Jump to content

Recommended Posts

Salutations. (I have no idea how to begin a forum.) I've had Idle Buddy for a bit and it hasn't really bothered me until now. Lately, my processor is getting slower and all of my programs end up not responding for a while. Windows Defender can detect it, neither can MalwareBytes Free. Right now I'm on the MalwareBytes Premium Trial but it can't detect it either. I've been reading past forums and I've seen this being addressed. I've followed the steps directed but I've run into a few problems (Well, really only one.)

1. When I follow the steps, it says to fix. But when I do, it says I'm missing a "fix" list. I know what it is, but I can't access it. Whenever I click the link to it, it just says I do not have sufficient permission to view this file / the person viewing doesn't have permission. Please help. ╯︿╰

 

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Wait for further instructions
====


 

Share this post


Link to post
Share on other sites

Hi,

Sorry but the Farbar program must be executed by in an Administrator account.

Do so and post attach fresh logs for my review.

Share this post


Link to post
Share on other sites

Hi,

 Your logs are clean.

You may already have seen and executed the instructions on this page
https://answers.microsoft.com/en-us/windows/forum/all/uninstall-idle-buddy/a5f86d5e-7e7f-42c8-a272-0c1a1eaed014

Make sure you have acted on Item 1 and 2.
====

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.

 

If other Browsers are Synced and are compromised let me know and I will give you the instructions to reset it.
===========

If the problem is not solved continue/

Let's see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Idle Buddy
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Also, the past instructions said to use DelFix to delete the disinfection tools, but they don't have it anymore. They use KrPm. Will that effect how I deal with the infection?

The tool if from the same Author. It's safe.
 
Please download KpRm by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator.

Put a check mark next to these items:
- Delete tools
- Delete now

Click the "Run" button.
https://github.com/KernelPan1k/KpRm/raw/master/screenshots/automatic.png

p.s.
Do not use the other options unless guided by a qualified helper.

Share this post


Link to post
Share on other sites

I followed both instructions, and I can see IdleBuddy on my computer, named as Ingenering Group Project Inc. When I try to remove via Control Panel, it doesn't work. I also looked through all the plug-ins and whatnot, but it's still not there. I can verify it's on my computer though. FRST doesn't seem to be able to scan it though. Am I doing something wrong? Also, when I use KrPM, FRST is not going away.

Capture.JPG

SearchReg.txt

Share this post


Link to post
Share on other sites

Hi,

Also, when I use KrPM, FRST is not going away.

KrPM is only removing the tools that we used.

FRST will only delete what we see is your log using a Fixlist.
===


and I can see IdleBuddy on my computer, named as Ingenering Group Project Inc. When I try to remove via Control Panel,

If the program was removed by deleting the folder and file you will only be able to remove the Registry Entry this way.

How to Manually Remove Programs from the Add Remove Programs List
https://www.bleepingcomputer.com/tutorials/manually-remove-programs-from-add-remove-programs/
Restart the computer when done.

Any luck?

Share this post


Link to post
Share on other sites

Hi. Below I have attached the .txt file. If my PC is not infected, I'm sorry for wasting your time, and I have a few more questions.

  1. In the FRST log, it said that my Windows Defender scans were never completed, stating this multiple times, as well as saying a security update was never fully installed. Should I be worried about that?
  2. Are there any other ways to see if I'm infected?
  3. If it's not an infection, what could be slowing down my processes? 

Thank you for your help.

InstallList.txt

Share this post


Link to post
Share on other sites

Hi,

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
  
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

If the surfing is slow execute these instructions. It may help.
Malwarebytes for Windows antivirus exclusions list
https://support.malwarebytes.com/hc/en-us/articles/360038522974

p.s.
Were you able to delete the Ingenering Group Project Inc entry?
I do not see it on the list. It may have been hidden.

===

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 14-12-2019
Ran by jbjha (administrator) on 24-03-2020 at 16:29:25
Running from "C:\Users\JohanPark\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

And the other one

Farbar Service Scanner Version: 14-12-2019
Ran by jbjha (administrator) on 24-03-2020 at 16:29:25
Running from "C:\Users\JohanPark\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
 

Share this post


Link to post
Share on other sites

Hi, I hope this works.

Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.


step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://www.google.com/search?q=chrome+export+password&oq=chrome+export+password&aqs=chrome..69i57j69i60l2.7991j0j7&sourceid=chrome&ie=UTF-8

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>
 

How is it now?

Share this post


Link to post
Share on other sites

Hi. First off, don't answer that question. Second, I uninstalled and reinstalled Google Chrome, but it still looks the same. I don't sync Chrome and I followed all the steps, but um, when I reinstalled, it looked exactly the same before I had it uninstalled. Did I do something wrong?

Share this post


Link to post
Share on other sites

Do you have any issues with Chrome?

If not then it should be good.

p.s.

Reinstalling it has reset the Chrome Preferences to default.

It's all done internally.

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.