Jump to content
kmaluk

We're doomed.

Recommended Posts

Hi!

I would need some help cleaning my notebook from malware and some viruses. 
I scan it every day until there are not more threads BUT every day they come back. 

My notebook is also running low in storage and all the files I delete are coming back from the trash, even thought it is deleted and cleaned every day. 

Can someone help me, pleaase?

Share this post


Link to post
Share on other sites

Hi, 

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.3.749.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

 

Share this post


Link to post
Share on other sites

Hello Maurice. Thank you very much for your help! I will try to answer you asap. It's a great thing you are doing here. 
 

 

Those are the results. 

I was scanning the notebook when I saw your message. WIll not move anything to quarantine or slt until I am allowed to. 😃

Here's my log. Thank you very much.

mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Hi.  Thank you for the support tool report.

The bulk of the issues appear to be related to the Chrome browser.  So let's begin with these first steps.

[   1   ]

Use the Chrome browser to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

 

[   2   ]

also for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

 

[  3   ]

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.

and again, be sure all detected items are removed.


Let it remove what it has detected.

 

Share this post


Link to post
Share on other sites

Hi Maurice! How are you today?

I took some time to scan over and over the notebook once I wasn't sure I checked all the itens at:

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.!"
I made several scans, gave it some time, scanned agind and there aren't infections anymore. I think. 

Is that it? =D

Share this post


Link to post
Share on other sites

Hello.   Doing fine thanks.   I hope you are having a good weekend.

I am very happy to know that the scans reported no malware.

 

Lets do a scan for adwares.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

Hi.  Weekend was very enjoyable.   Thanks.

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Share this post


Link to post
Share on other sites

Can you attach a copy of the ESET scan log ?   I would like to see it.

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Share this post


Link to post
Share on other sites

Thanks.   Yes, please do a new  run of the MSERT.exe

That would be super.   The last run apparently  3 or so items for cleanup.

Share this post


Link to post
Share on other sites

Thank you for the log.   This is the summary

Results Summary:
----------------
Found HackTool:MSIL/AutoKms, partially removed.
Found HackTool:Win32/AutoKMS, partially removed.
Found HackTool:Win32/Keygen, partially removed.
Found HackTool:Win32/Patcher, partially removed.

 

This machine seems to have the Windows Defender antivirus off.   It truly needs to be turned ON.  See the following how-to article on Tenforums   &  set Windows Defender to ON

https://www.tenforums.com/tutorials/5918-turn-off-windows-defender-antivirus-windows-10-a.html

 

[    2   ]

Once it is on then do a special scan,

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows, without having to create bootable media.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.


and let it scan the system.

Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

Share this post


Link to post
Share on other sites

The Windows Defender usually does not show on-screen detail after it finishes its run.

This is the way to look at the Windows Defender scan history.

 

Go to the Windows Start menu.  Click on the Settings icon.

Now click on Update & Security.   Then click on Open Windows Security.

·  Click the Virus & threat protection tile     and then the Protection  history label  ( in blue color)

The Protection history will have a list of recent events.

 

Also, tell me, How are things at this point?

Share this post


Link to post
Share on other sites

Hi Maurice. 

Things are great here! What about u?

Well, I did'nt try to delete anything yet. I am just cleaning up the notebook from all threats and not installing or doing anything else than working and watching some movies 😃

Is it time to try to delete some stuff?


😃

Share this post


Link to post
Share on other sites

I am not sure just what you mean  by  

Quote

Is it time to try to delete some stuff?

?

 

I have had you run the Windows Defender Offline scan

The Microsoft Safety Scanner

The ESET Online scanner

The Malwarebytes Adwcleaner

The Malwarebytes for Windows scan.

.

Windows comes with a built in applet for Disc cleanup.   It is called CLEANMGR

See this Microsoft article   https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup

Share this post


Link to post
Share on other sites

Hi Maurice. 

One of my problems when I posted here was the dispair of having to delete some files but not being able to, because they were all the time coming back from the trash, even without me doing any action to have them back.

I didn't try to delete any file since we began our work here. SO, that's why I asked you if there was time already to delete some stuff.
 

Share this post


Link to post
Share on other sites

Go ahead and empty the Recycle Bin.   Delete whatever else you need to.

I do not know of a actual infection currently on this machine.

 

If you were getting P U P thru any of the web browsers,  or even if not,   you should take measures to beef-up all your web browsers.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

[   2    ]

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

[   3   ]

If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser  

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.