Jump to content

Help I have a continuous RTP detection Event marked as Trojan


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi,       :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.   

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.  I appreciate the screen grabs.  However does do not show all details we need.  But do know that the Web protection as well as all other Malwarebytes protections are keeping the pc safe from harm.  These look like IP Blocks related to some Outbound traffic.  It may be due to bad adwares link on a site you read, or perhaps some email you may be reading at that moment.   Do you know what website the browser was on at the moment of that last block ?  The IP connect attempt was Stopped.  See about Deleting the Cache & History in Opera. Close / Exit out of Opera.  See about using the EDGE browser for the rest of the duration on this case.


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.80.848.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,
Sincerely.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Sorry, I don't know the website it was on. the browser was closed when I saw it. this has been happening on my mom's computer/ I cleared the website cache etc last night and uninstalled opera. Sorry, I didn't wait to hear back from you on that I was having trouble updating ccleaner last night.  uninstalled ccleaner, then reinstalled it from scratch and installed ccleaner browser.

let me post what you are requesting.

 

mbst-grab-results.zip

Link to post
Share on other sites

I was looking for an application to convert a video in a realmedia .rm streaming container file to a .mpeg mp4 or vob on October 18th I or my mom hit a website called informationcradle.com which was blocked as a fishing site. then on October 27th I hit a site where I installed a program looks like it is called mymusictools.com I installed an app/program, then it appears from this [point forward that I have been having this trojan problem. The app seems to be a demo that will allow you to purchase an upgrade to the full version but upon trying to contact the maker of the app it lead to some information that is invalid. If this is the correct app. There is another app I installed as well. I had to stop what I was doing because of a hurricane and a power outage. I still need to find an app to convert my file. It's also possible that the file is corrupted with a Trojan and I don't know it yet.  I'm not making any other changes though till you tell me what to do.

Link to post
Share on other sites

Please know that CCleaner is not a tool that is recommended around here, ever since it was sold by Piriform.  Most Experts no longer recommend the use of CCleaner. It's your choice but I'd recommend you uninstall and use builtin tools where possible to achieve general computer maintenance.

Thanks for the Support tool report.  The first thing I would suggest that you do is to insure that this PC gets the very latest Version for Malwarebytes for Windows. The current release version is 4.2.3.96.  All program upgrades are at no charge.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Now, click the tab marked GENERAL.   Look for the button marked "Check for Updates" and click it.  Be sure to follow all prompts.  Lets be sure it is up-to-date.

That will hopefully insure that the program has the very latest Component Update.
Close Malwarebytes when done.

.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.   ( Just be sure that Thunderbird is closed when yu run this.)
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner

 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.

Let me know if the IP block events have stopped.

.

NOTE:  The block events are about IP address "176.9.32.93".   Please know that the Malwarebytes for Windows is keeping the pc safe from potential harm.

Link to post
Share on other sites

I uninstalled ccleaner, but not the ccleaner browser, YET!.

Malwarebytes has been updated.
I checked and Malwarebytes is registered with windows security center. any advice on this?

image.png.5ea2d9bd6225f028f553eb26cf6ecc33.png

I downloaded adwcleaner. I ran it some time back.
I'm not sure what thunderbird is. so i its running, you will have to help me with that, unless that is the ccleaner browser?

I have attached two adwcleaner log files.

Adwcleaner[S00].txt is from a scan I did in June of 2020. the S01 is run today.

 

AdwCleaner[S00].txt AdwCleaner[S01].txt

Link to post
Share on other sites

Thanks for the reports. Adwcleaner version 8.0.8 is the latest version. That is what you ran on the 7th. The report result is good.

As far as Windows Security, and re-setting Microsoft Defender to be the resident antivirus, do the following.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Click the Security Tab. Scroll down to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

( the Off position is all-the-way to the Left.)

Close Malwarebytes when done.

.

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  C:\Windows\debug\msert.log

Please attach that log with your reply.   and, let me know how things are after that point.

 

Link to post
Share on other sites

One problem that I find is that windows cannot delete 1.07mb of temporary internet files. is there something we can do to get this cleaned?

My mom needs something easy that she can use like ccleaner to clean everything. It doesnt matter to me personally, but she is very prudent and wants everything clean.

Aside from "crap cleaner" do you have any sort of unofficial recommendation of a utility like "Hillary Bit" I mean "bleach bit" haha?

image.thumb.png.a2f4718deacd65743db5a62531500604.png

Link to post
Share on other sites

One can use the windows build-in disc cleanup applet called Cleanmgr.  See the top of the article at Tenforums

https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html

.

Also, each web browser has an option to Delete temporary cache files.

When you have a particular browser open,  to delete / clear  temporary files, do this

Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"

Link to post
Share on other sites

  • Solution

Hi.  You are welcome.  I would wish to re-emphasize that a 'Block' notice message is in fact an advisory that the Malwarebytes is doing its job and protecting your system. That the message is not one that means presence of a infection. If indeed there were an infection, the message would be entirely different.

We can wrap this up.  First, cleaning up of the tools used.

Delete mbst-grab-results.zip  on the Desktop.

Delete the file mb-support-1.80.848.exe  that was downloaded.

To remove the FRSTENGLISH  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

Delete msert.exe.

Any other download file I had you save, you may delete.

I do wish you all the best.    😎

Sincerely.

Maurice

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.