dff6.png

There is a huge amount of great information here I would like to go back to and read more of or refer to in the future.  I would like to recall this temporary screen, how do I do that, do you know?  Item 2 I can get to via settings, and item 1 is tips which I can send the link to the open window to the task bar, but when I click the task bar, it opens a different set of tips, I don't see how to get back.  I assume item 3 carries me forward and the temp screen will be gone so I have not tried it yet.

I know this is clearly not Malwarebytes related, but wondered if you might know.

Thank you,

Jeff

 

Share this post


Link to post
Share on other sites

You should click each of the links on the Edge screen and bookmark each one.

There are a number of online resources that cover changes in Windows 10   Build 1903.

See  Windows 10 Features: Review general information about Windows 10 features.

I would also suggest having a look at some online resources

https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1903

 

You may review this Neowin video on Youtube       https://youtu.be/dJiB2cbdCLI

 

https://www.groovypost.com/howto/the-best-new-and-notable-features-in-windows-10-version-1903/

 

Now then, suggestion for EDGE browser.

I suggest you go to the online Microsoft Store and get a ad blocker for the EDGE browser.  For free.
Press the Windows-flag-key on keyboard
On the search box, type in
microsoft store

then look for the icon and link on result list and click on it.

When at the Microsoft Store  ( using the EDGE browser) in the search box, enter
ad block

Take a look at the list.   Consider getting Adblocker Ultimate.
That ought to be a real help in blocking mal-vertising while EDGE is used.

 

Share this post


Link to post
Share on other sites

Took a couple reboots I finished the update.  I presume I am on version 1903, though I didn't see where to check that straight away.

Awesome links regarding Microsoft Windows 10, I have book marked them (in Chrome, of course).

And for those rare occasion I must use Edge, I have the AdBlocker Ultimate installed.

I see AdBlocker Ultimate has an extension for Chrome, is it necessary?

Thank you.

Jeff

Share this post


Link to post
Share on other sites
Quote

I presume I am on version 1903, though I didn't see where to check that straight away.

Press Windows-key and hold, and the tap the R key so that you invoked the RUN option-box.   Then type in

WINVER

  and tap Enter-key.   That will show the Windows 10 version and the Build number.

.

Quote

I see AdBlocker Ultimate has an extension for Chrome, is it necessary?

You can pick that.   But best to get the Malwarebytes Browser Guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

.

Question:  Is there anything else that you need at this point?

Share this post


Link to post
Share on other sites

Confirmed 1903!

Already have Malwarebytes Browser Guard extension for Chrome.

Looks like your work is done, and done very well. Thank you.

Jeff

Share this post


Link to post
Share on other sites

That is great.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

,

All best wishes.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.