WilliamWilliam Posted October 1, 2020 ID:1411224 Share Posted October 1, 2020 Did everything I could to remove this but it keeps coming back. I have done what it said in a 2009 post on here. Please let me know how else I can help. Thank you in advance! Where do I send the file to attach? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2020 ID:1411246 Share Posted October 1, 2020 Hello @WilliamWilliam My name is Maurice. Let me know what name you prefer to go by. I would appreciate getting some key details from this machine. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Do have patience while the report tool runs. It may take several minutes. Just let it run & take its time. You may want to close your other open windows so that there is a clear field of view.Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.7.0.827.exe to run the report Once it starts, you will see a first screen with 2 buttons. Click the one on the left marked "I don't have an open support ticket". You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Now click the left-hand side pane "I do not have an open support ticket" You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! But look instead at the far-left options list in black. Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer. Please do have patience. It takes several minutes to gather. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK. Then Exit the tool. Please attach the ZIP file in your next reply. 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411253 Share Posted October 1, 2020 Well, it pretty much removed any trace of Malwarebytes from my PC. Installing, again. Brought me to hold F7 or F 8 screen up, hit enter for boot start up. Not sure where to go from here. Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411259 Share Posted October 1, 2020 Billy is fine. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2020 ID:1411261 Share Posted October 1, 2020 Hi Billy. I have to ask whether you followed just exactly what I wrote about "Gather logs". ? Did you happen to click on some other spot ? like repair ? Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually Please attach both logs to your reply if possible. To upload attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button. 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411272 Share Posted October 1, 2020 (edited) [edit] Logs removed per request Edited October 15, 2020 by AdvancedSetup Logs removed per request Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2020 ID:1411274 Share Posted October 1, 2020 Thank you. Take a minute, and tell me just How, where, by what was there a "trojan" ? what presented the info ? what else did it say ? 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411303 Share Posted October 1, 2020 I skipped a few steps by mistake. You should be able to retrieve the files requested. Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411307 Share Posted October 1, 2020 I'll give you the website I got the trojan from. Can I dm you? These posts seem lengthly. Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 1, 2020 Author ID:1411314 Share Posted October 1, 2020 Trojan was found by Malwarebytes. I downloaded what I thought was software for recovering data. The install said it failed installation as obviously intended of the creator of this malware, before hand. My CPU acted strange. Then I did a few scans with Malwarebytes and S&D 2. It isn't popping up every 15 seconds right now, but it comes back later and starts back up, again. Sometimes without ever stopping. All kinds of weird s keeps happening. I can't normal shut down my PC. Gotta hold down on the power button. Airplane mode icon is on, however I do have internet access. Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 2, 2020 Author ID:1411503 Share Posted October 2, 2020 Windows key, search bar, windows folder search bar are non-functional. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 2, 2020 ID:1411510 Share Posted October 2, 2020 Hi Billy. Please only reply here to this topic. Please also know that help is thru this thread-topic. Not by personal message. Your very last post would tend to indicate some oddity with the Windows O S ( and not necessaruly some "infection") Lets do these next 2 scans to check for malware / viruses. [ 1 ] You can check this system using another free tool at Microsoft. For another opinion. The Microsoft Safety Scanner is a free stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download take a minute to locate & then send the log It should be at C:\Windows\debug\msert.log [ 2 ] I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 3, 2020 Author ID:1411710 Share Posted October 3, 2020 (edited) Update: Hi, Maurice. The 1st mentioned said it fixed what it could. Did not display any results. The second mentioned has displayed results I can send a log of. However, I am experiencing the same activities I've discussed earlier. Inactive Windows key/Windows Start click, Inactive Searchbar. Inactive folder searchbar. Website due to phishing is popping of every 15 seconds again right now so I can send an image of it as well. Okay, so I think I have all the right things here now. Was a little disorganized with he documenting. Thank you for your patience and effort. Edited October 15, 2020 by AdvancedSetup Logs removed per request Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 3, 2020 Author ID:1411717 Share Posted October 3, 2020 Btw, the full path for the image sent was, full path - C:\Users\Owner\AppData\Roaming\froudMalitGrentSouce\ipconfig.exe. Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 3, 2020 Author ID:1411718 Share Posted October 3, 2020 I can't edit the post. I need to make a whole new post if I wanted to add something from the prior. By the way, the path mentioned doesn't exist. I have searched for it. The folder where it says the executable file exists doesn't exist. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 3, 2020 ID:1411733 Share Posted October 3, 2020 Hello. Let just mention, that since you are a relatively new member, the forum does not allow you to Edit your post once it has been published on the forum. As to some of the factors you mentioned 2 posts ahead, we need to unpack and put things in proper categories with proper separation. These Quote Inactive Windows key/Windows Start click, Inactive Searchbar. Inactive folder searchbar. need to be in a separate category. Those are some sort of Windows glitches. We can address those separately later on. The Block events & notices by the web protection of Malwarebytes for Windows are entirely separate. NOTE: The ESET scan found and removed 8 unwanted / unsafe apps. I notice some were downloads. One must be very very careful what you download & just from where !! . The Block notice from Malwarebyes DOES mean that it is keeping your pc safe and away from potential harm. Note the green tick-mark ( check-mark) at the left of the message window in that display-notice ! . Run a scan with Malwarebytes. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the SECURITY tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Click it to get it ON if it does not show a blue-color Now click the small X to get back to the main menu window. Click the SCAN button. Select a Threat Scan ( which should be the default). When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Be sure all items were removed. Let it remove what it has detected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Have patience always. We will be doing more later. 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 4, 2020 Author ID:1411789 Share Posted October 4, 2020 Thank you , again, Maurice. Thank you as well for taking the time and care of explaining everything. The inactive mentions are still inactive, however I have made some shortcuts to them such as Malwarebytes. Running scans at least 3 times a day. Nothing new coming up though. I will do as you instructed. Thank you, good night Maurice Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 4, 2020 Author ID:1411831 Share Posted October 4, 2020 Good morning, Maurice. nothing to report. I can still give you the scan results, however no detections were made. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 4, 2020 ID:1411843 Share Posted October 4, 2020 (edited) Good morning. I take it that the last scans with Malwarebytes for Windows have reported no malware and no P U P. I suggest a different scan with a different tool. TrendMicro HouseCall scanhttps://www.trendmicro.com/en_us/forHome/products/housecall.html First, Download & Save to your Downloads folder the appropriate HouseCallLauncher Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it. The program will check with TrendMicro & do a update run. Next it will show the Disclosure window. Click Next to proceed. The end user license agreement is presented. Click the Accept radio button & click Next to proceed. IF you wish a Full scan or a Custom scan, first click on the Settings then you can select which drives you want to include in the scan. The default is a Quick scan. Click Scan now when ready. The scan progress will then be displayed. Monitor the progress or just leave it alone until it finishes this phase. When the scan phase has completed, if any items are tagged, you will see a list, showing the file & its location, the classification of the threat, the type, risk, and Action option. If you see an item that you know is safe, you can click the Action , and select Ignore. When all done & ready, click the Fix now button. Also,let me know about the current status & if you need other help. SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Edited October 4, 2020 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 6, 2020 Author ID:1412087 Share Posted October 6, 2020 (edited) 777 Good evening, Maurice Did as instructed. The 1st, nothing came up. The 2nd, I have the results logged here. Kind regards, Billy Edited October 15, 2020 by AdvancedSetup Logs removed per request Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2020 ID:1412234 Share Posted October 6, 2020 (edited) Per the SecurityCheck tool, here are things that need your attention. Follow up & insure they get updated to the latest releases. GIMP 2.10.0 v.2.10.0 Warning! Download Update WinRAR 5.80 beta 2 (64-bit) v.5.80.2 Warning! Download Update Viber v.11.3.0.24 Warning! Download Update Adobe Shockwave Player 12.1 v.12.1.7.157 Warning! This software is no longer supported. Please uninstall it. swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it. Adobe Acrobat Reader DC v.20.009.20074 Warning! Download Update^Please run Acrobat Reader DC and go Help - Check for updates...^ VdhCoApp 1.3.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. . Now to focus on the first main issue - the block notices about C:\Users\Owner\AppData\Roaming\froudMalitGrentSouce\ipconfig.exe. Lets do these next set of steps. [ 1 ] I need you to insure that Windows is set to show all hidden folders, to show all folders. Do not let this spook you out. Ihere is a how-to at Tenforums. Use either option one or two or three https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html . [ 2 ] The following custom script is to remove a suspicious file, to run the Windows System File Checker tool, the Windows DISM tool to check the system, and to rebuild the Winsock. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. The system will be rebooted after the script has run. . This custom script is for WilliamWilliam only / for this machine only. Close and save any open work files before starting this procedure. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. I am sending a custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair. Please RIGHT-click the (attached file named) FIXLIST and select SAVE link AS and save it directly ( as is) to the Downloads folder The tool named FRST64 .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this. Sincerely. Edited October 15, 2020 by AdvancedSetup Logs removed per request 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 11, 2020 ID:1413491 Share Posted October 11, 2020 Good morning. How is the situation today ? 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 11, 2020 Author ID:1413537 Share Posted October 11, 2020 Top of the morning to you, Maurice. Fixlist.txt is in the same folder as FRST64. * No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located. (FRST) * No sure what happened or what I did different here. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 11, 2020 ID:1413562 Share Posted October 11, 2020 (edited) Hi Billy. Look on the Downloads folder. There is where the FRST64.exe is saved ( from before). The FIXLIST.txt should be saved to the same folder, in order for the custom fix to work. Look for FIXLIST there. If you do not see it there, do a new download and get the file to the Downloads folder. Then do the procedure outlined before. Edited October 15, 2020 by AdvancedSetup Logs removed per request 1 Link to post Share on other sites More sharing options...
WilliamWilliam Posted October 12, 2020 Author ID:1413615 Share Posted October 12, 2020 Hi, Maurice. My mistake. My one post I couldn't delete so I said scratch that last one. I wasn't specific and brief. Good night Link to post Share on other sites More sharing options...
Recommended Posts