Jump to content

Recommended Posts

Hello. Im a first time poster, but long time user of malwarebytes. I recently noticed that some of my services under the taskbar have 2 of them running at same time, but the second one has a odd number after it. Is this normal or do i have a virus?

Here is a example what is found in services:

Orange

Orange_f2145b

 

So is this normal or am i infected? I ran malwarebytes and it found nothing. I also ran my virus scanner and it found nothing. I even ran windows security scanner and it found nothing, even in offline mode. Please help me.

 

Link to post
Share on other sites

More Information: I am running Windows 10 64 bit version. I have updated the malwarebytes and windows security intelligence to their newest ones. I also noticed another thing that happened. I was using McAfee Webadvisor, but after awhile, it greyed out and no longer seemed to work. I unpined it from extensions on my google chrome, and now it does not show up in my extensions. When i try to reinstall it, it says i have the latest version. Im guessing whatever is going on is somehow blocking this too. I have tried to contact McAfee support for this, but im literaly waiting on their website for a hour. It says wait 1 minute for support in chat, but no one has helped me on there yet. That is also why i am asking on here. Please help me.

Link to post
Share on other sites

  • Root Admin

Hello @Druidboy and :welcome:

One cannot go by name alone.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

I am using the most current version of Malwarebytes, using premium free trial. There is a issue with Malware and PUP protection. It does not seem to be turning on. Not sure what is causing this. I also have McAfee on this pc also. I think though that my McAfee virus scanner has been compromised. Weird things also have been acting on my pc also. For example, my windows defender switched automatically over to malwarebytes for protection for some reason. Also, it looks like some of my web protection was uninstalled yet i did not do it. I reinstalled it and it restarted my firewall. Because of these issues, it is taken awhile to get the log files and actually reconnect to the internet. I actually had to disconnect very fast when i found my firewalls for some reason got turned off. As mentioned above, something turned it off. I will provide what text files for items when i can. I am now going to restart the pc to put the Farbar log on here. I am doing it right now. Next post will include the log from the step 3. Thank you for helping me and thank you very much for reading.

scan from malwarebytes.txt AdwCleaner[C00].txt

Link to post
Share on other sites

FRSTismalware.txtOk, i disabled McAfee and ran FRST. Just to let you know, first off, malwarebytes is still not letting me load the malware protection. IT seems like it is being turned off on purpose for some reason. Also, Malwarebytes is warning me that FRST is a malware program. I can include the log of that in a previous scan i did of my pc earlier today. Also, i am trying to download McAfee, but my malwarebytes browser guard keeps saying it is a bad file and blocks it from getting installed. Not sure what is up with that. Anyways, here the logs, including the one where it said FRST was said to be malware. Should i redownload macfee? I mean, it is warning me with the browser malware guard that it is a bad download. Ive been using it all this time though...

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

I don't see those Orange items in the logs or service list that you speak of.

The closest I can see is the following

Error: (07/08/2020 08:59:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

 

These appear to be from some type of Remote Support service. Are you aware of them? Did you install or allow them to be installed?

Task: {640ED4E7-E74E-4B47-9342-A4DDCF92187E} - System32\Tasks\ODS => net [Argument = start ODService]
Task: {671DD50E-B774-46A4-8C37-999DE4C84491} - System32\Tasks\TN1 => C:\Program [Argument = Files (x86)\ODTechServices\TN1.exe Your 24/7 Remote Tech Support is expiring. Click here to renew! Ticket=515707]
Task: {7EB92305-8888-44A6-BB8A-930AAB9EB5A7} - System32\Tasks\ODA => C:\Program Files (x86)\OptimumDesk\OptimumDesk.exe [9522424 2017-11-09] (Class IT International Inc -> Class IT Outsourcing) [File not signed]
Task: {B648913B-8A64-480F-A2C1-4A947156525C} - System32\Tasks\Updater => net [Argument = start UpdaterService]

 

In general the computer does not appear to be infected, at least not with anything dangerous. Perhaps some junk and or extensions that might need further review. Your Google Chrome has some old installer/update entries. You might consider downloading the Google Chrome installer and reinstall Google Chrome to see if it will update properly.

We can do some generic clean up as well, and if you like we could even do a 3rd party Kaspersky antivirus scan to double-check the system.

What is the specific link for the McAfee download that is blocked by Malwarebytes Browser Guard? I can check on that and if valid get the block removed.

Let me know what you'd like to do and I'll be more than happy to assist.

Thanks

 

 

Link to post
Share on other sites

  • Root Admin

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

Link to post
Share on other sites

Ok to answer your questions:

 

ODS is a program called Optimum Desk Service (an actual program). IT came with my pc. It is no longer functional though. IT is a subscription service. Should i remove it?  It was basically a service that provided help with the pc if it came with issues. It also monitors stuff on my pc like how hot it gets and such. That is the whole reason i have it. I can delete it in case some hacker can use it to get into my system.

That system32\tasks\update...i do not know that one. Maybe we should look at that in case it is something bad.

 

The McAfee is being blocked at download.McAfee.com. The full link is as follows:

chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html?referrer=about%3Aclient&url=https%3A%2F%2Fdownload.mcafee.com%2Fmolbin%2Fiss-loc%2Fcsis%2Fen-us%2F18.6.140%2F1%2FCSISSetup.exe%3Fname%3DMcAfee_Installer_serial_L4-xWVJrHnXoBESkSjjGEw2_key_affid_400_akey.exe&host=download.mcafee.com&type=scam&subtype=suspiciousDownload&tabId=null&filename=

 

That could be a false positive. Ive been using that site forever, and have been getting my McAfee downloads from here. Since i pay the subscription service, this is the page where i can re-download it when i uninstall it or have issues with it on my pc. For all i think, i beleive it is safe..but im not the expert. You will have to check it out. The dowload from McAfee from that site was also warned about. I already downloaded it on my pc, and works fine. The only thing of note that is mentioned it say is it won't work on Window 10 S versions..which btw, i am not using. I am using windows 10 home.

 

I would like yea, kapersky. I used to use them before McAfee. The reason im using Mcafee is because my old pc was lost in a flood at my house, and that service came free with my pc when i bought it on this newer pc. So i keep it from them. 

 

Thank you again for helping me. As for the odd links, i probably can explain that too. My friend has recently got sick and gave me her old windows xp pc in case she dies. I have had some trouble on that pc with viruses. I was afraid of the usb stick i was using that they might of been spread to my pc thru it, so i formatted that old pc. Problem is, it will not now recognize the windows xp sp2 disc it has. It is fine though..i am still working on it. At least that pc is virus free now..The odd links were probably me researching how to fix the windows xp pc. Some of the links lead to older sites too..so who knows. Can you tell me why on malwarebytes the malware protection is turned off? IS it because macfee is taking it's place or something? Before this, it used to be on, even when i was not using the free premium trial version. Did i screw it up?

 

 

Link to post
Share on other sites

Ok, well the link to the mcafee is to my subscription page. Im not sure if it will let you see it because it gives personal info on it. As for chaniging Virus providers as you mentioned in the private messege, it is not up to me. I do not pay for it, but i will mention it to the person that pays for them.

So here is the McAfee link:

https://home.mcafee.com/downloads/autodownload.aspx?df=myaccount&pkg_id=430&clstype=renew&srctype=website: myaccount&pkgid=431&tp=64&dl=xo2en3Xy4Zr5NH2sCDzlAxVttIDlmd6likPeidxUqd3xAGObk6N34dd41xe1phWUJ5W0w3P0ObPfing2jynRg-m7RPOTWuA9dNqkVTJyJ_Si3CkAeyVT0UNK6okUYTafVthrOxR-FVs7fBF5XbeRtobXQKaDiB0Cv6iK0ui1jSk1

 

It may not let you do anything with it though..since it is tied to my subscription service of mcafee. As for the issues between malwarebytes and mcafee, i did not know that. I learned something new. The issue causing malware not to load the malware protection is then not caused by a virus or malware, but by a compatibility issue. Anyways, thanks again for helping me. Please feel free to give me a link to kapersky trial version and i will try it.

Link to post
Share on other sites

  • Root Admin

Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

 

Once that is completed restart the computer and then use the following link to uninstall Malwarebytes and then reinstall it. Make sure McAfee antivirus is disabled while doing the removal and the reinstall

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

If you have any issues please let me know and I'll assist you further tomorrow.

 

Link to post
Share on other sites

Running Kapersky found a Trojan horse on my pc and some adware missed by all the other things. It just shows you how good it is by that merit alone. Also, how do i i uninstall adwcleaner? IT keeps popping up everytime i start up the pc. I would like to remove it please, so it does not do that. Could you tell me how to remove it? I tried in apps in settings, but it is not listed there.

Link to post
Share on other sites

  • Root Admin

The following fix will remove AdwCleaner as well as do general clean up and checks all in one script.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks


 

Link to post
Share on other sites

Thank you for the help. You can consider this closed. Can i keep some of the security tools, or should i delete them? I would love to keep  a copy of the kapersky virus removal tool on my pc because it helped out so much in removing a trojan on my pc. Below if a copy of the fixlog you requested. Thank you again for the help.

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

You can keep them, but no real need. They are updated often and may be out of date when or if you need them next.

The log looks good. I'll go ahead then and close your topic. There will be a link in the reply to information that can help you to protect your data and privacy better.

Take care and have a great weekend

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.