Connor_ Posted November 8, 2020 ID:1419424 Share Posted November 8, 2020 I recently completed a scan in malwarebytes premium and it said that I had 23 threats, so I clicked "quarantine," and waited but it never advanced and always stayed at "0 of 23 threats quarantined." Anything someone can do to help me with this? Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 8, 2020 ID:1419429 Share Posted November 8, 2020 Hi. I would like you to do a new scan with Malwarebytes for Windows. One of the major goals here is to have it remove all that it detects. If it finds anything that is. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Look for the section "Automatic Quarantine". Be sure it is clicked On ( to the far right side) Then scroll down to the section Potentially Unwanted items. We need the next 2 lines ( for P U P & for P U M) to be set to "Always ( Recommended) ". You can make the change by clicking on the down-arrow selection list-control. We want all P U P & P U M to be marked for removal. Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Link to post Share on other sites More sharing options...
Connor_ Posted November 8, 2020 Author ID:1419432 Share Posted November 8, 2020 Alright, did all of that, here is my file, what should I do next? (Still having the same problem where it was stuck on "0 of 23 threats quarantined") Scan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 8, 2020 ID:1419437 Share Posted November 8, 2020 Thank you for the report. That helps a tremendous lot. What is involved here is PUP.Optional.Segurazo which can be a real challenge to remove. It may take a few more passes after this so have Lots of Patience. Please Close / Exit other open apps so that you have a clear view all around. Run a new, special scan with Malwarebytes. Start Malwarebytes from the Windows Start menu. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the SECURITY tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON Click it to get it ON if it does not show a blue-color Now click the small X to get back to the main menu window. Click the SCAN button. Select a Threat Scan ( which should be the default). When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. Then click on Quarantine selected. Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long. and again, be sure all detected items are removed. Let it remove what it has detected. Let me know how this goes. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 9, 2020 ID:1419458 Share Posted November 9, 2020 Hi. How is it going ? Link to post Share on other sites More sharing options...
Connor_ Posted November 9, 2020 Author ID:1419480 Share Posted November 9, 2020 I did all of that, but still stuck at 0 of 25 threats quarantined. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 9, 2020 ID:1419574 Share Posted November 9, 2020 Sorry to hear that. I am very curious to know, whether you Closed / Exited all other open apps ? and if you would have taken ( if possible that is ) a snapshot of screen where it was "stuck'". Here is what I really truly need for you to do. Again, be sure to Close all of your open app-windows. On this answer here, Copy all of the directions and Paste & Save into a text-document that you can refer to as needed. There are PUPS and a trojan here that needs removing. Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please. Please download Malwarebytes Anti-Rootkit (MBAR) from this link here and save it to your desktop. Doubleclick on the MBAR file and allow it to run. •Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button. With some infections, you may see two messages boxes: 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, press the Cleanup button when the scan completes. . Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply. NOTE: There will be much more to do later. We will need to run a few other additional scans. Please do not do any online games. Don't do any shopping, banking, or anything online that is not absolutely needed, for the duration of this case. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 9, 2020 ID:1419589 Share Posted November 9, 2020 (edited) This is reply 2 of 2 for this Monday morning. Please be real sure that you have seen & completed the MBAR procedure from preceding Reply first. This is an additional procedure to remove the PUPs and trojan just in case any are still around. I am attaching two (2) ZIP files. Save both of them if at all possible to the desktop. Then extract the contents of each also to the DESKTOP. The file Fixlist.zip has 1 file named Fixlist.txt The file FRST-Tool zip has 1 file named FRST-Tool.exe which is a renamed FRST64 ( a tool by Farbar that is a extremely handy tool). These 2 files need to be in the same folder area. I am suggesting them to be on the DESKTOP folder. EXTRACT the contents of each of the ZIP files to the DESKTOP. Once there, they are ready to be used as a pair. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. The system will be rebooted after the script has run. . This custom script is for Connor only / for this machine only. Close and save any open work files before starting this procedure. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Start the Windows Explorer and then, to where you extracted the 2 files. RIGHT click on FRST-TOOL and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Fixlist.zip FRST-TOOL.zip Edited November 9, 2020 by Maurice Naggar Link to post Share on other sites More sharing options...
Connor_ Posted November 10, 2020 Author ID:1419760 Share Posted November 10, 2020 Ok, I'm about to download them, but first I must make you aware that it found 2 more threats when I turned on the rootkits setting, but still wouldn't quarantine the threats. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 10, 2020 ID:1419762 Share Posted November 10, 2020 Just please proceed forward with what I last suggested. Be sure that you Exit out of Malwarebytes if you have it open. and close any other open program you may have opened before you do the Fix run. Have patience. Have faith. Take your time. Go forward. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 10, 2020 ID:1419866 Share Posted November 10, 2020 Good morning. How is it going? Link to post Share on other sites More sharing options...
Connor_ Posted November 11, 2020 Author ID:1420193 Share Posted November 11, 2020 I've tried everything at this point. I let the fix thing run all night with no other apps open. Everything just wont quarantine anything. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 11, 2020 ID:1420194 Share Posted November 11, 2020 Hi. I am sorry to hear that. Kindly locate and then attach the Fixlog.txt file for my review, please. plus I would appreciate getting some additional key details from this machine in order to help you forward. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Do have patience while the report tool runs. It may take several minutes. Just let it run & take its time. You may want to close your other open windows so that there is a clear field of view.Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-1.80.848.exe to run the report Once it starts, you will see a first screen with 2 buttons. Click the one on the left marked "I don't have an open support ticket". You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Now click the left-hand side pane "I do not have an open support ticket" You will be presented with a page stating, "Get Started!" Do NOT use the button “Start repair” ! But look instead at the far-left options list in black. Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer. Please do have patience. It takes several minutes to gather. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK. Then Exit the tool. Please attach the ZIP file in your next reply. Please know I help here as a volunteer. and that I am not on 24 x 7. Help on this forum is one to one. Again, please be sure to ONLY attach report files with your reply (s) as we go along. Do not do a copy / paste into main body. Thank you, Sincerely. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 13, 2020 ID:1420653 Share Posted November 13, 2020 Hi. Just wanted to check in & see how the situation is. If you have been tied up by work or other commitments, I understand. When you get an opportunity, let me know. Sincerely. Link to post Share on other sites More sharing options...
Connor_ Posted November 15, 2020 Author ID:1420895 Share Posted November 15, 2020 Sorry I haven’t been able to respond for a bit, but as a final update, I restarted my computer several times and on about the 4th or 5th time, it actually quarantined the threats, so thank you so much for your help, everything should be fixed now. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted November 15, 2020 Solution ID:1420958 Share Posted November 15, 2020 Hi. Thank you for the status and the good news. I am very glad to know this. I do wish you all the best. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 15, 2020 ID:1420959 Share Posted November 15, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts