Jump to content

Recommended Posts

Shortly after booting I got this exploit warning I''ve never seen before, see attachment.

I never visit any dodgy websites, the only thing I can say is that I have a paid porn blocker running which is essentially a VPN, I'll e-mail them as well to ask about this. I'm also using Cold Turkey blocker, paid version, I actually booted this little laptop (I use for watching movies in bed) to temporarily block Facebook on it with Cold Turkey Blocker, but then this happened, the problem is I'm not sure whether the Malwarebytes warning happened before or after clicking Cold Turkey (which seems to be running fine). It's a bit of an old, slow and messy installation compared to my 15,6 inch, fast laptop I use more generally. I have not seen any exploit warnings on that laptop.

 

 

exploit.txt

Link to post
Share on other sites

Hello      :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

 

What is being flagged as an exploit is some "thing"  that is calling for a specific command line to be done in a command prompt

Quote

netsh interface show interface

which is a breach of security  and can be ( is)  a sign of attempted compromise.   We have to have a set of reports to review  and see about possibly what is the source.   That will be the central focus,  to find where that comes from.

For sure we need you to run the Farbar F R S T  report.   Be sure to do all steps in this next link.

Please do all the steps in this pinned topic  & then attach all reports into this topic-thread

 

Link to post
Share on other sites

I see your 2 posts.   Frankly, I am going to try to sort of not consider "cold turkey"  at this time, since I am a stranger to that app.

We are going to start by doing 2 things.

[     1      ]

There is one setting in Malwarebytes that needs to be off.   So that the Microsoft Windows Defender is all enabled.   The Premium ( or trial ) protections of Malwarebytes will still be on.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center
Click the Security Tab. Scroll down to
"Windows Security Center"
Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

{  OFF position is all the way to the left-side }.
Close Malwarebytes when done.

 

[   2     ]

Please download RogueKiller (  the 32-bit version portable) using the link below.
https://www.adlice.com/download-start/?app=roguekiller&type=x86

  •  
  • Save the file first,
  • Close any running programs that you started on your own ( if any).
  • Please disconnect any USB or external drives from the computer before you run this scan!

 

Double-click  RogueKiller.exe to run the program.

Follow the prompts. If a browser window opens, close the window.

 

In the HOME tab, click Scan button

Next, on the Quick scan pane, click om the Start button to proceed.

.

Upon completion, a browser window may open. Close this window.

 Important: Please do not have RogueKiller remove any detected items.

Click the HISTORY tab followed by Scan Reports.

Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.

Please attach the file in your next reply.

 

Link to post
Share on other sites

1) Thanks for reminding me. I am very annoyed to see Windows Defender was not protecting me again, I already had to manually fix this once, I don't understand why the Malwarebytes developers don't do something to fix this issue for once and for all, it's really annoying because you're not even aware Windows Defender or its Windows 10 version is disabled.

2) I attached the file. Nothing found.
Please explain two things:  why not the full scan instead of this quick scan? and: this program seems a bit pushy, it restarted itself to show me a premium offer. What am I supposed to do with the program now? And of course... what do I do next, in general?

..

 

3) I cannot ''just'' disable the two programs I have that are porn filters. They are running just like Malwarebytes in the background. You said I had to close all the programs I opened myself. But this is a questionable case: is it possible it hindered RogueKiller in any way?

 

roguekiller.txt

Link to post
Share on other sites

Thanks for the report from Roguekiller.   Good to see that it found no suspect.

As to the Rogukiller program,  I had you get the portable version.   You can just delete the exe file you downloaded for it.

.

on #3 ,  the write-up to run roguekiller is generic in nature.   I did not ask you to turn off any of your own filters.

.

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 

 

Link to post
Share on other sites

It is very encouraging that the ESET scan run reported no viruses / no malware.

Yes, any flagging of FRST is a false positive.

On the screen grab from Windows Defender,  did you put a tick mark on the check box ??    for the line win32.Ymacco

and then have it Deleted

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
  • 3 weeks later...

Dear Maurice

I have had this thread reopen because I was curious whether there are any steps left after running the ESET scan.

So please tell me if there is still something pending

I am also in contact with official Support to have them check whether there was a conflict with my internet blocking program.

 

Link to post
Share on other sites

Hello @Lanto   .    Good afternoon.   The ESET scan reported zero virus / zero malware.

Quote

20-8-2020 23:32:56
Files scanned: 200273
Detected files: 0
Cleaned files: 0
Total scan time: 01:33:59
Scan status: Finished
 

You can delete the ESET download file   esetonlinescanner.exe

 

Link to post
Share on other sites

You can always scan with your resident antivirus app.   The Windows Defender that is on this Windows 8.1

and, needless to say, do a scan with Malwarebytes for Windows.

.

Here are tips on keeping your web browsers safer.   Make time  and read all of this.     apply the tips.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

.

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

Let me know if you need anything else.

Sincerely.

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.