Jump to content

Popup messages about a trojan, not detected during scans?


Recommended Posts

Hello,

I installed Malwarebytes Premium on my wifes PC yesterday.

Today she keeps getting popup massages about a Trojan, but Malwarebyte scans do not detect anything.

This message appears when she goes to various websites (all are well known) I do not get the same popups on my PC when I visit the same sites, I am also running Malwarebytes premium.

trojan.png.5583cd6334636e1e5703fcc0821ffb5d.png

How can I find out what is causing this and stop it happening?

Many Thanks mcderd

 

 

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Let me know what problems persists.

Wait for further instructions

p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

Please post the Farbar logs and include the Malwarebytes' log for my review.

Link to post
Share on other sites

Hi,

Remove this program in bold using the Control Panel > Programs > Programs and Features...

Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION


Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-3376959407-671107865-3562844521-1001\...\Host App Service) (Version: 0.273.4.227 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.

<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Hello,

 

I did the above, after the PC rebooted malwarebytes did not report an error going to one of the problems sites, but it turns out Malwarebytes had not started running, I tried to start it manually and I got a message that said "Unable to start, Unable to connect the Service" So I cannot tell if the problem is fixed as Malwarebytes will now not start!

721661823_UnabletoStart.png.9e4e9ac84ab6bae067f02653f57194d2.png

The fixlog.txt is attached

Regards

 

Fixlog.txt

Link to post
Share on other sites

Hi,

Malwarebytes non-critical notifications can be disabled.

Go to this page.
https://support.malwarebytes.com/hc/en-us/articles/360038523594-Adjust-notification-settings-in-Malwarebytes-for-Windows-v3

From the Notifications section, you can configure the following settings:
Turn off non-critical notifications
Toggle the Show Malwarebytes notifications in the Windows System Tray setting to the off position.
DOC-1207-3.png

Does this help?

Link to post
Share on other sites

Nasdaq

I do not understand why you instruced me to remove software from the computer and now when the problem persits you are telling me to turn off the notifications?

Surely this is not a fix? It's just a workaround?

Regards Dennis

Link to post
Share on other sites

Nasdaq,

I went to the support link you provided
https://support.malwarebytes.com/hc/en-us/articles/360038523594-Adjust-notification-settings-in-Malwarebytes-for-Windows-v3

But this is for Version 3

I am running Version 4.3.3 so it does not have the same settings, the settings I have for notifications are different, so can you advise me of the settings I should use for version 4.3.3? so I still receive important notifications.

I tried setting to "Only show if threats were detected" but the problem still persits and the same popup warning appears.

 

Settings.png.2f0ef57037d23caa4f997f98db0f0a94.png

Link to post
Share on other sites

Hi,

All of your setting are enabled.
So every time something is stopped you get notified.

Change the "Show all notifications in  the Windows notification area.
Bring the blue button to the left.

Test the results for a day of two.

If you need addition help go to this page.

https://support.malwarebytes.com/hc/en-us/articles/1500009846762-Malwarebytes-for-Windows-4-3-3-Release-Notes

You can click the Help button at the bottom of the screen and get help.

Link to post
Share on other sites

  • Root Admin

Personally I would not recommend that. That will disable alerts that you may actually want to see.

The image shown in your first post @mcderd is from Google Chrome having something in it that needs to be cleaned out. Unfortunately due to how Google Chrome changed it's programming rules antivirus vendors can no longer inject and remove the items for you. It has to be removed manually.

I would highly suggest following the advice from this article below

https://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/

Thank you

 

Link to post
Share on other sites

AdvancedSetup

Thanks very much, cleaning up Chrome sorted it out.

I did not have the Registry keys, but went through all the steps. It looks like it was caused by an extension as once I had done all the chrome cleaning it worked ok, but all extensions were defaulted to "off"

I turned them "on" one-by-one and found the culprit.

Thanks again, a much better solution than turning off MWB warnings!

 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.