kizzaint Posted November 6, 2019 ID:1343458 Share Posted November 6, 2019 I just built my new PC a few days ago and i went out of my way to buy all new components except my GPU which is second-hand. I scanned my system with malwarebytes and got a lot of adware and two Trojan bitcoin miners that are located in my registry. My problem is that after every scan i get the same malware so it seems that quarantine doesn't help. I tried locating them manually with RegEdit but i cant find anything. I watched a lot of videos on my issue and all of them suggest using Task manager and MSconfig (for startups) but there is nothing out of the ordinary. If anybody can help i i would be really grateful. Thanks in advance! -Strahinja I have provided pictures of my search history. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 8, 2019 ID:1343801 Share Posted November 8, 2019 Hi, My name is Maurice. I will be helping and guiding you, going forward on this case. Please follow my directions as we go along. Please do not do any changes on your own without first checking with me. If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible. Please only just attach all report files, etc that I ask for as we go along. As we go along, I want you to do all steps I list, do them all, keep going when I have more than one section. Do all and then when done, attach the reports. You can attach several reports into one reply. Please stay out of Regedit. Follow my guidance and we will get all this cleared away. It may take more than one run & it will take a few tools. Plus I really needed reports and not a screen shot. The registry entries are odd-ish & do not belong there. They will be cleared eventually. The 5 files are about adwares & those will be our first task. They also are associated into Chrome browser, which needs a cleanup. Do all of what I list below and keep going down the list. [ 1 ] Using Chrome I need you to go to https://www.google.com/settings/chrome/sync and sign into your account. Scroll down until you see the "reset sync" button and click on the button At the prompt click on "Ok".[ 2 ] To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. [ 3 ] Close the programs now opened with open windows ….. at least the ones not absolutely required at this point. Close your work ( if any going on ). I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. This will do a thorough scan & removal of adwares. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Version 7.4 of Adwcleaner detects factory Preinstalled applications too! I encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/. Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Thanks. Keep me advised. [ 4 ] Run a scan with Malwarebytes. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the SECURITY tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Click it to get it ON if it does not show a blue-color Now click the small X to get back to the main menu window. Click the SCAN button. Select a Threat Scan ( which should be the default). When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long. and again, be sure all detected items are removed. Let it remove what it has detected. [ 5 ] I would appreciate getting this following report. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support- 1.5.1.681.exe to run the report You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the ZIP file in your next reply. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 11, 2019 ID:1344378 Share Posted November 11, 2019 Hello. How is it going ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2019 ID:1345061 Share Posted November 14, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts