Infection or not, need help

[Positron]

I have had a printing problem for months, now my antivirus programs won't open. To get you up to speed:

Yesterday I performed my latest image restore; this time from 2017 because my printer did not work properly again, just a portion of page printed, and sometimes none. After the restore the printer worked for the afternoon and then failed again.

This morning I booted up and the printer works fine, but now my Antimalware premium program won't open. When I right click in the taskbar, all 4 protections are on. However, when I attempt to open the program, either from the task bar or double clicking on desktop, a box opens stating Malwarebytes has stopped working.

Either check online for a solution and close the program or just close the program. I just recently uninstalled CCleaner.

Do I have a virus/malware etc, or does my program need to be re loaded, or something else?

Help needed.

Pos

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

What options/functions did you use to clean the computer?
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the logs for my review.

Wait for further instructions
====

[Positron]

Thanks for your help Nasdaq, much appreciated. Attached are the two files requested.

pos

 

Addition.txt FRST.txt

[Positron]

1 hour ago, canvasinc said:

I noted on a previous post (another topic) that MBAM doesn't scan (layman's terms) data files in scans.  i.e. txt, doc, pdf etc - It only scans those with real time protection.  Does that mean it will only verify these are virus free if opened?  I'm having problems on a PC - brand new hard drives in RAID 1, clean Windows 10 install, all oem software installs.  The only thing ported over were my data files.  PC worked great for 10 days, now starting to have same random problems.  I'd like to be able to scan ALL files.  Is there a way to do that?

THanks!!

I am having similar, random problems. First, printing messes up (for months now), then I have all sorts of "restore" points I did not know I had, but  cannot used them (box pops up can't find them), then my Malware Antimalware acts up. I have downloaded AVG, Kaspersky, Defender and Antimalware and nothing found. This has been going on for months.

I am hoping Nasdaq can help my situation.

cheers

pos

[Positron]

I just developed another symptom. I ran Kapersky antivirus, nothing found.  I just closed Firefox and attempted to open it again and a box repeatedly

opens asking if I will allow it to make changes to XXXXX. I can't remember the rest. I rebooted awhile ago this afternoon and I could not open any programs I tried except one or two associated with windows. Right now I had to open IE 11 in order to get to this site.

Pos

[nasdaq]

Hi,

Did you set this PersistenRoute?
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,66.94.196.1,-1]
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Follow the instructions on this page.
Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/hc/en-us/articles/360039023473
===

Let's check the status of these services.

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
  
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
===

Please post the logs and let me know what problem persists.

[Positron]

I have no idea of what a "persistentRoute" is. No I did not make any changes. I printed out your post and will follow your instructions. I see that

66.94.196.1 IP address location is about 1/2 miles from me. Is someone hacking into my computer?

Also, I had to reboot my computer this evening, and low and behold when Windows opened,

my entire "downloads" folder was in my "recycle bin". In my bottom tray the "explorer" icon was also missing,  with a "recycle bin" icon in its place. Also my Malware Antimalware was not in the tray, and was closed.

cheers
pos

[Positron]

I cannot find and download the fixlist.txt file from your post. There is no link.

pos

 

[Positron]

I found some more information. Besides finding that the 66.94.196.1 on map located about 1/2 to 3/4 miles away at the end of a lane at a Caterpillar parts facility, I also performed a google and checked my computer IP address details, and found IPv4 Default Gateway of 66.94.196.1. How can this number be in two places at the same time?

I hope this info helps you.

Pos

[nasdaq]

Hi,

The IP 66.94.196.1 belongs to Family Video Movie Club
https://www.ip-tracker.org/locator/ip-lookup.php?ip=66.94.196.1

Can you relate to this?

How your this was created n the registry is unknow to me.

The PersistentRoutes subkey contains entries representing routes that permanently stored in the IP routing table. Unlike active routes, which are deleted when you shut down or restart Windows, permanent routes are stored in the registry and remain in the IP routing table until you remove them

.

===

This fix should remove it.

The Fixlist.txt is attached this time. Sorry.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

[Positron]

Thanks so much for your help Nasdaq. I am going to get started, but wanted you to know I have no connection to the family video movie club.

pos

[nasdaq]

Get rid of it.

Run the Fix.

[Positron]

Hi Nasdaq,

 

After running and obtaining Fixlog.txt, I could not get back on the internet to contact the forum. I called my server ITV-3 and they said that 66.94.196.1 belongs solely to me, the movie club was the owner of them sometime back, so the reason why the movie club came up. They gave me the same IP information as I had and you saw in the txt.

I then requested a completely different IP address etc, and was told they will be checking into my request.

I backed up with a System image backup after performing all the operations, including uninstall and new installation of Malware Anti-malware while it was pristine.

I performed the operations you listed and results in the following txts below.

I then redid the FRST to obtain new FRST.txt and Addition.txt just in case you desired such.

Everything seems to be working ok now. If I have any other problems, I will post again. In the  meantime, job well done

Nasdaq. Sure appreciate all your time and efforts.

pos

Fixlog.txt FSS.txt FRST.txt Addition.txt

[nasdaq]

Glad to see that all is well.

Stay safe.

 

[Positron]

One other bit of information. The other day, before the Malwarebytes fix, I booted up the computer and my entire "libraries" section was gone. I found it in

the recycle bin. Along with that another icon was in the place of the "libraries" icon.

But your fix seems to have things up and running. Will check in every once in a while with status.

Cheers and thanks again.

pos

 

[nasdaq]

Hi,

Were you able to restore you Libraries?

Can you give me the complete path were the Libraries were located.

[Positron]

I am sorry Nasdaq. Yes, I clicked restore and "libraries" came back to normal.

I restored "libraries" before repairing my computer with fixlist that you gave me. The fix went very smoothly.

Yes, all appears to be working fine now.

I mentioned all the problems to ITV-3 support, and I thought that my computer has been hacked for some time.

Anyway, no problems so far. All seems to be working well now.

Cheers and thanks for your time, and efforts, and patience Nasdaq. Much appreciated.

pos

 

 

 

[nasdaq]

Stay safe.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you