Jump to content

WinSAT.exe virus?

Yankirekou
 Share

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

This system appears to be running Windows 10,  plus it looks like the Windows Defender is the one doing the complaining.   Apparently about WinSAT.exe

One question is,  Does this Windows 10 has on the Controlled Folder  Access option.

Can you for the time being,  turn off  Controlled Folder  Access

See this guide  & just please set it to OFF

https://www.tenforums.com/tutorials/113380-enable-disable-controlled-folder-access-windows-10-a.html

 

Do you have Malwarebytes for Windows on this computer ?    Please use it to do a Scan

Please do a new Scan on this machine, using Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Have patience during the run.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Added note:   Windows system does have a legitimate app called Windows System Assessment Tool (WinSAT)

If that is what Windows Defender was complaining about, it is a false positive,   and more likely the fact of having Controlled Folder  Access ON is what is keeping WinSAT from running.

I have to ask if you tried to run that ?

 

I can help you here on just Windows pc  and I can help you to check the machine by running some scans.

I cannot help you on the Android device.   There is a different area of the forum for Android.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Thank you for the Malwarebytes scan report.   That is an excellent report.  No malware  and no P U P.  I noticed that this was a Custom scan.  That is very fine.

 

I am aware that English is not your everyday language.  You can use a online translator, as needed, like Google Translate   https://translate.google.com/

Please know, I am not understanding what you mean by   

Quote

I guess that has a person spying all the content of this steps into this topic

 

I would appreciate  getting some key details from this machine.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.4.760.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

Sincerely.

Edited by Maurice Naggar
Link to post
Share on other sites
Yankirekou

Yankirekou

Posted
  • Author
Posted
29 minutes ago, Maurice Naggar said:
Quote

I guess that has a person spying all the content of this steps into this topic

 

I said that the person who hacked me was seeing the whole process that we were doing, and asked if that would hinder the process.

However, shortly after the scan was completed, the computer underwent several changes that made it inoperable. I believe that hacking is trying to hinder the process

so I was forced to format the computer once more to continue the processes.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Logs error  :  I had a problem during the logging process, I believe to be a false positive accused of ransomware

 

mbst-grab-results.zip

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You say that you have "formatted" the computer.   I take that to mean that you forced a new install of Windows 10  and had it keep no files whatsoever.

I see that the pc nw is running on the latest Windows 10 Build 1909.

 

Let me suggest a few other scans to check the system.

[   1   ]

 

Windows 10 has the Microsoft Windows Defender which can run the Windows Defender Offline scan.
Windows Defender Offline in Windows 10 can be run directly from within Windows.


Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

next click on the blue Scan options

Look down the options list.  Tick on Windows Defender Offline scan.   Then click the grey "Scan now" button.

                                            
and let it scan the system.

When it reboots the system, please just login with your regular login-account.

Have patience during the scan run.



Keep in mind that the design and what is scanned by Windows Defender is a whole different design from Malwarebytes. But do let me know how this scan goes and what the result is.

[    2    ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

Link to post
Share on other sites
Yankirekou

Yankirekou

Posted
  • Author
Posted
4 hours ago, Maurice Naggar said:

Please attach that log with your reply.

 

done.

is there any possibility that the virus is in the modem? because even after formatting it in a few days it comes back and starts to wiggle on the windows security systems until it is fully installed.

 

So far all the processes I've tried have been: format all devices at the same time, change the modem and format HD with nuke

Thank you very much for the support😘

msert.log

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks for the log file.   Excellent report result.     Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Mar 07 22:23:53 2020

 

Lets be sure that you do not slide into paranoid tendency.

You mentioned the term modem.   Is that what it is ?  or does your internet connection use a broadband router ?

I seriously doubt that the "modem" is infected.   But you can check the hardware manufacturer's  support website for that specific model.

And then follow their procedure for resetting the modem.

Link to post
Share on other sites
Yankirekou

Yankirekou

Posted
  • Author
Posted
41 minutes ago, Maurice Naggar said:

Thanks for the log file.   Excellent report result.     Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Mar 07 22:23:53 2020

 

Lets be sure that you do not slide into paranoid tendency.

You mentioned the term modem.   Is that what it is ?  or does your internet connection use a broadband router ?

I seriously doubt that the "modem" is infected.   But you can check the hardware manufacturer's  support website for that specific model.

And then follow their procedure for resetting the modem.

Maybe it's paranoia, but like the things that have been noted: the Windows icons are changed without updating, the strange Gmail logins that are not from my computer or from my family members, the phone messages are made by my unused phone by me,etc... 

icons : it always comes with a white design and changes after windows defender is turned off, even without an update by windows update or me.

 

regarding the modem, I heard that there are viruses that use dns to spread, and that persist even after formatting (worm)

mail.png

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

As to the hardware modem,  Here is what I suggest.

Unplug the modem from the power.   Wait about one minute .   Then plug the power cord back in to the hardware.

Look around the modem housing for a reset button.   Press that in.

As I said before, check with manufacturer support site for more specifics  about your specific model.  The housing should have the manufacturer & Model number on it.

Your manufacturer support site will likely also have some sample images to help you.

.

You may also see this article on how to reset and check the hardware.

https://lifehacker.com/how-to-make-your-wifi-router-as-secure-as-possible-1827695547

Further to that, I can recommend one specific forum that specializes on  modems / routers / communications hardware,  That is DSLReports.

https://www.dslreports.com/forums/all

.

You may if you feel like it you can check out a hardware oriented resource  ( other than DSLReports)   

that is https://www.bleepingcomputer.com/forums/f/138/external-hardware/

That is all my advice on modems / routers.

I have no other advice, other than to say, some people guess or make unproven suspicions that their modem has been "owned".

But none of those have been for real.   So honestly and frankly,  this above is the last of my addressing any modem topic on this case.

.

I would remind you that this section is ( a ) for WINDOWS   & (b)  more specifically, Windows malware help.

At this point, there has been  no malware reported by a known security program.

I can have you run a few more tests to check for malware.

 

BUT this thing with the icon cache can happen on a system that has no malware.  It perhaps may be that the icon cache has been deleted or even has a glitch,

AND as to the other quirks you are mentioning,  those may be due to how you rebuilt Windows.

It perhaps may be the time for you to consider doing a new real actual wipe of the whole system  and have Windows keep NONE of the programs & NONE of your documents, files, etc

 

! )  Do you have a backup of your personal files, documents, personal data, pictures, etc ? ?

2 )  List for me just exactly how & what steps you used to re-install Windows.

 

 

Link to post
Share on other sites
Yankirekou

Yankirekou

Posted
  • Author
Posted

1 - I have no backup, I am trying to delete everything and start from scratch as if I had bought the computer.

2-  I use a USB stick that I have here with Windows 10 OS (I don't know if it has a virus). and immediately after restarting the pc in installation mode, I delete all partitions and their files from the HD and SSD in order to leave both without files, despite having 2 partitions that when formatted are never 100% free of files, something in between 40 mb. after that I choose the w10 to be installed on the sdd, and use the formatted hd to install my programs and games.

 

Additional question: regarding modem problems, I will change my internet to an optical fiber one this week, so I will change internet operator and consequently modem, would this possibly solve the problem over "modem" that you mentioned?

 

Thank you for help

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Having a new modem /router from your service provider would relieve your anxiety level.

Remember, I did not say that there is a actual issue with your current modem.   It is you who is assuming something about the hardware.

 

Just by the way, Backup is your best friend.  Do regular backups of your system on a regular basis.

If you do not have external backup media now, get some right away.   Also in addition,  get a 8 GB  USB flash drive to use for the Media Creation tool  ( see below).

 

There is a very good way to do a clean & new  ( and keeping NO programs or files ) way to do that.

It is using the Microsoft Media creation tool.   You will need a USB-thumb-flash drive of 8 GB.   That USB you will setup the Media Creation tool on  & it will have the real Windows 10 from Microsoft.

Just go slow  / go careful / take your time / no rush.

 

There is a good guide at Tenforums

https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

 

The intended section to follow is section 6    which is titled To do a repair install of Windows 10 with Media Creation Tool

Study that real well.   Follow that section 6 real close.

The object at this time is to rebuild Windows 10  as new    AND  "to keep  NO personal files or  apps"

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi.   I am going to list here tips on staying safer and other best practices.

The first best practice of computer safety is to have backups of the system.  Make regular periodic backups to offline removable media.

Backup is your best friend.

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.