theoldmole Posted January 20, 2021 ID:1433321 Share Posted January 20, 2021 Malwarebytes recently flagged a strange file that was quarantined during a scan. The file was removed but I just want to make sure there is nothing left behind. I've attached the scan log and the FRST logs. FRST.txt Addition.txt Log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 20, 2021 ID:1433330 Share Posted January 20, 2021 Hello theoldmole and welcome to Malwarebytes, Do not see any obvious malware or infection in your FRST logs, run the following indepth AV scan to double check... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Thank you, Kevin.... Link to post Share on other sites More sharing options...
theoldmole Posted January 20, 2021 Author ID:1433348 Share Posted January 20, 2021 1 hour ago, kevinf80 said: Hello theoldmole and welcome to Malwarebytes, Do not see any obvious malware or infection in your FRST logs, run the following indepth AV scan to double check... Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Thank you, Kevin.... Thank you for replying. Everything came back clean. Is there anything else you want me to do? Link to post Share on other sites More sharing options...
theoldmole Posted January 20, 2021 Author ID:1433349 Share Posted January 20, 2021 Forgot to post the log. SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Solution kevinf80 Posted January 20, 2021 Solution ID:1433359 Share Posted January 20, 2021 Hiya theoldemole, I`d say your system is clean, we do not find anything untoward. How do you feel your system is responding, any issues or concerns...? Thank you, Kevin.. Link to post Share on other sites More sharing options...
theoldmole Posted January 20, 2021 Author ID:1433360 Share Posted January 20, 2021 Nothing that I am aware of. My main concern is what the flagged file was. Much appreciated. Link to post Share on other sites More sharing options...
kevinf80 Posted January 20, 2021 ID:1433363 Share Posted January 20, 2021 Hiya theoldmole, Continue to clean up: Uninstall the following program (unless you prefer to keep it):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\John\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Install the folllowing: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
theoldmole Posted January 21, 2021 Author ID:1433589 Share Posted January 21, 2021 15 hours ago, kevinf80 said: Hiya theoldmole, Continue to clean up: Uninstall the following program (unless you prefer to keep it):Sophos AVhttp://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Also delete this folder if still present: C:\ProgramData\Sophos Next, Right click on FRST here: C:\Users\John\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Install the folllowing: Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Done and dusted. Do you have any information about the flagged file itself? Link to post Share on other sites More sharing options...
kevinf80 Posted January 21, 2021 ID:1433593 Share Posted January 21, 2021 Hiya theoldmole, Without having the file available for analysis then knowing its purpose is always difficult. However, any executable running from a temp folder is always suspicious, hence Malwarebytes reaction. Regards, Kevin.. Link to post Share on other sites More sharing options...
theoldmole Posted January 21, 2021 Author ID:1433607 Share Posted January 21, 2021 Thank you. I appreciate your time and patience. Link to post Share on other sites More sharing options...
kevinf80 Posted January 21, 2021 ID:1433631 Share Posted January 21, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts