Jump to content

HKLM\Software\wow6432node\updater


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hello joghurtbubi and welcome to Malwarebytes,

Continue please:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

I want two fresh logs from FRST, before running rename FRST64.exe by adding the word English so you have EnglishFRST.exe...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thank you,

Kevin...
Link to post
Share on other sites

Hiya joghurtbubi,

Continue please:

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

Thank you,

Kevin.

Link to post
Share on other sites

29.05.2020 06:01:49
Files scanned: 773942
Detected files: 2
Cleaned files: 2
Total scan time 00:49:51
Scan status: Finished


C:\AdwCleaner\Quarantine\v1\20200527.094222\1\setup-updater.exe#0B9AC55B4D0AAF80    Win32/AllerUpdater.A potentially unwanted application    cleaned by deleting
C:\Users\Felix\Downloads\vlc-3.0.7.1-win64.exe    Win32/AllerUpdater.B potentially unwanted application,Win32/AllerUpdater.A potentially unwanted application    cleaned by deleting

 

 

Link to post
Share on other sites

Not sure what you mean, no admin permissions..? FRST log header quotes Jan is Administrator, is that you?

Farbar Recovery Scan Tool (FRST) (x64) version: 24-05-2020 01
carried out by Jan (administrator) on DESKTOP-D0OIR5C (27-05-2020 09:47:00)
Started from C \ Users \ Jan \ Downloads

Which organisation is running your PC, do you mean a hidden account has control..?

Edited by kevinf80
Link to post
Share on other sites

I am prettysure that a hidden account has controll. I am listed as an admin but do not have full controll over everything

grafik.png.6983aa9ef196651f45f61ea079483fbb.png

This is when i try to use windows defender. It says in english:

Your administrator has restricted access to some areas of this app. The resource you are trying to access is not available. Contact Helpdesk for more information.

Also stuff like data sharing and updates are managed by "an organisation" <--- not me



				

It says:

* Some settings are managed by your organization.
* Some of these settings are hidden or are managed by your organization.

 

Windows also has a Remote Desktop setting (prettymuch giving someone permanent acsess to use my pc) I am not able to change that setting. Also run by my organisation

grafik.png.e0fd19af9212d13159842355a35895ac.png

Says:

For developers
Some of these settings are hidden or are managed by your organization

grafik.png

grafik.png

Link to post
Share on other sites

14 minutes ago, joghurtbubi said:

I am prettysure that a hidden account has controll. I am listed as an admin but do not have full controll over everything

grafik.png.6983aa9ef196651f45f61ea079483fbb.png

This is when i try to use windows defender. It says in english:


Your administrator has restricted access to some areas of this app. The resource you are trying to access is not available. Contact Helpdesk for more information.

Also stuff like data sharing and updates are managed by "an organisation" <--- not me



It says:


* Some settings are managed by your organization.

* Some of these settings are hidden or are managed by your organization.


 

Windows also has a Remote Desktop setting (prettymuch giving someone permanent acsess to use my pc) I am not able to change that setting. Also run by my organisation

grafik.png.e0fd19af9212d13159842355a35895ac.png

Says:


For developers

Some of these settings are hidden or are managed by your organization

 

Link to post
Share on other sites

Check the settings for remote desktop to see if that option is active:

  • Open Control Panel.
  • Click on System and Security.
  • Click on System. ...
  • Click the Advanced system settings option from the left pane. ...
  • Click the Remote tab.
  • Under the "Remote Desktop" section, check the Allow remote connections to this computer option.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

RDJPG.JPG

Edited by kevinf80
Link to post
Share on other sites

Hello joghurtbubi,

I assume you checked to see if remote desktop was enabled..?

Continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.81, (build 5.81.16832.1)
Started On Sat Mar 14 00:20:38 2020

Engine: 1.1.16800.2
Signatures: 1.311.96.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sat Mar 14 00:23:06 2020


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.82, (build 5.82.17046.2)
Started On Wed May 13 18:15:07 2020

Engine: 1.1.16900.4
Signatures: 1.313.2734.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 18:18:08 2020


Return code: 0 (0x0)Fixlog.txt

 

Link to post
Share on other sites

Hello joghurtbubi,
 
Lets try an offline scan with Windows Defender, see if that will run...

Open the search function, type or copy/paste Windows Defender Security Center then select ok to open that option.

In the new window select Virus and Threat Protection then select Scan Options

The scan options window will open, from there select Windows Defender Offline Scan

You will be given the option to save any opened work etc, then select Scan from there when the scan completes Windows will reboot..

To check for found entries:

Select Start , and then select Settings > Update & Security > Windows Security > Virus & threat protection . On the Virus & threat protection screen select Protection history.

If entries are shown as "Found" the time and date will be same as the offline scan just completed.....
 
Thank you,
 
Kevin
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Hello joghurtbubi,

I want to have a look at two registry key settings:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.