A suspicious cumulation of errors, and a sudden (& puzzling) detection.

[Maurice Naggar]

Hi.

Quote

I think I found the specific setting [German equivalent seems “Zuletzt angesehene Seiten öffnen”]: one of 3 options that exclude each other. I had set it once to a specific starting page and thus the "continue where you left off" option was and is disabled.

Given your emphasis should I assume that this particular option makes for a security risk?

 

My advice is not to have a browser reload the previous session because of the case of when there is ( for example)  a malvertising or a browser hijack that locks the browser.

I always want my own browsers to start with a blank page.

 

Thanks for the Adwcleaner report.  That is a good run.   It cleaned up some history remains on Edge browser.

 

How is the system now ?

 

[lindenbyte]

On 4/27/2020 at 5:50 PM, Maurice Naggar said:

My advice is not to have a browser reload the previous session because of the case of when there is ( for example)  a malvertising or a browser hijack that locks the browser.

I always want my own browsers to start with a blank page.

I understand, makes sense!

On 4/27/2020 at 5:50 PM, Maurice Naggar said:

How is the system now ?

Until now the previously reported error to connect to websites was the last of puzzling events taking place on the machine.

Very much relieved that the system was so thoroughly checked and fixed (thank you so much!) and that no melcious software turned up all along the way.

Now, I am still puzzled by the nature of the “trojan log file” that Malwarebytes discovered but then didn’t raise a single red flag when uploaded to VirusTotal. Is there an approach (different from uploading to TotalVirus) that you can recommend to determine safely if the detected (and quarantined) file was actually detected wrongfully as such?! I understand that this has hardly a high priority, so I wont bother about it beyond this message.

Kind regards!

Daniel

[Maurice Naggar]

If you mean the NGLCLIENT_ACROBATDC112.0.LOG , Is there any version of it at this point in the Quarantine section?

Not sure what can be done with it.

[lindenbyte]

On 4/29/2020 at 10:54 PM, Maurice Naggar said:

If you mean the NGLCLIENT_ACROBATDC112.0.LOG , Is there any version of it at this point in the Quarantine section?

Yes, that’s the one! It is still sitting in quarantine.

From what I got from the VirusTotal results (https://www.virustotal.com/gui/file/04903c579e29d1352d77d545afeea52a0288e4af28877690871ed1470388f118/details) back then, it is a pure text file – the more I am puzzled that it could ever register as some kind of malware.

[Maurice Naggar]

We can consider that as a false positive.   I do not believe it is something that calls for alarm.

Your system is doing ok otherwise,   Right ?

[lindenbyte]

Okay then, thanks! And so far no further problems. And even an all-clear wirth regards to the start screen once described! It re-appeared two days ago, and from checking the text (as I said, last time I skipped it without reading) it appeared like a promt by Microsoft to push the use of additional services. I checked online and it is a known annoyance on Windows 10, so no indication for a failed initialization of the account as originally expected. It just appeared right at a time when I was extra-sensitive to stuff out of the norm on the system.

[Maurice Naggar]

Hello.

To remove the FRST64 tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

You may delete Autoruns.exe  & Autoruns.zip
You should delete esetonlinescanner_enu.exe
You may delete securitycheck.exe

Adwcleaner you may keep & use as needed / on-demand  to check for adwares.

 

I am glad to have helped.  Stay safe.

 

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

Sincerely.