Troyano 76236osm1.ru

[vegetta777]

Hola, estoy usando malwarebytes y cada cierto tiempo me salta un mensaje que dice ''Sitio web bloqueado debido a Troyano''

El archivo es C:\Windows\SysWOW64\msiec.exe, el sitio web es 76236osm1.ru como podría eliminar este virus ya que malwarebytes no lo detecta? gracias.

[Maurice Naggar]

Hola    

Please use the Google Translator at https://translate.google.com

to see what I reply to you in English.   You can have it translated to Spanish.

You said   

Quote

Hi, I'm using malwarebytes and every once in a while I get a message saying '' Website blocked due to Trojan ''

The file is 😄 \ Windows \ SysWOW64 \ msiec.exe, the website is 76236osm1.ru, how could I eliminate this virus since malwarebytes does not detect it? thanks.

 

Pleae know that the block message notice from Malwarebytes for Windows means that it is keeping your machine safe from harm.

The message does not mean that there is some infection on your machine.  No, the message is about some thing external.  The trojan is NOT on your machine.

It is at the address with the .RU  domain link.

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

[vegetta777]

Hola, disculpa por tardar tanto en responder no había visto el mensaje aquí esta el reporte de adwcleaner

AdwCleaner[C00].txt

[Maurice Naggar]

Buenos días. Gracias por el informe de Adwcleaner.

Agradecería obtener detalles importantes adicionales / más completos de esta máquina para ayudarlo a avanzar.
 NOTA: Las herramientas y la información obtenida son seguras y no dañan su privacidad o su computadora, por favor permita que los programas se ejecuten si están bloqueados por su sistema.

Tenga paciencia mientras se ejecuta la herramienta de informes. Puede tomar varios minutos. Déjalo correr y tómate su tiempo. Es posible que desee cerrar las otras ventanas abiertas para que haya un campo de visión despejado.
Descargar la herramienta de soporte de Malwarebytes
    
    Una vez que se descargue el archivo, abra su carpeta de Descargas / ubicación del archivo descargado
    Haga doble clic en mb-support-1.80.848.exe para ejecutar el informe

Una vez que se inicia, verá una primera pantalla con 2 botones. Haga clic en el de la izquierda marcado "No tengo un ticket de soporte abierto".

        Es posible que el Control de cuentas de usuario (UAC) le solicite que permita que se realicen cambios en su computadora. Haga clic en Sí para dar su consentimiento.
        
    Coloque una marca de verificación junto a Aceptar acuerdo de licencia y haga clic en Siguiente
Ahora haga clic en el panel lateral izquierdo "No tengo un ticket de soporte abierto"

    Se le presentará una página que dice: "¡Empiece!"
    ¡NO utilice el botón "Iniciar reparación"! Pero mire en cambio la lista de opciones del extremo izquierdo en negro.

    Haga clic en la pestaña Avanzado en la columna de la izquierda
    
    Haga clic en el botón Recopilar registros
    
    Aparecerá una barra de progreso y el programa procederá a obtener los registros de su computadora. Por favor ten paciencia. Tarda varios minutos en reunirse.
   
    Al finalizar, haga clic en un archivo llamado mbst-grab-results.zip que se guardará en su escritorio. Haga clic en Aceptar. Luego salga de la herramienta.

    Adjunte el archivo ZIP en su próxima respuesta.

Por favor, sepan que ayudo aquí como voluntario. y que no estoy en 24 x 7.
La ayuda en este foro es personalizada.

Sinceramente,

Maurice

[vegetta777]

Hola, buenos días aquí esta el informe de mbsupport. Quiero añadir que el mensaje no me apareció mas un día que abrí el administrador de tareas y le di finalizar proceso a un proceso llamado ''msiexec.exe'' luego de eso no volvió a aparecer más el mensaje del respectivo troyano

mbst-grab-results.zip

[Maurice Naggar]

Thank you for the report file.  First, a remark and advice. This computer is running on Windows 7.  That operating system is no longer supported by Microsoft.  So it no longer gets security updates.  Have you considered a free upgrade to Windows 10  from Microsoft ?   Let me know.

.

I notice that this system has no installed antivirus program.  That makes it more exposed to potential infection.

I am going to guide you to doing a few different scans to see if there are actual viruses.

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Please select "FULL"  scan option.

Let me know the result of this.

The log is named MSERT.log 

the log will be at  C:\Windows\debug\msert.log

Please attach that log with your reply.

 

[vegetta777]

Aquí esta el reporte de msert

msert.log

[vegetta777]

Por cierto, también he considerado aftualizar a windows 10, pero no se como hacerlo

[Maurice Naggar]

The report file from the Microsoft Safety Scanner did flag a few files from some games.  We should do another scan.  As to upgradding to Windows 10 from Microsoft, I will provide you some tips at the end of this case.

For now, the following new scan.

I would suggest that you do a scan with a scan tool from ESET  to just only scan the C drive.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

 

When prompted for scan type, Click on Custom scan    ( the choice on far-right side)

We want just the C drive to be scanned.

 

In the display "Select custom scan targets"  keep the top 3 lines ticked,  plus the one for the C drive   ( which should be your Windows drive)

UN-tick the other drives   ( D, E, F,   etc...)

 

Then click on the blue button "Save and continue"

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.  

 

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.  Look for it on the bottom left, in blue.

 

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

The goal here is to see if there are suspicious or actual threats on the C drive.   Attach the log with your next reply.

[vegetta777]

Reporte de eset, disculpe la demora

eset.txt

[Maurice Naggar]

That is a good cleanup by the ESET tool.  It removed 2 items.  One of those was a trojan with the file-name  eeHLTXejnh.exe

How is the system at this point ?   Let me know that for sure.

Also do this next new scan with Malwarebytes for Windows.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON        👈

Click it to get it ON  if it does not show a blue-color

.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click  ( tick )   the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).    👈

🔻

 

 

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

[vegetta777]

Aqui esta el reporte de malwarebytes 

mwbreport.txt

[Maurice Naggar]

That is an excellent result.  No malicious items detected.

I  have 3 suggestions for you to do, and then one new report.

[    1    ]

For the Google Chrome web browser.   A suggestion to better protect Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

[     2      ]

Uninstall one program that is very much out of date & not secure.  Uninstall Java 8 Update 45 

https://www.sevenforums.com/tutorials/77761-programs-features-uninstall-change-program.html

[       3      ]

Adobe Flash Player  PPAPI   version is also out of date.  You shoud get and then install the very latest release from Adobe.

Go to this link with your Chrome browser.  Download, and save, and then run the update

https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

[      4      ]

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

• Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• and save the tool on the desktop.
• If Windows's  SmartScreen block that with a message-window, then
• Click on the MORE INFO spot and over-ride that and allow it to proceed.
• This tool is safe.   Smartscreen is overly sensitive.
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

[vegetta777]

Ya hice todo, también des instalé java pero acerca de eso. Yo juego minecraft sin java se puede jugar o debo instalar otra versión de eso?

Y aquí el reporte de securitycheck

SecurityCheck.txt

[Maurice Naggar]

Hello.    Java is not required.  Unless you run a program that actually needs it.

The SeecurityCheck has highlighted these things for your attention & action.

HotFix KB3177467 Warning! Download Update
HotFix KB3125574 Warning! Download Update
HotFix KB4012212 Warning! Download Update
HotFix KB4499175 Warning! Download Update
HotFix KB4539602 Warning! Download Update

 

NVIDIA GeForce Experience 3.13.1.30 v.3.13.1.30 Warning! Download Update

WinRAR 5.90 (64-bit) v.5.90.0 Warning! Download Update

 

[Maurice Naggar]

Hello.  On the video driver, you should check with the support site for your computer manufacturer.  Check to see if they have a newer driver for the video card.

Also, you may run a report-tool to see other detail about the computer hardware.

Speccy is a tool that provides detailed information about the hardware components and operating system of the computer it is run on. 
You can download it from here. Once installed and run, it will collect system info (no personal data) and create a report.

Click File on the top left, then Publish Snapshot. Provide  the URL link   it gives you.

As to upgrading this machine to Windows 10, I can provide some tips later.

 

 

[vegetta777]

Aqui esta el url de speccy http://speccy.piriform.com/results/F4iq7sqzkgLh4IE3dbaGpUt

[Maurice Naggar]

The video graphic card is listed as ATI Radeon HD 4600 Series

To do a Windows upgrade to Windows 10 see and follow the steps in this article at Tenforums

https://www.tenforums.com/tutorials/139745-upgrade-windows-10-windows-7-free.html

[Maurice Naggar]

Hello.

To remove the FRST  tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete mbst-grab-results.zip   on the Desktop

Delete mb-support-1.80.848.exe

Delete msert.exe

Delete the file downloaded from ESET     esetonlinescanner_enu.exe

Adwcleaner you may keep  and use as needed.

Any other download file I had you download, you may delete.

I wish you all the best.  Stay safe.

Sincerely,

Maurice

Edited January 13, 2021 by Maurice Naggar

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you