Jump to content

For REMT13


remy13
 Share

Recommended Posts

@remy13  

You cannot piggy back onto someone else's cas in malware removal help section.  This here is strictly One to One.

We will have to split off your post into its own topic.

You jumped directly into running on your own the MBAR anti-rootkit tool.   I would ask you to do 2 things.

One is to attach the log from this MBAR run  .....  find and attach ...find the log in the mbar folder as MBAR-log-<date and time>***.txt . Please attach that

[   2   ]

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support- 1.5.1.681.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

 

Link to post
Share on other sites

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

Link to post
Share on other sites

Again, please ONLY stick with this thread-topic here.

 

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST from the link below and save it to your desktop:


"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the Downloads folder.   Then open Windows Explorer  and go to the Downloads folder

Run report with FRST64

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

 

_Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.





The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

 

Edited by AdvancedSetup
updated links
Link to post
Share on other sites

Thanks for the FRST reports.

There are 20 or more Chrome tabs open  & a few EDGE browser tabs.   Close all web browsers.

I need for you to re-run the MBAR anti-rootkit tool.   The FRST seems to show that the same blocks preventing Malwarebytes & other security tools are still there.

 

Link to post
Share on other sites

Yes do a new scan.   I do not need a screen grab.   Just written description.

Doubleclick on the MBAR.exe file and allow it to run.

 

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

Link to post
Share on other sites

Thanks.

Next is another cleanup.  Close all web browsers & also any open work that you my have going on at this point.

I am sending a custom fix script to do some cleanups.

This custom script is for REMY13  only.

 

Please Close and save any open work files before you start this next step.  It may involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRST64.exe   tool    is already on the Downloads folder.

Start the Windows File Explorer and then, open the Downloads folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply.

 

Let me know how this goes.  We WILL  do other steps, later, as needed.

Cheers,

 

Fixlist.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks.  That is very good run.  It seems the blocks on running seucirty software have been cleaned out.

This is a Windows 10 system.  You should be able to use the Windows Defender antivirus.    There are several ways to use it.

I would like for you to try it as follows below.   The goal is to have Windows Defender check for virus, PUP, & anything mailicious.

 

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.


and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

 

On the next round, I will guide you to getting, installing & running a scan with Malwarebytes for Windows.

 

Link to post
Share on other sites

I take it that you are saying the scan with Windows Defender Offline did run & has completed.

If there was something tagged that needed to be dealt with, it should have done a prompt.  I notice all the green check marks.  It seems Windows 10 is giving the OK.

 

This is the way to look at the Windows Defender scan history.

 

Go to the Windows Start   menu.  Click on the Settings icon.

Now click on Update & Security.   Then click on Open Windows Security.

·  Click the Virus & threat protection tile     and then the Protection  history label  ( in blue color)

 

The Protection history will have a list of recent events.

Link to post
Share on other sites

Notice that Windows Defender has said

0 threats found.

The Windows Defender last scan found NO threats.

Go ahead and click the Install now on the Windows Update page.   Then follow all directions.   Have much patience.  Keep a watch on the update run.

 

,

Next get and install Malwarebytes for Windows.

See  Download and install Malwarebytes for Windows v3

 

Then next,  do a Threat scan with Malwarebytes

Manually Scan with Malwarebytes for Windows v3

 

If it tags something, be sure you tick-mark the item & let it remove the item.

Keep me advised.

Later on, when all done, I would like to see you get Windows 10 Build 1903   or later build from Microsoft Windows Update.

Edited by AdvancedSetup
updated links
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.