Jump to content

Quarantine List with Registry Keys

Avielex
 Share

Recommended Posts

Avielex

Avielex

Posted
Posted

Hello! I'm here after using Malwarebytes to manage some ransomware. As of typing this, it has stopped affecting my software and system after quarantining. (Scan log below)
first_scan.txt

However, trying to clear everything after the quarantining froze my laptop at the Restart screen, so I had to run a forced shutdown and reboot the laptop up. I then peeked into the list and saw some registry keys in there.

My question comes in here: Can someone help me with the list? The files and folders in the list are already pending for deleting (although I was appreciate some help in filtering the list), but I'm most concerned about the registry keys. Can someone tell me what function(s) they run in the system, and if I should restore them? Thank you!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @Avielex

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites
Avielex

Avielex

Posted
  • Author
Posted

Sent here are FRST logs and AdwCleaner logs. I'm only resending the first scan log form Malwarebytes because today's log contained no new detections.
(Should probably mention that some of the items from the scan log have since then been removed, like the DreamTrips files and folders)

Addition.txt FRST.txt AdwCleaner[C00].txt AdwCleaner[S00].txt first_scan.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please follow the directions from the following topic.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Then run a new scan with Malwarebytes and AdwCleaner and let me know if the detections are still being found.

Thank you

 

Link to post
Share on other sites
Avielex

Avielex

Posted
  • Author
Posted

There are no new detections on Malwarebytes, but AdwCleaner always detects my Lenovo app as a PUP. (This came along with the laptop's purchase, so I know this isn't as dangerous as it deems it to be.) But when I tried to open the app, it couldn't, and showed this message instead.

"Check the Windows Store for more info about Lenovo Vantage."

So I tried reinstalling, but I couldn't. Considering quarantining the software then restoring it.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

It may be a false positive but let me have you run the following please. I'll check back on you again tomorrow

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites
Avielex

Avielex

Posted
  • Author
Posted

All these are routine logs. (may_25.txt is a Malwarebytes log.)

Also experiencing an interesting thing about Malwarebytes apparently detecting malware upon its periodical scan (happens at each laptop bootup), then the result chart doesn't specify the type of detection nor included no file name. I checked the log and found nothing either.

Other than that, nothing new. But the false positive on Lenovo is still there. (Image 1)

I'm also sending AdwCleaner's quarantine list (Image 2) for a more detailed report, since I didn't notice these from my Malwarebyte quarantine (the Trojan Agent's full registry name is "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper")

 

false_positive.PNG

adw_quarantine.PNG

may_25.txt AdwCleaner[S04].txt FRST.txt Addition.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, I'm not so sure it's a real issue as it would also seem to provide service update for drivers from Lenovo. I would ignore and leave it alone. There is a link below that also has a link for the software but I'd find your specific model and use the link they provide.

https://support.lenovo.com/us/en/solutions/ht506070

The use of AdwCleaner on an ongoing basis should not really be needed. It is a tool used to help with some infections, not for normal operations.

 

Please try the following fix and see if that helps correct the issue or not.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites
Avielex

Avielex

Posted
  • Author
Posted

The computer's running well now.

I've yet to check any other stuff due to school work coming up, and even then, it might require opening a new topic instead (Windows Store isn't letting me install anything, but I haven't checked it again since the fix. I'll check if it's running well again soon). As for now, there are no issues at all.

Looks like my only tasks right now are to check Windows Store out and identify the cause to that freezing Restart screen when I try to clear the quarantine list...

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi @Avielex

Please go ahead and do a clean removal and reinstall of the Malwarebytes program. That will remove all entries and correct any possible corrupted upgrades from previous installs.

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

The following link should help if you are having an issue with any of the Windows Store apps.

https://support.microsoft.com/en-us/help/4027498/microsoft-store-fix-problems-with-apps

Please keep me posted

 

Link to post
Share on other sites
Avielex

Avielex

Posted
  • Author
Posted

Managed to uninstall and reinstall Malwarebytes. It's as if the quarantine never existed; I kinda feel free.

As for the Windows Store apps, I'm still trying to figure out the real problem. The Store itself is launching properly, but no new apps are coming in. I'm thinking either the app I wanted is unavailable in my country or my family settings are preventing me from installing. Will check.

If all else fails, I might be forced to open a new topic somewhere, or seek help somewhere else.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Not really sure. You'd need to be very specific even for Microsoft to help you. We ran the SFC and DISM programs that have fixed any issues with file corruption, validation.

If you're needing something more in the area of fixes you need to confirm for sure what the issue really is and let us know.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, thank you. I will go ahead then and close your topic since the computer has been cleaned up and Malwarebytes reinstalled and all appears to be working well at this time.

If you do decide you need further assistance please don't hesitate to start a new topic and request help.

Take care and stay safe out there and have a great weekend @Avielex

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.