Jump to content

Recommended Posts

Hi,    @Lightix       :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 

  
Please only just attach   all report files, etc  that I ask for as we go along.


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
  
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.2.802.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,
Sincerely.
 

Link to post
Share on other sites

Hello Monir.   Thank you for the report file.

Just so you know,  the tool you recently got  mb-clean-3.1.0.1035  is very old  & does not work with versions 4  of the Malwarebytes for Windows.

Just please do not use it.

I notice also you have Hitman Pro.   Please do not make any changes to the system, nor run tools  on your own, while this case is Open, without first checking with me.


before starting in, please close all open work.

 

I also want you to watch the whole process and keep a eye out for on screen prompts.    Keep a lookout for prompts during the later phases of the run. It may ask for a Restart of Windows. If so, it is critical to reply with YES
 
Let's perform a clean removal of any traces remaining of Malwarebytes for Windows.   You will use the Support tool which you saved from before.
 
Malwarebytes Support Tool (MBST) Clean Reinstall

  •     Open your Downloads folder.

Right-click mb-support-1.6.2.802 & select Run as administrator to start the tool & reply YES to allow to go forward.

 

  •     When prompted by Windows, reply YES to allow the tool to go forward.
  •     You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!".
  •     Click the Advanced Options link. This is important. Please ensure Advanced Options is clicked.
  •     Click the Clean button followed by Yes to proceed.
  •     Upon completion, click OK to reboot your computer.      ( if it gets that far .   It may just say no installation found.    )
  •     After the reboot, please wait for the program to reopen.
  •     You will be presented with the option to install Malwarebytes for Windows. Click NO

Close the tool at that point.

Let me know after all this has been done.    We will do more afterwards.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

OK.   Here is the next task, which will use a custom script to do a few cleanups.   There are a few firewall rules to cleanup that can block Opera, plus this will also do a run with the Windows Defender since indications are that there are or were some items  tagged as trojan.

 

As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the script has run.

.

This custom script is for  Lightix  only / for this machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRSTENGLISH  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

We will do more after this round.

Sincerely.

 

 

Fixlist.txt

Link to post
Share on other sites

Thank you.   That was a good run.   On this next round, the plan is to do a new setup of Malwarebytes for Windows.

What I would like for you to keep in mind,  if something goes a little off,  to not jump to uninstall the program.   There are many ways to mitigate a issue.

Including, but not limited to, exiting the program from the taskbar Notification area,  and possibly turning off 1 or maybe 2 protections, if needed.

Just please  stop and ask me first.

.

There is one article that shows how to get to the options for the Notification area, if needed.   The article is in English, but I expect that you can make sense of it.   That is, if needed.

My goal is to have your machine on the very latest Release version of Malwarebytes for Windows.

.

I do not know whether or not you are aware:   The notification area blue-icon for Malwarebytes has right-click options.

You can selectively turn off one or more of the Protections.   You could also do a EXIT out of the program  ( by clicking Quit Malwarebytes option)

.

Please see the Malwarebytes Support article  https://support.malwarebytes.com/hc/en-us/articles/360038524254-Quit-Malwarebytes-for-Windows-Premium-services

The "right-click" options are shown on the 2nd image of that article.

One also needs to keep in mind, that those protections are typically controlled on the main window of the Malwarebytes for Windows program.

.

That said, here is how to do the new install for the program.

Please prepare by first closing any open work; saving any work in progress. Close them so you can have better view. 

Ideally, if possible, do a Windows Restart. Then proceed. 

 

the Malwarebytes installer is at this link 

 

Please use this link

 
download and save the setup file . It will automatically download. Just SAVE first. 
 

1.    RIGHT-click mb4-setup-consumer- 4.1.2.175-1.0.990-1.0.nnnnn   .exe & select “Run as Administrator”   to start the Malwarebytes for Windows setup. 
2.    Follow the installation instructions to complete setup. 

 
Watch all of the process. Have lots of patience. 

 

After setup is done, we need to be very sure to Check for latest Updates.

In the program, click the Settings ( gear ) icon. Look for the General tab.

 

Then click on the button "Check for Updates". Have lots of patience.

Then click the small x to get back to main screen.

 

On the main screen, click the blue button Scan now


Let me know how it goes.

 

Link to post
Share on other sites

Hello Maurice,

Thanks again for walking me through all these steps. 

I have done as you asked, and MalwareBytes is finally installed and updated (see images attached).

I didn't start any analysis for now, waiting for your next intructions.

Best

Lightix

 

Annotation 2020-07-28 090623.png

Annotation 2020-07-28 MAJ.png

Link to post
Share on other sites

OK.   That is good.  As we go forward, it is best to attach actual log - reports.

Lets follow on with this scan.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

Hi Mounir.

Thank you for the reports.  Yes, the latest Adwcleaner scan found no adware.   The preceding older one did find 2 P U P  and 1 trojan.agent.

Next, one housekeeping item  & then one new ( different scan ).

[   1   ]

There is one setting in Malwarebytes that needs to be off.   So that the Microsoft Windows Defender is all enabled.   The Premium ( or trial ) protections of Malwarebytes will still be on.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Click the Security Tab. Scroll down to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

Close Malwarebytes when done.

 

[    2    ]

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Also, let me know How the overall situation is.

Cheers.

 

 

Link to post
Share on other sites

Hello Maurice,

 

Thank you again for your kind help

[1] The setting was changed in MalwareBytes.

[2] The scan using ESET is done, the log is attached. It found threats in the adwcleaner quarantine.

Overall I admit that I got some problems with Windows since 2-3 days. I have random crashes (blue screen) with errors related either to the system, or to the memory. I don't know if it's linked to the recent infections / Trojan, or if it has nothing to do with that but rather would be caused by the hot weather which my computer obviously do not like a lot (nor do I, haha).

Best,

Lightix

log.txt

Link to post
Share on other sites

Hello Mounir.

The items tagged & removed by ESET were all in the Quarantine area of Adwcleaner.   ESET found nothing new really.   There are no viruses here.   😄

 

You mentioned hot weather.  Thus I would say, pay attention to the room temperarture    Insure that  there is plenty of room around the computer for air circualtion.

 

The starting issue of this case was about the installation of the program for Malwarebytes for Windows.   That has been  accomplished.

To see the most recently logged Events for Windows, we can run a report.

 

Please download MiniToolBox save it to your desktop and run it.

 

Reply YES when prompted by Windows to Allow the program to run.

Reply YES when prompted by the tool to proceed.

 

Checkmark the following check-boxes:

  • List last 10 Event Viewer log


Click Go and post the result ( MTB.txt ). A copy of Result.txt will be saved in the same directory the tool is run.

.

This other report  will show status on some Windows services.

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.

Right-Click on fss.exe and select Run As Admisnitrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

 

 

Link to post
Share on other sites

Thanks for the reports.   First, do be aware there is not an issue here of "infection".

What I see here are a few system errors that are related to a ESET antivirus-program driver file   ( oddly enough, in a TEMP area  )

System errors:
=============
Error: (07/29/2020 02:20:20 PM) (Source: Service Control Manager) (User:)
Description: The eapihdrv service failed to start due to error:
%% 1275 = Driver loading was blocked


Error: (07/29/2020 02:20:20 PM) (Source: Application Popup) (User:)
Description: \ ?? \ C \ Users \ Icarus \ AppData \ Local \ Temp \ ehdrv.sys

.

I also notice a couple of issues for 2 Windows services:  Volume Shadow Service  & the Windows Update Service.

Once  more, it should be pointed out these are not  "a malware infection".

.

To help remove the un-needed Eset driver  & to help with Windows Update service,  I have a new script for you.

Please be sure to Delete  the older copy of Fixlist.txt   that I had you save  before.

 

This custom script is for  Lightix  only / for this machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRSTENGLISH  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

We will do more after this round.

Sincerely.

 

 

Fixlist.txt

Link to post
Share on other sites

Hi Maurice,

I experienced a new crash earlier today. Blue screen with an error related to the memory. It seems to happen when I am using Opera to browse Internet. I will try to use Firefox for a few days and see if it's any better.

Thank you again for your help. As far as my initial request for help, everything is well, and MalwareBytes is working properly. I will keep monitoring those crashes and if they ever become too problematic, I will come back in this forum.

All the best,

Lightix

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.