friknfrak Posted May 17, 2021 ID:1457346 Share Posted May 17, 2021 I have had Malware on my system since December (only recently found by Malware-bytes). Malware-bytes scans are clean (run multiple times with restarts in between). I want to make sure that nothing else was installed. TIA Addition.txt FRST.txt MB-full scan.txt MB-quick scan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457363 Share Posted May 17, 2021 Hi. My name is Maurice. I will guide you. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457402 Share Posted May 17, 2021 for after the Eset scan has been done, since Norton Security is the installed / resident antivirus app, next step, do a scan with the Norton Security. Link to post Share on other sites More sharing options...
friknfrak Posted May 17, 2021 Author ID:1457417 Share Posted May 17, 2021 Maurice, Thank you for the quick response. I regularly run Hitmanpro, Roguekiller, Norton Quick and Full scans. None have found anything in quite a while. Malware Bytes is the only scanner that has detected anything. Eset log attached. Rob eset.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457430 Share Posted May 17, 2021 Hi. Thanks for the report. Please understand that you ought not to be running RogueKiller on your own. Norton Security appears to be the resident antivirus. So, you want to be sure that any old remains of AVG antivirus are fully removed. I'd suggest that you get & then run the AVG CLEAR tool. From this link at MajorGeeks When all done, Restart Windows. . the 2 scans you relayed at the top, from Malwarebytes, showed zero malware. What was the date of the last scan by MB that flagged "stuff" ? And can you find & relay a copy of that scan report. Link to post Share on other sites More sharing options...
friknfrak Posted May 17, 2021 Author ID:1457440 Share Posted May 17, 2021 Check. I will stop running Roguekiller. Attached is the report where the malware was detected. Running AVG cleaner right now. Rob mb threat report.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 17, 2021 Solution ID:1457445 Share Posted May 17, 2021 Thanks. That scan was on the 10th & all threats were removed. A good cleanup in my opinion. The main one was Malware.AI.3810428386, C:\PROGRAM FILES (X86)\BROWNY02\BRYNSVC.EXE, Quarantined All threats removed. The elements listed as software Classes do not carry any sort of 'payload'. Overall, a good cleanup by the AI component of the real-time Premium protections of Malwarebytes for Windows. 1 Link to post Share on other sites More sharing options...
friknfrak Posted May 17, 2021 Author ID:1457451 Share Posted May 17, 2021 Thanks Maurice for your help. I will close the thread later this afternoon. Cautionary tale: Don't click on a link in an email. II know better but the bad guys are very clever. As far as I am concerned, Malware-bytes is a must have scanner and well worth the price for the premium version. Rob 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457456 Share Posted May 17, 2021 I have a whole speech on being real careful before clicking & doing a mouse-pointer hover over any link from any source. . I would encourage you to have the Malwarebytes Browser Guard for each browser, as appropriate, for each of Firefox, Chrome, Edge, & Brave. The latter 2 use the same one ( installed on each browser) as Chrome. Here are tips on keeping your web browsers safer. Please make time and read all of this. apply the tips. See this article on our Malwarebytes Blog https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". . If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome. To get & install the Malwarebytes Browser Guard extension for Chrome, Open this link in your Chrome browser: https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee Then proceed with the setup. Do same using EDGE Do same using BRAVE browser. . For Mozilla Firefox, to get & install the Malwarebytes Browser Guard Firefox extension. Open this link in your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ Then proceed with the setup. That link is for English US. There are other language version. Just go to the very bottom right of the page and look at “Change language” list drop down. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 18, 2021 ID:1457699 Share Posted May 18, 2021 (edited) Hi. I am glad to have worked with you. We can proceed with cleanup of tools we used. To remove the FRST tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete the esetonline download file. Any other download file I had you download, you may delete. I wish you all the best. Stay safe. Sincerely. Maurice Edited May 18, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 18, 2021 ID:1457700 Share Posted May 18, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts