Jump to content

Recommended Posts

Hello.

I fell for something today and got a bit screwed, I've had my PC crash twice and I'm a bit worried because Malwarebytes hasn't found anything and something else fishy is up.
When the first crash occurred there was like this womans photo plastered on the "crashed" screen, never seen that photo in my life lmao.
If you look at my screenshot, when I open the program, it shows that everything is enabled but my taskbar shows the ! sign and shows that protection is not enabled - very odd. First time this has happened too. I uhh.. uninstalled the frowned upon executables.

Any help would be nice, thank you for your time.

hmm.png

scan.txt Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
    
        Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.1.784.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next

Now click the left-hand side pane "I do not have an open support ticket"


    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.


    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

Sincerely.

 

Share this post


Link to post
Share on other sites

Hello John.

Thanks for the support tool report.  There have been a very high number of  I P  block events when Qbittorrent was in use.

Please be sure to Close out of Qbittorrent  and, also,  stop using it for the duration of this case.

I would like to see if the Block events drop off or go away.

.

The Windows notification tray icon display appears to be not reflecting the true status.   If needed, as a measure of last resort, we may do a Malwarebytes clean re-install   ( if really needed).

But for now, lets do a standard Scan.

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.

Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".

You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

 

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actualy click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

 

Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Share this post


Link to post
Share on other sites

These are the exact settings I ran the scan on already. It'd be pointless to run it the exact same way again, it took 90 minutes to scan. I attached the scan in my original post.

Share this post


Link to post
Share on other sites

About Qbitorrent, it's not on my PC. I read the post about what you need to do before posting here and it said that all of these kinds of things have to be gone so I had it eradicated.

If absolutely necessary, I'll run the scan AGAIN and post it tomorrow morning as it's getting late here.

Share this post


Link to post
Share on other sites

It's important to mention, I ran a quick scan before the long one and it did find 4 things which I quarantined. But I got the 2nd crash after this event, which lead me to believe that there's still something hidden on the PC.

Here is the scan before the one I linked in the original post.

123.txt

Share this post


Link to post
Share on other sites

You did not provide any detail on just what the "crash" was.

Also, the Malwarebytes scan I  wrote & suggested you run usually averages something less than 10 or 15 minutes.

In your case, on this machine,  it averages less than 2 minutes.

.

The report you submitted showed it found & removed PUP.Optional.ByteFence

Bytefence is a fake 'program'.   A rogue / pretend / scam.

.

The previous ( last scan) with Malwarebytes   on   "2020-05-20T16:09:24Z",

found 2 exe files that were tagged as  Malware.Malformed.3  & Malware.Malformed.6

E:\PROGRAM FILES\COMPILER\AHK2EXE.EXE

E:\PROGRAM FILES\IP HIDER PRO\IPHIDERPRO.EXE.

.

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. 
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next"

.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

The "crash" was, imagine the screen looking broken. Different patterns and colors - like someone punched a LCD screen. And then I had to restart the PC. But ontop of that, the first crash had the bottom half of the screen with that photo in a tile pattern, it was like black and white with 70% transparency, honestly it looked like a god damn ghost possessed the PC!

I have always been careful and had pride that I've never gotten something that truly put my PC at risk or caused any real issues, I've been good for +10 years, it blows my mind that this has happened today. Always installed via custom/advanced too.

I will now run Malwarebytes ADWCLEANER and report back to you.

Share this post


Link to post
Share on other sites

As far as the odd screen display on your monitor,  can only just guess.  Perhaps a power glitch.

The Adwcleaner cleaned up elements of adwares.

This last Malwarebytes scan is excellent.

.

As far as malware.malformed see the Malwarebytes Labs Threat Center   https://blog.malwarebytes.com/detections/malware-malformed/

.

I would suggest you keep going, checking this system,  with what follows below.

[     1    ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log
Please attach that log with your reply.

 

NEXT   [      2      ]

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Share this post


Link to post
Share on other sites

Nothing really noteworthy was found, fortunately or unfortunately.

This does make me wonder though, how come Malwarebytes isn't flagging these things, how come we're using different software for the scans, just to be thorough I assume?

msert.log ESET scan.txt

Share this post


Link to post
Share on other sites
Posted (edited)

MS Safety Scanner found nothing.   

ESET scan  found a number of potentially unwanted application    ( mainly torrent type) 

For your benefit,  we here on this help-forum use several security tools to insure that we detect malware,  adware,  & P U P  & other potential threats.

.

Lets take a few minutes to beef up the web browsers on this PC.   Especially since this is running on Windows 7.

Google Chrome browser is the toughest to keep clean.   If you have to use it, insure that it is the latest Version , as of this stardate, 83.0.4103.61

Use the Chrome options icon & select Help   & then About Google Chrome.

If you cannot do a update that way, you may download a new setup file from Google and do a update over-the top.

.

All the steps below are intended to strengthen the system by beefing up security on the web browsers.

   

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.  

Scroll down to the tips section "How do I disable them".  

[     2      ]

If you use the Google Chrome browser,  I suggest you install the Malwarebytes Browser guard for Chrome.  

To get & install the Malwarebytes Browser Guard extension for Chrome,  

   

Open this link in your Chrome   browser:  

   

Then proceed with the setup.  

 .

Also if you use Chrome, consider having the extension for ScriptSafe

ScriptSafe for Chrome & Chromium-based browsers
https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US

   

[     3   ]

If you use Mozilla Firefox,  get & install the Malwarebytes Browser Guard  Firefox extension.  

Open this link in your Firefox browser:     

Then proceed with the setup.  

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down. 

. 

[   4   ]

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  
and save the tool on the desktop.

 

If Windows's  SmartScreen block that with a message-window, then
Click on the MORE INFO spot and over-ride that and allow it to proceed.

 

This tool is safe.   Smartscreen is overly sensitive.
Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

NOTE:  We can run some additional scans later.   Also keep in mind that the Windows 7 Operating System is now well out of support at Microsoft.   They are not making new security patches.

That makes this O S exposed to potential exploitation.

Windows 7 systems can be upgraded for free to Windows 10 which is a lot more secure & more to the point, actively supported at Microsoft.

If you are inclined, I can guide you later to upgrading to Windows 10.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

I use NoScript and uBlock for Firefox, 99.99% of the time I use Firefox, Chrome has only been a backup of sorts.
Well aware of the fact that Win7 lost support this year too, I intend on updating but trying to push it as long as I can, I really like 7 over 10.

I am a little confused about updates on software like VLC media player, 7-zip, Gimp etc. with Win7 not being supported, is it a better idea to not download anything new or it's absolutely necessary to update everything as soon as possible?


 

SecurityCheck.txt

Share this post


Link to post
Share on other sites

Get updates for the utilities as long as they are supported on your current O.S.  

Check the support site for each software-maker to verify their support status.    ( I personally do not know about support level for VLC media, Gimp, 7-zip)

( and I do not recall hearing or reading that 7-zip had issues with Windows 7 )

.

These are some of the notations within the SecurityCheck report

Adobe Shockwave Player 12.2 v.12.2.4.194 Warning! This software is no longer supported. Please uninstall it.

 

Skype version 8.58 v.8.58 Warning! Download Update

Foxit Reader v.9.0.0.29935 Warning! Download Update

 

Share this post


Link to post
Share on other sites

That shows a strong warning about Radmin Viewer 3.5 v.3.50.0000

Their advice is to uninstall it.

The Google Chrome is out of date.

.

Today, have there been any Block notice messages from the Malwarebytes ?   if there have been,  I would like  to see the detail from the history logs.

    1. Open Malwarebytes for Windows > click the Detection History card.
    2. Click the History tab.
    3. Under the Event column, open the Real-Time Protection detection report.
 

Share this post


Link to post
Share on other sites

No block notice messages from today.

So, I gotta ask for some peace of mind. The results so far have been fairly good and I don't really have anything to stress about, right?

Share this post


Link to post
Share on other sites

Yes, that is right.

Just wondering about the current display in the Taskbar notification icon for Malwarebytes  .....Is the red dot or red triangle  gone ?

Share this post


Link to post
Share on other sites

You indicate that the Malwarebytes for Windows status is good.

You have done scans with Malwarebytes for Windows, and, Microsoft Safety Scanner, and the ESET Online scanner.  I had you run SecurityCheck.

We can wrap this up.   To do some tool cleanups:

To remove the FRST64 tool & its work files, do this.  Go to your Desktop.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

You may delete mb-support-1.x.x.7xx.exe   on the Downloads folder.

Delete  mbst-grab-results.zip  on the Desktop

To remove the FRST tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete SecurityCheck.exe

Delete the eset download file  esetonlinescanner_enu.exe

Delete msert.exe

Adwcleaner you may keep and run on-demand, as needed.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Keep in mind that you can still Upgrade for free to Windows 10 from Microsoft.    That would get this machine onto a more modern and more secure Operating System,  At zero cost.

Ed Bott at ZDNet has a excellent resource article   from May 2020

https://www.zdnet.com/article/hands-on-with-windows-10-upgrading-installing-and-activating-in-the-real-world/

 

Stay safe.  I wish you all the best.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.