Jump to content

Help


indio68
 Share

Go to solution Solved by kevinf80,

Recommended Posts

Greetings,

                  i have a problem with new windows 10 2020 version so i went back to a previous version and malwarebytes didn't worked anymore. and i msut use Revo uninstaller to get rid of all the entries for being able to isntall it again. i did a new scan and it found a Hijack. wich i attack to post. is this a false positive?? i tried to apply a solution i've seen in another old 3d but i can't get the command prompt : %windir%\system32\drivers\etc\HOSTS" "%userprofile%\desktop\hosts.txt to work..it give me error %windir%\system32\drivers\etc\HOSTS %userprofile%\desktop\hosts.txt : Impossibile caricare il modulo '%windir%'. Per
ulteriori informazioni, eseguire 'Import-Module %windir%'.
In riga:1 car:1
+ %windir%\system32\drivers\etc\HOSTS" "%userprofile%\desktop\hosts.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (%windir%\system...sktop\hosts.txt:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CouldNotAutoLoadModule

 

what should i do? thanks and sry bad english i'm italian

Result scan.txt

Link to post
Share on other sites

Hello indio68 and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Thanks for the help, i provide the info and file you requested me, hope it helps..anyway there is only that file in the Malware scan

 

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 28/10/20
Ora scansione: 17:43
File di log: ad26149e-193c-11eb-989a-0025227f86c0.json

-Informazioni software-
Versione: 4.2.1.89
Versione componenti: 1.0.1070
Aggiorna versione pacchetto: 1.0.32162
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 18362.1139)
CPU: x64
File system: NTFS
Utente: DESKTOP-IF3QJDI\indio68

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 302718
Minacce rilevate: 1
Minacce messe in quarantena: 0
Tempo impiegato: 8 min, 1 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 1
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Nessuna azione intrapresa, 15731, 302764, 1.0.32162, , ame, , A61307FB977EF963E21637C1F70F7662, D8F3A355C654C30D217565C279DBA02293F7EC8CE5D1D48D7ADD3DB6B3BC3666

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

 

Adwanced Cleaner  report  here it detect 2 file, but these are 2 game files...1 contain my saved game..so i don't think they are  adware or virus..i don'ìt delete these files i only post the report:

-------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-28-2020
# Duration: 00:00:27
# OS:       Windows 10 Pro
# Scanned:  31837
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\indio68\AppData\Local\Genesis
PUP.Optional.Legacy             C:\Users\indio68\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

for the last step i'm facing the same problem i had  downloading malwarebytes from Cnet.com...Edge won't show me the site page giving me this :

 

www.bleepingcomputer.com ha rifiutato la connessione.

Prova a:

ERR_CONNECTION_REFUSED

 managed to download from the alternate link:

FARBAR RECOVERY SCAN report:

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Solution
Hiya indio68,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if the hosts file issue has cleared...

Thank you,

Kevin...

fixlist.txt

  • Thanks 1
Link to post
Share on other sites

hi, i didn't do all this stuff again..wanna ask something first.. all this only for the Hijack files found? i forgot to tell you that in the past i downloaded some fix for get rid of windows telemetry and other unwanted stuff of win 10...maybe something in the host file was done don't remember well now..i want understand first what all this work is for..you foun something dangeorous on the logs? i'm warrine dbecause advanced cleaner found 2 files that aren't virus but game failes..thanks

Link to post
Share on other sites

damn i dont find any Edit function....i want let you know that my  old Raid 0HD have some problems (i can't downlaod big files on partition D cuz it gives me bsod..i say this because i've read that the fix will do a scandisk and checkdisk...i've done already and all MS files were ok, but sacandisk was a pain to do. i know i must buy new disk, but i'm unemployed and it's not that easy...for me right now. thanks

Link to post
Share on other sites

There is no command scan disk, only system files. To disable Telemetry do the following:

Open the search function, type or copy/paste

  • type or copy/paste  gpedit hit enter key
  • in new window go to "Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds".
  • Double-click "Allow Telemetry".
  • Select "Disabled", then click "Apply" then "OK".

Can you post the logs from previous instructions....

Link to post
Share on other sites

ok, i will do..it's normal that i can't open mega.nz,cnet.com and other legit sites with edge or is something that the damn Hijack file causing..i always used firefox, but after the passage to previous windows 10 version  i had problem so i used edge..but too many of these issue conencting to some sites..all the other working (steam-.steamgift, humblebundle,uplay,)ecc., thanks

i will do the fix late this eve beause i've read it takes sometimews..

Link to post
Share on other sites

Thanks Kevin for your time, here  are the log requested.

Wanna ask this: is possible to have a default Host file? it's normal that Edge won't let me open some site, expecially if are download link..?? i never had these issues with FF..but Edge seems much reactive and less eating memory than last FF releases,but if have these problem i must return back to FF.. thanks Kevin

msert.log Fixlog.txt

Link to post
Share on other sites

edit (there is really no edit button on this forum?)  NOW EDGE OPEN MALWAREBYTES DOWNLOAD SITE FORM CNET, IT OPEN BLEEPINCOMPUTER..AND MEGA.NZ TOO!! you ar emy hero Kevin..many many thanks for your precious help if i still have a credit card i will donate, but sadly i must get rid of it (well bank get rid of it)..so i can only thank you for now 

Link to post
Share on other sites

Thanks for the update, good to hear all is ok for you. Hosts reset has more than likely cured things.... Continue to clean up..

Right click on FRST here: E:\Documenti\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe
 
Kevin... http://www.bleepingcomputer.com/forums/public/style_emoticons/default/busy.gif

 

Edited by kevinf80
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.