Jump to content

Trojan reappearing


Go to solution Solved by Maurice Naggar,

Recommended Posts

That's disheartening to hear. If I may ask, will a full reset be able to fix my laptop and get rid of the malware and/or the effects of it? I am willing to go that route if it is known that it could work for what my laptop is dealing with.
Also, I have already mentioned in my previous reply that I have tried opening regedit in administrator mode and it still wont import the registry file, giving the same error in the picture I recently uploaded. 

Link to post
Share on other sites

I suspect there are glitches  ( one at least, likely more)  on this Windows installation.   Glitches can be due to different reasons  & not necessarily any 'malware'.

A refresh operation using the REFRESH option of Windows 10 is one possible thing that may be tried  ( later)   and or a attempt at a Windows repair in place.

But for now, just to do a different virus-scan check  is a good idea at this point.   Lets do this first  & lets hold off on any other measures.

 

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan
Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 
 

Link to post
Share on other sites

I have completed the scan and attached the log. But I should mention that around half an hour before the scan, I tried downloading the update of the new Windows 10 version 2004 just to test my luck. Next thing I knew while I was doing the scan, a notification prompt for a restart appeared! Somehow my laptop was able to download the update which is ready to be installed, and I have absolutely no idea why, out of all times, it was only able to do so now. I just want to make sure, is updating still the best action to do right now?   

eset scan.txt

Link to post
Share on other sites

Thank you for the scan-result-report from the ESET Online scanner run.  Really.  That is a very good catch by that tool.   I notice it found some items that mention "utorrent".   Please stay out of any 'torrent' related apps.   All those files wre ".tmp" files in a TEMP folder.   There is no need for any .tmp files in that folder.   Lets do a onetime cleanout

Open an elevated command prompt window i.e. run Command Prompt as an administrator .
It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is
To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )
On that command prompt,  Copy & Paste this command

del /s /q "C:\Users\Marco Sanchez\AppData\Local\Temp\*.tmp"

press Enter-key   and the deletes of .tmp files    ( if any).

Once that is completed, you can close the Command-prompt window.

.

You mention some progress about the Microsoft update to Version 2004   { the spring 2020 update}.    Has that all finished  ?  If it is waiting for action from you, let it go forward.  Do like it prompts you.    Let me know when that has all finished.   If that does indeed complete, it will be a huge saving grace.

Edited by Maurice Naggar
Link to post
Share on other sites

Hello, I have finished clearing out the .tmp files as you advised.
I have also completed updating my Windows to version 2004, and I must say, thank you so much! I think it did wonders, as far as I can tell. Windows defender is properly working.  Everything seems to be in great shape and my laptop feels brand new. Are there any more steps I must take?

Link to post
Share on other sites

Bravo.    Kudos.   That is so very good news.   I would like a fresh readout report so I can review.

FRST64 is on the Downloads folder.

 

Run report with FRST64.     Go to the Downloads folder.

Right-click on FRST64 icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

 

image.png.5d47975010636d1d032768cefa8d6625.png

 

 


The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Link to post
Share on other sites

Good morning.   Thanks for the fresh FRST reports.   Congratulations, this system is running on Windows 10 Home Version 2004  {  Build 19041.508   }

That is the very latest, including the MS updates for Sept 2020.    yay  👍💢

The reports are good.   Just wanted to review.   I am going to list a few things to do here  and other tips.   And I would like for you to do one scan with the Microsoft Windows Defender antivirus soon, when you get the chance.

 

At this time,  see about doing a Create System Restore Point with the Windows System Restore app.

See Option One in the article    https://www.tenforums.com/tutorials/4571-create-system-restore-point-windows-10-a.html

.

Do one new run to Microsoft Windows Update  with the goal to insure that it is all up-to-date  including the definitions for Windows defender.

Now to run a new scan with Windows Defender

go to Start  > Settings  icon > Update & Security  >    select  at the left  Windows Security > Virus & threat protection

Click Open Windows Security

when you see 'Security at a glance'   click on Virus & threat protection

Click Quick Scan

Let me know what the result is.

.

I would also suggest one new scan with Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.
Have patience during the run.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

These things ought not to take a lot of time.   I would like to see these 2 scan results before we do the final steps to close out this case.

It is great to see that this machine is on the latest Windows 10 release.     👻

Link to post
Share on other sites

Very good, this Malwarebytes for Windows scan run found no malware.   Kudos also on the MS Windows Defender result.  :thumbup2:      :bounce:

I am very pleased to hear these results, plus, needless to say, the success in getting the very latest released Windows 10 version.

Now we can cleanup on the tools I had you use,  and after that, a few other safety & best practices tips to stay safe.

.

Delete   msert.exe

Delete fss.exe

Delete the ESET download file    esetonlinescanner.exe

To remove the FRST64  tool & its work files, do this.  Go to your  Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup proceed.

 

The Adwcleaner you may keep, and run as needed.    Any other file I had you download, you may delete.

 

Here are tips on keeping your web browsers safer.   Make time  and read all of this.     apply the tips.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

.

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Don't remove ( or change )  your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Let me know if you need anything else at this time.      😎

  • Like 1
Link to post
Share on other sites

I have done the cleanup and some of the tips you suggested, and will definitely take those precautions to heart. I am really grateful for your help, and I cannot thank you enough. I think I'm good for now, you can probably close this post already. I'm satisfied with the state of my laptop. Thank you again!

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.