Malware bytes detected riskware but cannot remove it.

[Smilemoar]

Hi guys,

So I ran a full system scan last night and Malware bytes found two programs (one is a cheat trainer) and the other is a file called "explorer.exe" that has taken up residence in my Downloads folder on my computer. This latter program is labelled as RiskWare.HeuristicsReservedWordExploit.

So I told Malware bytes to quarantine it and so malware bytes did its thing, restarted my computer but the action shows up as "Replaced" and the file is still there and present on my machine.

I need assistance to remove this threat. 

I have uploaded a copy of the scan results.

 

Malware Bytes Scan 04102020.txt

[Smilemoar]

Sorry forgot to add the other logs.

I have run AdwCleaner by Malwarebytes from my Desktop and attached the log file to this response.

I have also run the Farbar Recovery Scan Tool and attached the the FRST.txt and Additions.txt logs as well to this post.

In addition I made sure to update my Java to prevent any future exploit vulnerabilities that might have been a part of this as well using the latest versions/updated databases for the tools above. 

So far it seems that the program is simply existing and nothing else but I doubt it will stay that way forever. 

Addition.txt AdwCleaner[C00].txt FRST.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

This may be a false positive triggered by files in the Quarantined folder.

How to Delete/Restore quarantined files.
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus

Follow the directives on the page to delete[]/b] all the files in the quarantine folder.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

[Smilemoar]

Hi nasdaq,

Thank you for the response and your time

As instructed I have run FRST's Fix function with the fixlist.txt file as provided. Please find attached the fixlog.txt file as requested.

I have subsequently rerun MWB again it did not however detect a threat from the file as it previously (see attached log for specific file). 

Additionally, I can now delete the file from the downloads folder if I wish to do so (I will hold off doing so for now though).

No other issues have been detected since.

Would I be okay in thinking that this has been dealt with now? I ask since after doing some more reading on the "Replacement" function of MWB it seems that this is used when a file that is legit might otherwise have settings or values that are detected as a threat - with MWB simply replacing the file if possible or changing the setting/values of the file to defaults.

Fixlog.txt Malware Bytes Scan 05102020.txt Specific File - Malware Bytes Scan 05102020.txt

[nasdaq]

Hi,

Your are looking good.

You can certainly delete the files we have created while running this Farbar program.

Stay safe.

 

 

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you