Ludradule Posted December 8, 2020 ID:1426050 Share Posted December 8, 2020 Thanks for the great anti-virus and support. I am struggling with BTC clipper virus on relatively fresh Windwos instace. Both Malwarebytes and Microsoft Safety Scanner scanned zero threats, but the issue and vrus is persistent. Ill include Farbar log and addition file in the attachment as well I could not spot anyting unusual. Hopefully someone could shed some light for me here. Thanks in advance. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted December 8, 2020 Solution ID:1426070 Share Posted December 8, 2020 Hello Let me suggest these actions as starters for the issue you have described. In the Windows 10 search box, type in remote desktop on the result list, look for Remote Desktop application app and click on Run as Administrator Click on Yes when prompted on the folloring window, look at bottom right-side & click on "Show Options" Next click on the tab "Local Resources" and un- tick the check box for Clipboard Also: Disabling Remote Desktop Services featureshttps://docs.microsoft.com/en-us/windows/win32/termserv/disabling-terminal-services-features For enhanced security, you might choose to disable Remote Desktop Services features such as clipboard redirection and printer redirection for clients that connect to Remote Desktop Session Host (RD Session Host) servers using the Remote Desktop ActiveX Control. 1 Link to post Share on other sites More sharing options...
Ludradule Posted December 8, 2020 Author ID:1426074 Share Posted December 8, 2020 16 minutes ago, Maurice Naggar said: Hello Let me suggest these actions as starters for the issue you have described. In the Windows 10 search box, type in remote desktop on the result list, look for Remote Desktop application app and click on Run as Administrator Click on Yes when prompted on the folloring window, look at bottom right-side & click on "Show Options" Next click on the tab "Local Resources" and un- tick the check box for Clipboard Also: Disabling Remote Desktop Services featureshttps://docs.microsoft.com/en-us/windows/win32/termserv/disabling-terminal-services-features For enhanced security, you might choose to disable Remote Desktop Services features such as clipboard redirection and printer redirection for clients that connect to Remote Desktop Session Host (RD Session Host) servers using the Remote Desktop ActiveX Control. WOW! That worked out of box seems the Workstation has been infected. I still can't believe this. I could have been spending days on this issue and would never think of this. Your knowledge is beyond amazing! Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 8, 2020 ID:1426076 Share Posted December 8, 2020 Good to know ! Let me suggest one simple, easy scan with the Malwarebytes Adwcleaner to check for adwares, just in case. Be sure you close all web browsers before you click on the "Scan" button on this next procedure. I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs Thanks. Keep me advised. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 16, 2020 ID:1427437 Share Posted December 16, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts