Windows defender can't remove Win32/Ymacco.AAF4

[OnlyXGN]

Hey Maurice, thanks for all the help. The interface doesn't work at all. I tried at least 10 times to "remove" the threats, but with no visual success. The cheats aka the PUPs found in D:\Download are 100% safe because they are from a good friend of mine. And the map stuff are from S.A.M.P.

LSS: Since 2015 I have been very careful with what programs I use and what things I do on the internet. 

"I still am very careful with all the activities that I do online, and what I download. Because, in the past, I was a dumb kid . From 2011 to 2015 I had windows defender on my first laptop. In these 4 years, it detected 4 viruses in total (and I'm not joking). I had a passion for tech since then. One day, my laptop was on the desktop, with no programs running, but it was heating up to 85^C, and the cpu and memory were at 100%. I installed Malwarebytes (because I was watching britec09 at that time)  and it found 366 active malware on my laptop. I fixed my laptop and I still am careful with what I download." 

1.I'm sorry if the story was boring.

2. WIndows defender still doesn't work as intended.

3. I am 100% sure that the PUAs are from CS:GO because when you play on the community maps, it downloads resources from external websites which are not safe even 60% of the time.

4. I will install the programs and I will send you the logs.

 

 

[OnlyXGN]

And today I actually wanted to reset my pc because I spent way more time trying to fix it than resetting it. But because you helped me, I decided to keep going.

Also, I saw that the program injected itself into steamservice.exe which is a safe process, and the spyware always started when steam started, corrupting the file.

[OnlyXGN]

Hey Maurice, I have come back with an update. So, RogueKiller didn't find anything, nor Trendmicro Housecall. All the things that Housecall found were the processhacker 2 files, which are safe.

[OnlyXGN]

42 minutes ago, OnlyXGN said:

Hey Maurice, thanks for all the help. The interface doesn't work at all. I tried at least 10 times to "remove" the threats, but with no visual success. The cheats aka the PUPs found in D:\Download are 100% safe because they are from a good friend of mine. And the map stuff are from S.A.M.P.

LSS: Since 2015 I have been very careful with what programs I use and what things I do on the internet. 

"I still am very careful with all the activities that I do online, and what I download. Because, in the past, I was a dumb kid . From 2011 to 2015 I had windows defender on my first laptop. In these 4 years, it detected 4 viruses in total (and I'm not joking). I had a passion for tech since then. One day, my laptop was on the desktop, with no programs running, but it was heating up to 85^C, and the cpu and memory were at 100%. I installed Malwarebytes (because I was watching britec09 at that time)  and it found 366 active malware on my laptop. I fixed my laptop and I still am careful with what I download." 

1.I'm sorry if the story was boring.

2. WIndows defender still doesn't work as intended.

3. I am 100% sure that the PUAs are from CS:GO because when you play on the community maps, it downloads resources from external websites which are not safe even 60% of the time.

4. I will install the programs and I will send you the logs.

 

 

And by the way, thanks for the advice. I let my guard down and I got infected.

[OnlyXGN]

[OnlyXGN]

The interface is broken btw. If I press start actions, it's not going to work, it will only loop for about 5 minutes and do nothing.

[Maurice Naggar]

I am currently ( unfortunately)  having oddities on my own monitor display  & I cant very well see the images you posted.

BUT

The  Farbar FRST  reports had indicated that this machine has ESET SECURITY antivirus.   SO,  when that is so, it disables the normal use of Windows Defender.

Use the installed ESET Security program to deal with any potential threat.

[OnlyXGN]

No problem. The bad thing is that I uninstalled eset because it was annoying, and because I don't want to use it, I wanted windows defender, and eset didn't have problems with the threats.

I will install bitdefender free because I had it installed some time ago. I don't want to buy a premium antivirus because I don't go to unsafe sites, but because of this experience I might buy one sometime in the near future.

[Maurice Naggar]

Here are tips on keeping your web browsers safer.   Make time  and read all of this.     apply the tips.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

.

If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

[OnlyXGN]

Thanks for the advice Maurice. I don't allow any sites to push ads or notifications because I know what can happen. I didn't know about the extension, I will install it, because it is very helpful.

[OnlyXGN]

And hey man, one more question. Do you think that zemana anti malware has gotten better over the last 2 years? because I know it was on a decline on 2018 and that it couldn't detect malware as it could in earlier builds.

[Maurice Naggar]

Beef up all the web browsers.  Install the Malwarebytes Browser Guards.

Stop playing any further online games.   Do not do any web surfing.

There were 6 or 7 warnings about trojan detected by Windows Defender.

.

I trust Malwarebytes for Windows more.   than zemana.

[OnlyXGN]

I know, I just asked. The thing is, that before I ran the script, the warnings weren't there, because I whitelisted them, they were my cheats for CS:GO, nothing else. 

SO, I don't know about : PUA:Win32/Presenoker, that's like all.

And, they can't seem to find anything.

[OnlyXGN]

I searched them all, the threats are only anticrashers and map.asi from san andreas multiplayer, nothing else. I'll delete them now, so it won't detect them anymore.

 

[Maurice Naggar]

Do be aware, I am not familiar with online games / anticrashers and map.asi from san andreas multiplayer

I suggested that you kindly stop playing games while this case was on-going.

 

The other thing, this forum is not like a live online chat room.   I am not on all the time, plus I do not see your posts li\ve as they happen.

Collect your questions and just kindly make one post ....then wait for my reply.

also, it seems you are jumping from one tool to another all the time.  Witness your running of the Sophos app.

.

I did not spot until just now, but the version of Malwarebytes for Windows on this box is very very very old.  It is a version 3.7.1

The current release is a Version 4   ...... version 4.1.2.73

This pc needs a clean removal & new setup of Malwarebytes for Windows version 4.

Follow all the steps on this how-to support article

https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-Malwarebytes-using-the-Malwarebytes-Support-Tool

 

 

[OnlyXGN]

Hey Maurice, I came back with an update. So, Sophos didn't find anything, and malwarebytes has been scanning for 4h and 25 mins and has found nothing (670k files scanned). Should I stop it ? or let it run for 2 more hours?

[OnlyXGN]

Hey Maurice, Malwarebytes didn't find anything, so Windows Defender did it's job.

[Maurice Naggar]

It is good to see that this pc now has the latest current release version of Malwarebytes for Windows.

It is good to know that its scan has found no malware.

The trial period of the "premium trial" is for 2 weeks from the time of the setup.  During that period, all the real-time protections of Malwarebytes will be protecting the system.

So, rather than buying any other product, I would suggest that you consider getting a Premium license.

If you have other machines  (  Windows, Mac OS X, Android devices, Chromebook) you can buy a seat for each device.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you