Infection?--Browsers barely moving; endless Malwarebytes scan

[LikeOx]

Hi! Grateful for any help. Yesterday browsers slowed down immensely. Brave crashed repeatedly--at first we figured it was a Brave issue. But Chrome also became slow.

Memory usage running very high during all this. CPU sometimes high as well. Windows 10 machine, under one year old.

Today I went to run a scan--took a while to open Malwarebytes, and once open, it told me it was in the process of scanning and had been scanning for over thirty hours--and had gotten through not much more than 100K files in that time. 

Does this confirm infection and if so, what are our best steps to take next? 

Thank you very much! 
 

[kevinf80]

Hello LikeOx and welcome to Malwarebytes,

Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin

[LikeOx]

Thank you so much for your help, @kevinf80! 

We will take these steps very soon and post the logs. Such a relief to have help with this. Thank you for your time. 

[LikeOx]

Here they are, @kevinf80! FRST and Addition files. Thanks so much for your time and your help.

Addition.txt FRST.txt

[kevinf80]

Hiya LikeOx,

Do not see any malware or infection in your logs. Did you install anything new, or make any updates etc just prior to this issue starting? There are several events showing problems with application hangings, system errors and security (Webroot) signing failures..

Open an elevated command prompt, at the prompt type or copy/paste :- DISM /Online /Cleanup-Image /ScanHealth then hit the enter key. What results do you get..?

Thanks,

Kevin..

[LikeOx]

Hi @kevinf80, Here are the results:

 

Microsoft Windows [Version 10.0.18363.1256]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Windows\system32>DISM /Online /Cleanup-Image /ScanHealth

Deployment Image Servicing and Management tool
Version: 10.0.18362.1139

Image Version: 10.0.18363.1256

[==========================100.0%==========================] No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>
 

We haven't installed anything recently, and we haven't launched any updates, but we have some applications that should be updating themselves automatically--Webroot, Malwarebytes, maybe some others--plus the browsers and the operating system. Brave did seem to make one change not too long ago that I noticed at the feature level--the option to tip appeared in Twitter--so it must have updated itself. I'd say that was within the last 48 hours, so it might be in the right timeframe to be part of the problem. 

If you need to know latest updates for any of the auto-updates, we'd be happy to get that for you if you happen to know how we would do that. Thanks!

[kevinf80]

Continue with this from elevated command prompt again..

Type or copy paste sfc /scannow

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

For windows updates, use the following link to show how to see what updates came in recently. Also to check if any important updates are pending..

https://www.bleepingcomputer.com/news/microsoft/how-to-get-a-list-of-installed-windows-10-updates/

Edited December 12, 2020 by kevinf80
typing error

[LikeOx]

Hi @kevinf80, this went faster than I expected so I wasn't sure if it was really done, but here's the readout:

 

Microsoft Windows [Version 10.0.18363.1256]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc/scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>


Next I'll follow your instructions about the Windows updates. 

 

[LikeOx]

Hello again @kevinf80, Windows says we are up to date on updates. 

The most recent update was four days ago. It's this one:

December 8, 2020—KB4592449 (OS Builds 18362.1256 and 18363.1256)

Here's the link to the MS page on that:

https://support.microsoft.com/en-us/help/4592449/windows-10-update-kb4592449

In the several other update categories, no updates are recent. 

Hmmmm, as I read the details on the Dec. 8 update, it says that as of Dec. 8 our version of Windows 10, 1903, has reached end of servicing and needs to be updated to 1909. Well. That sounds as if it might matter, in which case, I wonder why Windows doesn't tell one to do it?

Should we do it? I'm unsure whether this relates to the problem we are working on here. Thanks!



 

[kevinf80]

I would go for the update, there are several problems showing in the event section of FRST logs. Probably a version update will clear that problem...

[LikeOx]

Hello again,  @kevinf80, just wanted to let you know that we're nearly done (we think / hope) with updating to the latest version of Windows 10. It's been slow but nearly there. We see you are in the U.K. so you are hopefully getting some sleep, and we'll be away from this project till Monday ourselves. We'll be back in touch Monday, hopefully with good news! Thank you so much for your help.

[kevinf80]

Hiya LikeOx,

Thanks for the update, yes post back whenever you`re ready.

Thank you,

Kevin..

[LikeOx]

Hi @kevinf80,

Sorry, super-long, hectic day here! 

So we got the Windows version update done. And since then, Chrome has been happy once again--nice and snappy. But Brave, the first time I opened it, promptly crashed. Blue screen, had to do a hard restart. I've only used Brave once more since then, and only briefly, so am not really sure if it's okay, or not. It was using the whole CPU and a ton of memory when it went down. Didn't have THAT many tabs open--have had that many open many times before. So that part is still a mystery.

We are so thankful for your help in getting us to this point. Knowing it wasn't a virus was a huge relief, and knowing it would be worth it to do the Windows version update was a help as well. 

We're posting a thank-you to your PayPal account, next 🙂. 

[LikeOx]

Hi again @kevinf80, PayPal had trouble processing our donation. Will try again later tonight. 

[LikeOx]

Hi again @kevinf80, got it done another way, so check your account 🙂 

[kevinf80]

Hiya LikeOx,

Yes saw the donation, thank you very much for that.. Regarding Brave, I`ve never used it personally or had any dealings with it, may uninstall/reinstall see if that makes any difference...

I use Firefox, never had any trouble with that browser. Maybe give that a try, also I don`t use Chrome either..

I use Malwarebytes Browser Guard with uBlock Origin uBlock origin for Firefox https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ uBlock origin for Chrome https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee I also recommend auto cookie delete Chrome: https://chrome.google.com/webstore/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh?hl=en FireFox: https://addons.mozilla.org/en-GB/firefox/addon/cookie-autodelete/ and Clear URL`s Chrome: https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk?hl=en FireFox: https://addons.mozilla.org/en-US/firefox/addon/clearurls/   Let me know if you need any further help....   Kevin

[LikeOx]

Hi again @kevinf80, thank you for the browser tool links. We'll check them out! Right now we've reverted to Chrome. Brave was serving a purpose for a while related to not bogging down a work-from-home VPN, but right now Brave is more of an issue than Chrome--wasn't so before . . . so odd. We appreciate your help very much!

[kevinf80]

Hiya LikeOx,

Thanks for the update, unless there are any remaining issues or concerns we can close out...

Right click on FRST here: C:\Users\kbirk\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[LikeOx]

Hi again @kevinf80, I'll mention to my husband that we need to uninstall FRST. Does having it still installed prevent Malwarebytes from doing the regular scan? Or is it just that we need to uninstall it in case we ever need to use it again, and one does that from a fresh install? I'd just like to let him know your final thoughts and make sure he has no more questions, then we can close out. Thanks!

[kevinf80]

Hello @LikeOx I always advise to uninstall FRST, it is easily downloaded if needed again. That decision is really up to your husband, if kept and used personally I strongly advise reading the tutorial....

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/#entry2350722

Regards,

Kevin..

[LikeOx]

Hi again @kevinf80, thanks again! I've passed this on to him, and I think we're all set. How  do I close this out for you? 

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you