Jump to content

PowerShell blocked prosses warning 4104


Recommended Posts

Hello JustRun7 and :welcome:
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

 


Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach that file in to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

Please download the latest version of AdwCleaner by Malwarebytes and save the file to your computer Desktop.

  • Right-click on AdwCleaner.exe and select Run as Administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Agree to accept the EULA (End User License Agreement).
  • Click the Scan Now blue button and wait until the scan is complete.
  • Once the scan completes, make sure that every item listed in the different tabs is checked unless your want to keep the item(s) or suspect that it is a false positive.
  • NOTE: If you are in doubt about any of the identified malware entries detected, please do not proceed to the next "Clean" step. Just select Log Files on the left pane and double-click the AdwCleaner[Sxx].txt name, where xx is replaced by a number (the largest number is from the more recent log and is the one I need to see). Copy and paste the entire contents of the scan log into your next reply for my review.
  • IF you are satisfied that all of the checked entries are malware-related, click on the Quarantine button.
  • Now you may also be asked to Run Basic Repair or skip it. This is optional. I would suggest you skip it for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer.
  • Close all other open windows and allow it to restart.
  • After the restart, Notepad will open with the AdwCleaner cleaning log when logging in. The log can also be found at C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where xx is replaced by a number, the largest number is from the more recent log and is the one I need to see).
  • Please attach that log into your next reply.

 


Please download Malwarebytes from here and install it on your computer.

  • Open Malwarebytes with administrator privileges.
  • Go to "Settings" (upper right corner wheel), "Security" tab, and ensure that "Automatic quarantine" button is turned On.
  • Now scroll down a bit until "Scan options" and ensure the Scan for rootkits button is turned On.
  • Close the "Settings" panel and click the Scan blue button to perform a new scan.
  • Once the scan is completed click on the View report button, then on Export and select Export to TXT.
  • Save the file as a Text file to your Desktop or other location you can find it.
  • Please attach that file in your reply.

 


Please attach the 3 logs in your reply and let me know how is the computer running now.

Thank you.

Android8888

fixlist.txt

Link to post
Share on other sites

Hello

Your logs look good.

What type of notifications are you getting? Is it by e-mail or in Internet browsers?

Link to post
Share on other sites

its on my phone i get them from google account or outlook login history cuz i got phishing on the 20th of march but i manage to get my account and mails back 
now i m getting paranoia that my pc got something on it all the time  thats why im running windows defender +avg + Malwarebytes 
can u help me to check if i got dns hijack cuz its ethire that or i have keylogger on my pc 

Link to post
Share on other sites

Hi,

All your logs were looking good. FRST logs did not show signs of any of those threats that you mentioned.

 

Let's just run one more scan using Microsoft Safety Scanner to ensure all is clean.

This is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.
The download links and the how-to-run-the tool are at the following link at Microsoft.
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
 
I will need to see the scan results.
The log is named MSERT.log and it will be located in %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log.
Please attach that log to your next reply for my review.

 

Android8888

Link to post
Share on other sites

Hello,

Let's run the following scan.

Please download the correct portable free version (32-bit or 64-bit) of RogueKiller for your system and save the file to your computer Desktop.

  • Right-click on the file and select Run as administrator to start the tool.
  • Click Yes to accept the UAC security warning that may appear.
  • Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open.
  • Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button.
  • When the scan is complete, click on Results button. NOTE: DO NOT delete anything it find. All listed items that he can find should be carefully analyzed.
  • Then click on Report button.
  • Click Export button and select "Text file".
  • Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it.
  • Click the Finish button and close RogueKiller window.
  • Copy and paste the entire contents of that log into your next reply.

Let me see the content of the log and wait for further instructions.

Thank you,

Android8888

Link to post
Share on other sites

Hi JusTRun7,

The files detected by SecureAPlus are not essentially malicious. This happens when too many security programs are used simultaneously, causing conflicts between them and detecting false positives.
You are using too many security programs at the same time (AVG, Kaspersky, Malwarebytes, SecureAPlus).
Please uninstall Secure Aplus and leave only Malwarebytes and just one antivirus installed.

Then run the scan with RogueKiller according to my previous instructions here and post the created log.

I need to see that log to proceed.

Thank you.

Android8888

Link to post
Share on other sites

Hi,

These are legit files from Microsoft. The two detections are false positives. Don't worry with them.

It appears you ran RogueKiller in Safe Mode. Tools need to be run in Normal Mode.

Please restart the computer in Normal Mode and run RogueKiller again, then post its log for my review.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.