Jump to content
Lios

Having problem with EpicNet Inc, Trojan.Agent, and PUP.Optional.Glupteba

Recommended Posts

Oh by the way I did the malwarebytes scan after the msert scan but it still found the 8 Riskware just fyi

Share this post


Link to post
Share on other sites

Oh you mean Malwarebytes scan run? I quarantined them just now, sorry it's midnight and i'm so tired now I become bit slow to catch on

Share this post


Link to post
Share on other sites

OK.   You indicate that you have had Malwarebytes quarantine what it had detected.

Keep me advised.

Share this post


Link to post
Share on other sites

Today did a scan with Malwarebytes again and it still detect the same 8 riskwares

Share this post


Link to post
Share on other sites

I regret to hear that news.   Lets get a fresh readout report.   You already have the support tool.

open your Downloads folder
    Double-click mb-support- 1.5.1.681.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 THanks.

Share this post


Link to post
Share on other sites

Thanks for the report file.  Let's take a bit of time and run a special scan tool.

Download ComboFix from here and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Be real sure you SAVE it first. Save it to the DESKTOP.

Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Attach that log in your next reply.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Thank you.

Share this post


Link to post
Share on other sites

It said

Current date is 2019-10-22. ComboFix has expired

Click 'Yes' to run in REDUCED FUNCTIONALITY mode

Click 'No' to exit

Share this post


Link to post
Share on other sites

You did just download that today, right.   Go ahead & re-run  and reply YES to let it go ahead and run.

Share this post


Link to post
Share on other sites

I replied it yes then nothing happened, the ComboFix is gone from the desktop when I look at C:\ComboFix it only have "NircmdB" with Application type

Share this post


Link to post
Share on other sites

I regret all that.  Lets just scratch using that tool.   When you get a moment, just delete the folder C:\ComboFix

 

This custom script is for LIOS  only.

Close and save any open work files before starting this procedure.  I am sending a new custom fix script to do some cleanups.

Please Delete the prior FIXLIST.txt  that I had you save on the Downloads folder.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply.

 

Let me know how this goes.

Fixlist.txt

Share this post


Link to post
Share on other sites

Thanks for the log.  It went quick because the script-fix was a short one.

2 folders were deleted

"C:\Users\Dell\AppData\Roaming\EpicNet Inc"

"C:\Users\Dell\AppData\Local\EpicNet Inc"

Share this post


Link to post
Share on other sites

Is there any other thing to do before I do a Malwarebytes scan?

Share this post


Link to post
Share on other sites

I'd suggest this scan.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Share this post


Link to post
Share on other sites

Hi.  Thanks for the report. The Safety scanner reports no viruses/ no malware.

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Wed Oct 23 18:12:46 2019

.

Some cleanups:

You should delete the ESET file I had you download, named "esetonlinescanner_enu.exe"

You may delete Fixlist.txt  & Fixlog.txt

.

I have a few additional tips for you to apply to help prevent adwares.   This does not take much time.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[  2   ]

I recommend having the Malwarebytes Browser Guard extension on Chrome & on Firefox browser.   It is free.  It really helps to prevent hijacks & mal-vertising ads.

 

I suggest you install the Malwarebytes Browser guard on to Chrome browser.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

To get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser  

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

 

 

Share this post


Link to post
Share on other sites

Malwarebytes scan still detect same 8 Riskwares, I don't know anymore

Share this post


Link to post
Share on other sites

I regret hearing that.

In the case of their being a scan run that has tagged items, you have to attach a copy of that Scan log.    Attach the Malwarebytes report. Please do so.

It seems something is re-generating  the Epic Net folder we have cleaned out twice before.

I also would like for you to run 2 other report tools.

[  A   ]

I would like for you to run

RSIT (Random's System Information Tool)
Please download RSITx64 by random/random... save it to your desktop.

  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

.


[  B  ]

I would like to have you run another different report tool, so I can review.

Please download and Save this next tool to the DESKTOP ( if possible) or else to the Downloads folder ( so you can get to it easily).
Please note that the results of the following scans are not necessarily indicative of malware on your computer.

RogueKiller Scan

  •  
  • Save the file first,
  • Close any running programs that you started on your own ( if any).

Double-click  RogueKillerx64.exe to run the program.
Follow the prompts. If a browser window opens, close the window.

In the HOME tab, click Start Scan.
Upon completion, a browser window may open. Close this window.
 

Important: Please do not have RogueKiller remove any detected items.

Click the HISTORY tab followed by Scan Reports.
Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
Please attach the file in your next reply.

 


Thank you.

Share this post


Link to post
Share on other sites

In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time  for today.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your email.
Thank you.

Share this post


Link to post
Share on other sites

Thanks I got the last report.    Please do not post your email address in here.   I have hidden the last post.

I am reviewing all the reports.   Will get back with you on this thread.

Share this post


Link to post
Share on other sites

You said to attach it with me email though, anyway I'm going to sleep

Share this post


Link to post
Share on other sites

Very sorry.   That should have read with "your next reply".  

I regret all the trouble here.  It seems there is a pesky pest still re-generating.   Though I do note that Malwarebytes does keep removing it to quarantine.

Hopefully this next script will do a good cure.

 

This custom script is for LIOS  only.

Close and save any open work files before starting this procedure.  I am sending a new custom fix script to do some cleanups.

Please Delete the prior FIXLIST.txt  that I had you save on the Downloads folder.    ( one more time )

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply.

 

Let me know how this goes.

 

Fixlist.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.