Jump to content

Flok

Flok
 Share

Recommended Posts

Flok

Flok

Posted
Posted

Hi dear Malwarebytes,

when i used malwarebytes for scanning my system, i got 11 results. After i have quarantined those files and restarted my system i got dark screen with only cmd on. i restored that files and restarted my system again, everything was back in "normal" with GUI on. Problematic files are in registry (bitcoin trojans) and my question is can i delete them without using malwarebytes? I am affraid if i do that, i will need to reinstal windows. I will submit here report from my malwarebytes scan. Please help me if u can.

Best regards

report.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello Flok and :welcome:

My screenname is Android8888 and my real name is Rui and will be glad to help you with your computer malware issues. Please feel free to ask questions if anything is unclear to you.

Please DO NOT RUN ANY additional scans or anti-malware tools on your own while you are being assisted in this topic.

I do not advise you to change the Windows Registry if you are inexperienced to do so. It may cause serious damages in your Operating System.

Please do this:

  • Open Malwarebytes.
  • Go to "Settings" (upper right corner wheel), "Security" tab, and ensure that Automatic quarantine button is turned On.
  • Now scroll down a bit until "Scan options" and ensure the Scan for rootkits button is turned On.
  • Close the "Settings" panel and click the Scan blue button to perform a new scan.
  • Once the scan is completed click on the View report button, then on Export and select Export to TXT.
  • Save the file as a Text file to your Desktop or other location you can find it.
  • Please attach that file in your next reply.

Next,
Please download the latest version of AdwCleaner by Malwarebytes and save the file to your computer Desktop.

  • Right-click on AdwCleaner.exe and select Run as Administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Agree to accept the EULA (End User License Agreement).
  • Click the Scan Now blue button and wait until the scan is complete.
  • Once the scan completes, make sure that every item listed in the different tabs is checked unless your want to keep the item(s) or suspect that it is a false positive.
  • NOTE: If you are in doubt about any of the identified malware entries detected, please do not proceed to the next "Clean" step. Just select Log Files on the left pane and double-click the AdwCleaner[Sxx].txt name, where xx is replaced by a number (the largest number is from the more recent log and is the one I need to see). Copy and paste the entire contents of the scan log into your next reply for my review.
  • IF you are satisfied that all of the checked entries are malware-related, click on the Quarantine button.
  • Now you may also be asked to Run Basic Repair or skip it. This is optional. I would suggest you skip it for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer.
  • Close all other open windows and allow it to restart.
  • After the restart, Notepad will open with the AdwCleaner cleaning log when logging in. The log can also be found at C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where xx is replaced by a number, the largest number is from the more recent log and is the one I need to see).
  • Please attach that log in your next reply.

Next,
Follow the instructions below to download and execute a scan on your system with Farbar Recovery Scan Tool (FRST), and provide the entire contents of its two logs in your next reply.

  • Download the right version of FRST for your operating system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop.
  • Right-click on the file and select Run as Administrator to open the tool.
  • Accept the disclaimer by clicking on Yes, and FRST will then search for updates which should take a few seconds.
  • Make sure the Addition.txt box is checked.
  • Click on the Scan button and wait. The tool will do a back-up of the Registry which should take a few seconds and then starts scanning your system.
  • When the scan is complete, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then it will open two Notepad files.
  • Please attach both FRST.txt and Addition.txt files in your next reply for my review.


To summarize, I will need to see these logs in your reply:
Malwarebytes log
AdwCleaner clean log
FRST.txt and Addition.txt

How is the computer running now?

Thank you.

Android8888

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi Alex, you're welcome.

I don't think I explained myself clearly in my previous post. When I advised you not to touch the Windows Registry I meant not to do it manually. Many users try to change the registry manually without being sure what they are doing and that is what can damage the Operating System.

Quarantine all the items of infection which Malwarebytes found it's completely safe and you should do it that way. The program "knows"what it is doing. Don't worry, we are here to help you.

But do not do that right now. Follow the instructions below in the order listed.

 

Firstly, please do this:

Warning: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system.

Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button and wait. When the fix is complete the system will ask for a reboot. Please do so.
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

Next,

Now it's the time to run a new scan with Malwarebytes and Quarantine all the items it find.

Then post its new log for my review.

 

 

Next,

Now let's perform a check with Microsoft Safety Scanner. This is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.
The download links and the how-to-run-the tool are at the following link at Microsoft.
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
 
I will need to see the scan results.
The log is named MSERT.log and it will be located in %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log.
Please attach that log to your next reply for my review.


To summarize, please attach:
Fixlog.txt
Malwarebytes quarantine log.
msert.log

How is the system running now? Are you still seeing the dark screen when restarting the computer?

 

Thank you

Android8888

fixlist.txt

Link to post
Share on other sites
Flok

Flok

Posted
  • Author
Posted

Hi Rui,

First I did was a fix with FRST as u told me. Then scan with Malwarebytes and it showed me 6 files. I put those 6 files in quarantine and rebooted computer. Everything was normal after rebooting and there wasn't dark screen, everything was ok. Next I run full scan with Microsoft Safety Scanner. All results are in the attachments. Can I delete now files from MB quarantine?

Fixlog.txt MBquarantinelog.txt msert.log

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi Alex,

 

4 hours ago, Flok said:

Can I delete now files from MB quarantine?

Yes you can. Please do it now.

However, the machine is still infected.

 

You will have to run a scan with the following tool. Read the instructions below carefully and run the scan.

Please download ESET Online Scanner and save it to your Desktop.

NOTICE:

  • Temporarily turn off your antivirus program while you are running this scan in order to avoid conflicts between them. If you don't disable it you may be warned by ESET to do so. See here how to do this.
  • Be aware that this a very thorough scan that can find and quarantine some applications/programs that although they may not be classified as malware are considered potential threats. Therefore, before you start this scan I suggest you also disconnect any external device drives (flashdrive, external disk, etc.) that you may have connected to the computer, unless you want to include them on this scan.
    • Right-click on esetonlinescanner.exe and select Run as Administrator.
    • When the tool opens, click Get started.
    • Click Yes to accept the UAC that may appear, then read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get started.
    • Select whether you would like to send anonymous data to ESET such as Customer Experience Improvement Program data and Detection feedback system data.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and quarantine potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time to finish.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your Desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. NOTE: Ensure the box Delete application data on closing is unchecked. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Please attach the log from ESET (eset.txt) to your next reply.


NOTE: If no threats were found it will not produce a log.

 

Let me see the ESET log (if it produced one) and wait for further instructions.

Thank you.

Android8888
(Rui)

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi @Flok    

To remove the FRST64 tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

You should delete msert.exe

Delete   esetonlinescanner.exe

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.