Crayolaman Posted April 29, 2021 ID:1454066 Share Posted April 29, 2021 So malwarbytes recently I launched a scan; advanced one in my C drive. It detected a trojan injector in my appdata/local/google/chrome/user data/default/cache/F__ some random numbers So what I also noticed is I've been constantly getting this in windows defender! I am extremely scared, and have been desperate for the past couple of hours. Please someone relieve my stress and help me out because I am near a breakdown as many of my passwords on this computer. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454072 Share Posted April 29, 2021 Helle @Crayolaman My name is Maurice. Please try to remain calm & steady. Do not use Chrome for the time being. Use Edge browser or another. Do not surf the web. No online games. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard prog ram). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454076 Share Posted April 29, 2021 5 minutes ago, Maurice Naggar said: Helle @Crayolaman My name is Maurice. Please try to remain calm & steady. Do not use Chrome for the time being. Use Edge browser or another. Do not surf the web. No online games. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard prog ram). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Hey Maurice, Thank you so much for the advice; I am currently running a full scan! I'll complete the rest of the steps and tell you what happens :)! I have been panicking for the past hour. What happens if I browse on google chrome by the way? I logged into my school site from when that happened so far and also my paypal account. Do you think its compromised (auto saved) passwords Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454079 Share Posted April 29, 2021 At this time, I can't say whether anything at all was compromised. Know that Malwarebytes is protecting this pc if it has the Premium or the trial. Also, Defender antivirus is protecting the pc. There were just 2 things it could not fully deal with. Stay off the web if at all possible, except for going to this forum or getting tools I suggest as you & I go along. There is not one single step fix. There will be more passes / rounds between me & you. If pc is on Windows 10, just use Edge browser for the time being. I will later list steps to deal with flushing & securing Chrome. Much patience please. Finish your current scan. Finish the ESET scan & post it's log when all done. While scan is running, close all browser tabs & exit out of all browsers. Stay off the web. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454102 Share Posted April 29, 2021 39 minutes ago, Maurice Naggar said: At this time, I can't say whether anything at all was compromised. Know that Malwarebytes is protecting this pc if it has the Premium or the trial. Also, Defender antivirus is protecting the pc. There were just 2 things it could not fully deal with. Stay off the web if at all possible, except for going to this forum or getting tools I suggest as you & I go along. There is not one single step fix. There will be more passes / rounds between me & you. If pc is on Windows 10, just use Edge browser for the time being. I will later list steps to deal with flushing & securing Chrome. Much patience please. Finish your current scan. Finish the ESET scan & post it's log when all done. While scan is running, close all browser tabs & exit out of all browsers. Stay off the web. Hey Maurice, so it finished; here's what was said. 2021-04-29 14:23:39 PM Files scanned: 338676 Detected files: 0 Cleaned files: 0 Total scan time: 00:49:48 Scan status: Finished. The same trojan that was persistent and windows defender could not delete, malwarebytes was able to but am I safe??? It constantly came back and I'm still parranoid. SCANLOG.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454113 Share Posted April 29, 2021 Please always mention tool name of each log, unless it is listed in it. Was this last one from ESET ? . Further, I am listing 2 other procedures to do. #1 The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. . #2 I would suggest that you do all 6 steps like on this one post of mine https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523 Attach the report from Adwcleaner back here. We will do more later. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454137 Share Posted April 29, 2021 Heres what it says from the msert, by the way it detected 20 "threats" and removed them all. Also, I will go do the adwcleaner thing now. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454138 Share Posted April 29, 2021 2 hours ago, Maurice Naggar said: Please always mention tool name of each log, unless it is listed in it. Was this last one from ESET ? . Further, I am listing 2 other procedures to do. #1 The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. . #2 I would suggest that you do all 6 steps like on this one post of mine https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523 Attach the report from Adwcleaner back here. We will do more later. Heres what else I got for you from the adwcleaner # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-04-28.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-29-2021 # Duration: 00:00:04 # OS: Windows 10 Home # Scanned: 31969 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454139 Share Posted April 29, 2021 this is what i got after the clean up and this # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-04-28.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-29-2021 # Duration: 00:00:04 # OS: Windows 10 Home # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1406 octets] - [29/04/2021 16:59:05] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454142 Share Posted April 29, 2021 Before I make the next step, I want to make it clear to Not copy & paste copies content of scans. I only want the file itself to be attached. And no screen grabs unless requested or absolutely necessary. The Safety Scanner The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454143 Share Posted April 29, 2021 3 minutes ago, Maurice Naggar said: Before I make the next step, I want to make it clear to Not copy & paste copies content of scans. I only want the file itself to be attached. And no screen grabs unless requested or absolutely necessary. The Safety Scanner The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. msert.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454144 Share Posted April 29, 2021 Thanks. You & I are the only ones active on your topic. When you want to initiate a reply, you do not need to click on 'Quote'. You just simply use the white block at the bottom of screen. The next thing to do is one scan with Malwarebytes for Window. In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 We will do more, later. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454157 Share Posted April 29, 2021 Thi sis what I got, Im confused though about what you mean by " have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected." Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 29, 2021 ID:1454165 Share Posted April 29, 2021 My note section on ticking all detected items flagged is for when there are actual such detections. Here in this case, Zero items were detected at all. This here indicates things are fine as per Malwarebytes. Here are tips on keeping your web browsers safer. Please make time and read all of this. apply the tips. See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. . For Mozilla Firefox, to get & install the Malwarebytes Browser Guard Firefox extension. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ Then proceed with the setup. That link is for English US. There are other language version. Just go to the very bottom right of the page and look at “Change language” list drop down. Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454169 Share Posted April 29, 2021 So am I safe now? Should I change all my passwords, because I had them all saved on chrome and also had all my other passwords saved on text files which were literally on my desktop Link to post Share on other sites More sharing options...
Crayolaman Posted April 29, 2021 Author ID:1454173 Share Posted April 29, 2021 Also one more thing; I've been noticing that my system disk usage is extremely high and its slowing down my computer! Is there anyway to fix this? Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 30, 2021 ID:1454177 Share Posted April 30, 2021 Hello. We have run 4 scans so far. We can run a couple more to keep checking the system. As to the Task Manager display in general, be aware that percentage of use is a snapshot at that instant. The thing is your pc could have been in the midst of running a task, or maybe a background update. It's better to check later in a few hours or tomorrow. . As to passwords, yes you ought to change them to more secure passwords & also use a password manager. @AdvancedSetup has a excellent set of tips on that. I will provide you a link on the next round. For now, let's do a different new scan report. This is just a diagnostic information collection. Please download the Farbar Recovery Scan Tool 64-bit and save it to your desktop. Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen. Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the *disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 30, 2021 ID:1454254 Share Posted April 30, 2021 Note about tips for management of passwords. See the section on ' Use Password Management Software' In the post by Advancedsetup Tips to help protect from infection Link to post Share on other sites More sharing options...
Crayolaman Posted April 30, 2021 Author ID:1454257 Share Posted April 30, 2021 These are the files, thank you maurice so much for your aid. You have really relieved my stress. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Crayolaman Posted April 30, 2021 Author ID:1454260 Share Posted April 30, 2021 My younger brother also plays on this computer, so its often used by him and he hasn't been able to use it. Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 30, 2021 ID:1454302 Share Posted April 30, 2021 Thanks for the FRST reports. As a next step, to checkout your system a bit more, a new scan with Sophos. Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Link to post Share on other sites More sharing options...
Crayolaman Posted April 30, 2021 Author ID:1454310 Share Posted April 30, 2021 Just wanted to show you this. I will be doing the sophus scan soon, but this happened today! Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 30, 2021 ID:1454324 Share Posted April 30, 2021 I make the following observations. The Malwarebytes is keeping your pc safe from potential harm. Block notices are a courtesy notice. Please use Edge browser instead of Chrome. Please do not do any web surfing. Please do Not play online games. Be sure that Chrome is Closed before you initiate the scan with Sophos. I am looking forward to getting your Sophos report after it is done. Meantime, please stay off the web. Meaning close all browsers, except for when getting tools I requested you to get. Link to post Share on other sites More sharing options...
Crayolaman Posted May 1, 2021 Author ID:1454386 Share Posted May 1, 2021 SophosVirusRemovalTool.log And yup I had everything closed! It went on for around 4+ hours. Heres the image of what it said + the log i think so Link to post Share on other sites More sharing options...
Crayolaman Posted May 1, 2021 Author ID:1454388 Share Posted May 1, 2021 and sorry about the web surfing; I just try to do my school work I'll try to stop. I dont do anything else other than that. I'll use my chromebook to do it next time. Thanks. Link to post Share on other sites More sharing options...
Recommended Posts