Jump to content

Recommended Posts

So I unfortunately encountered a malware when I tried to download a game from unknown sources. It was the SAntivirus one and it even installed the SAntivirus Lite on my laptop. I detected it and uninstalled the app and after that even used malwarebytes to check for potential threats and quarantined the Trojans and PPUs detected. But my laptop is still slowing down to the point where it takes almost twice/thrice the time to open up application and boot. I would really like someone's help.

It you want I am ready to run scans and share the same here. I fear I might not have access to the scan result of when I removed the SAntivirus malware but I will have to check.

I am obliged to anyone who helps me 

Share this post


Link to post
Share on other sites

Hi,      :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
 
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.1.784.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.
Thank you,
Sincerely.
 

Share this post


Link to post
Share on other sites

Hi Maurice,

My first name is Revant so you can use that. I am having some kind of issues with loading up pages on chrome and Microsoft edge (on chrome I get the notification that the page has become unresponsive and on edge it is continuous waiting for response from page )

So if it's fine with you I'll try and download the program exe file on my phone and install it via my phone and  send you the log file via my phone ?

Or does that bring the potential malware in my phone too ?

Thanks for helping me. I greatly appreciate it

Share this post


Link to post
Share on other sites

Please do not do anything with the phone.

I am assuming your machine is a Windows pc.   If not so, Stop and let me know.

 

I would suggest, at this point,  that you just do a Windows Restart.   That is a good way to get things to normal.

Then you can run report on the Windows 10 machine.   I will help you to get things ship-shape.

Do as outline on this pinned topic  at the very top of this forum

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Share this post


Link to post
Share on other sites

Just to be clear. When you say run report on Windows 10 do you mean the system report by any chance 

Win key+R and then perfmon ?

Share this post


Link to post
Share on other sites

I just mean to do the Farbar  F R S T report  ( cited in the link)  on the Windows 10 machine.

Then reply back,  attaching the 2 report files   from the F R S T.

Share this post


Link to post
Share on other sites

Also do you want me to do the  malwarebyte support tool installation or should I wait ?

Share this post


Link to post
Share on other sites

Hold on for a few, please.   I will make another reply.

Share this post


Link to post
Share on other sites

Be sure that you had done a Windows Restart today.   just one, like I believe I mentioned in my 2nd reply  ( above).

I notice that Windows System  Restore service  is not on.   Please be sure that you turn it ON.

https://www.tenforums.com/tutorials/99782-enable-disable-system-restore-windows.html

 

[  2   ]

Next, I just would like that you do a Check for Updates run in the program Malwarebytes for Windows.

Start Malwarebytes.   Click the gear icon  ( Settings )  at the top right of screen.

Then look on the GENERAL tab.    Click the "Check for Updates" button.

Have patience & follow the prompts.

After that is done,  click the About tab.   Look there,  and tell me what COMPONENT package is shown.

I am looking for you to have  COMPONENT package 1.0.955

Having that will form the basis of a good, current, up to date program.

 

Should the pc continue to be slow when using a web browser,  I would suggest that you do this.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

Sincerely,

Share this post


Link to post
Share on other sites

So I enable the system restore service (it is ON) but I am unabel to update my malwarebytes software, I always run the check for updates and it will take a lot of time and return that it is unable to connect with the update network. My current version is 1.0.931.

I am not having any issues with internet on chrome as of now but should you wish I can run Adwcleaner just to be on safe side 

Share this post


Link to post
Share on other sites

I am now going offline for sometime and will be back in like 8-9 hours

Share this post


Link to post
Share on other sites

There are several things here.   I think my top concern is that there are multiple antivirus programs installed on this system.

Having multiple AV's  installed on a modern Windows just makes for a mess and a likely source of friction & potential deadlocks at the worst times.

As of the time you ran the FRST,  Windows indicates that Microsoft Windows Defender is the resident AV.

 

Here are the others  listed as installed.

Bitdefender Agent        Version: 24.0.1.169

McAfee Security Scan Plus 

McAfee AntiVirus Plus

Norton Security Scan 

 

I can see McAfee & BitDefender drivers loaded & running, which make for complications.

Assuming you want to continue with MS Windows Defender,  I suggest the next steps are to uninstall these other programs.

 

We need to do other things, later.   One of them being to do a clean-install of the Malwarebytes for Windows so that it is the very latest release and a clean install.

We can also run Adwcleaner later.

Share this post


Link to post
Share on other sites

Hi sorry for being offline for so long. I unfortunately totally forgot about this and hadn't accessed my laptop recently so..

I am actually facing a issue in uninstalling them from control panel as in the whole computer starts hanging when I try to uninstall. Is there a third party app I could use ?

Share this post


Link to post
Share on other sites

Okay I was able to uninstall those application after a restart. Is there any way I can confirm that they are uninstalled from the registry and driver as well ?

Share this post


Link to post
Share on other sites

Hi.  You have the FRST64 report tool on the Downloads folder.   You should run that  and I'll be gad to review.

Go to the Downloads folder.

Right-click on FRST64 icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

 

image.png.5d47975010636d1d032768cefa8d6625.png

 

 


The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Please do not do any further changes or runs on your own.  Do fill me in with a summary of the overall current siatuation.

Cheers.

Share this post


Link to post
Share on other sites
Posted (edited)

The MCAFEE still has remains left.   Please see this following MCAFEE article

https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS101331

 

Scroll down on the page.   Look for the red arrow  &  Method 2

click down on that arrow to see the details.

about using the MCPR    Mcafee Consumer Product Removal tool.

Download the MCPR,   save it,  then run it.   Follow the guide.

 

Thank you for the FRST reports.

Edited by AdvancedSetup
updated link

Share this post


Link to post
Share on other sites
Posted (edited)

Thanks for the reports.   There are 3 elements of McAfee to cleanout still.   This is a custom script cleanup.

This custom script is for  Revant  only / for this machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a  new  custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRST64.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg
 
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Please keep going down this next list.

[     2     ]

I also have these added suggestions,  all aimed to get things smoother on your system.

An added tip.   Just the other day, there was a new Component package,  1.0.955  , that was announced.

I highly recommend that you apply this Update.  It has fixes and enhancements.

Start Malwarebytes.   Then click the Settings  ( gear ) icon on the top right.

Look on the General tab,  Click on "Check for Updates".   Have patience;   follow the prompts.   If you do not see 1.0.955, then try at a later time, at the TOP of some hour.

To check on the Component number,  Click the About tab.

 

[  3   ]

 

 See to it that Malwarebytes for Windows is not registered with the Windows 10  Windows Security Center.   This will ease things up a bit & allow the Windows Defender to be able to do its tasks.   The system will still be protected bu the Real-time protections of Malwarebytes Premium.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with WindowsSecurityCenter Click theSecurity Tab. Scroll d.own to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

When done, close the window.

 

PS.  As an added note for you and I,  after all the above, we should have you run a new Scan with Malwarebytes for Windows.

Keep me advised.

Fixlist.txt

Edited by Maurice Naggar
added note

Share this post


Link to post
Share on other sites

So I did the steps 1 and 2 and am attaching the fixlog here but I had a doubt regarding the 3rd step. I am currently on the free premium trial and unfortunately wouldn't be buying the license. Should I still do it since once my free trial is over I won't be getting the real time protection from malwarebytes and would have to rely on windows for that ?

Fixlog.txt

Share this post


Link to post
Share on other sites

Yes, please do all that I had listed.   It does not make a difference if the program is in free trial or in Premium license.

That is to say,  do suggestion # 3.

.

Thanks for the Fixlog report.   Good run.

Please do a new Scan on this machine, using Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Have patience during the run.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.