RJK98 Posted May 26, 2021 ID:1459603 Share Posted May 26, 2021 Hello, There are constant popup notifications from MB about blocking an outbound connection. The first MB scan quarantined many things but since then it is clean. The popup notifications persist. I have browsed similar threads and attached the information that was requested in those threads as well as the information requested in the instructional topic on asking for help. Thanks in advance. Addition.txt AdwCleaner[C00].txt FRST.txt MB RPT DETECTION LOG 3.txt MB RTP DETECTION LOG 2.txt MB RTP DETECTION LOG.txt MB SCAN RESULT.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459606 Share Posted May 26, 2021 Hi The Malwarebytes is keeping your pc safe from harm. Which web browser is on or in use ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459607 Share Posted May 26, 2021 Additional Note. At this point, do this please. Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard. Add to each browser as appropriate. . I will have more for you later. Link to post Share on other sites More sharing options...
RJK98 Posted May 26, 2021 Author ID:1459610 Share Posted May 26, 2021 Hello, Thank you for your fast reply. I am using Chrome. I appreciate your suggestion, but I am not interested in adding extensions or software to my computer. I would rather address the issue causing this so I do not need additional browser protections. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459616 Share Posted May 26, 2021 The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Please select "FULL scan" from scan options. Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459636 Share Posted May 26, 2021 Doing a review of the system event logs, noticed this. Error: (05/26/2021 12:13:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe" When did you first try to install Avast ? Why ? Please know, I will help you to re-enable the Microsoft Defender antivirus in a upcoming round. . On a separate issue, when you get to a point where you are caught up, Do the following. It should help to reduce somewhat the frequency of Block notices. And at minimum, it will get Malwarebytes updated to most recent release. Start Malwarebytes for Windows. Click on the Settings ( gear icon). Now click on the tab "General". scroll thru. and then click on "Check for Updates " button. Watch & follow all prompts. That ought to do a check with the update server. If it does not, try again later ( one more time ) at the Top of the clock hour. . By then, the MB should be at version 4.4.0.117 & with Component 1.0.1306. Do one Windows Restart. There will be more to do later. Link to post Share on other sites More sharing options...
RJK98 Posted May 26, 2021 Author ID:1459641 Share Posted May 26, 2021 1 hour ago, Maurice Naggar said: The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Please select "FULL scan" from scan options. Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. OK, the scan log requested is attached. 27 minutes ago, Maurice Naggar said: Doing a review of the system event logs, noticed this. Error: (05/26/2021 12:13:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe" When did you first try to install Avast ? Why ? Please know, I will help you to re-enable the Microsoft Defender antivirus in a upcoming round. . On a separate issue, when you get to a point where you are caught up, Do the following. It should help to reduce somewhat the frequency of Block notices. And at minimum, it will get Malwarebytes updated to most recent release. Start Malwarebytes for Windows. Click on the Settings ( gear icon). Now click on the tab "General". scroll thru. and then click on "Check for Updates " button. Watch & follow all prompts. That ought to do a check with the update server. If it does not, try again later ( one more time ) at the Top of the clock hour. . By then, the MB should be at version 4.4.0.117 & with Component 1.0.1306. Do one Windows Restart. There will be more to do later. I'm not sure exactly when, years ago though. MB has been updated and my system is restarted. msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459644 Share Posted May 26, 2021 The Safety Scanner found & removed 1 trojan. There is no need to click on "Quote" when you start a reply. I automatically get all your replies. You & I are the only ones on this topic. . I have a multi-faceted custom script for this machine. Please download the attached fixlist.txt file and save it to the Desktop Fixlist.txt NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also reset the Hosts file to standard. It will help also with Microsoft Windows Update. It will re-enable Microsoft Defender. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Kindly attach Fixlog.txt with next reply. Link to post Share on other sites More sharing options...
RJK98 Posted May 26, 2021 Author ID:1459658 Share Posted May 26, 2021 Hello, Attached is the fixlog requested. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459674 Share Posted May 26, 2021 Alright. Good run. Thanks. The Windows System File Checker corrected some issues regarding Windows System. . I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Link to post Share on other sites More sharing options...
RJK98 Posted May 26, 2021 Author ID:1459694 Share Posted May 26, 2021 Hello, attached is the ESET scan. ESET SCAN.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 26, 2021 ID:1459704 Share Posted May 26, 2021 Thanks. That is a nice cleanup by ESET. Now I suggest another scan. Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Link to post Share on other sites More sharing options...
RJK98 Posted June 2, 2021 Author ID:1461087 Share Posted June 2, 2021 Hello, Apologies for the delay in my reply. Please see attached for the Sophos scan result. It appears that this has resolved my continuous notifications, but now there is another issue. A command prompt box pops up many times per hour, just like the notifications. I used a screen recorder to freeze frame the command prompt and screenshot it so you can see the content popping up. It is only on my screen for a fraction of a second, but will minimize whatever I'm doing when it happens. I have attached this along with the Sophos log. SophosVirusRemovalTool.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2021 ID:1461155 Share Posted June 2, 2021 Hi Ryan. Thanks for the report. It's near impossible to know what that command prompt windows is all about. What we can spot though is name of the sub-folder siggcd. Let's have you set Windows to SHOW ALL folders, all files . Use the tips of Option ONE or TWO of this article. https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html . ( Then NEXT ) generate a new FARBAR FRST report. And then attach for my review. FRST64 is on the desktop. Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. _Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the *disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Hopefully this new report will show better clues as to the command window. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2021 ID:1461164 Share Posted June 2, 2021 Hi again. Next we can run this custom script to take care of the issue of the odd command prompt window. It turns out apparently it is a schedule Task for a Firefox browser agent. We can remove it along with it's use of a hidden sub-folder, as well as deleting another hidden sub-folder. . First, delete old Fixlist.txt on Desktop. This new, latest script Fixlist.txt needs to be saved to the same folder that contains FRST64.exe / you have yours saved on Desktop Fixlist.txt The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Start the Windows Explorer and then, to the Desktop folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Do let me know how things are overall, after all this. Link to post Share on other sites More sharing options...
RJK98 Posted June 3, 2021 Author ID:1461170 Share Posted June 3, 2021 Hello, Attached are the requested documents. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
RJK98 Posted June 3, 2021 Author ID:1461174 Share Posted June 3, 2021 Hello, After doing the above steps, I have downloaded and run the fix. Here is the requested file. Things appear to be working well. Can you kindly direct me to a donation link? I appreciate your help and would like to contribute to your site. Fixlog.txt Link to post Share on other sites More sharing options...
RJK98 Posted June 3, 2021 Author ID:1461178 Share Posted June 3, 2021 Sorry for the triple post, I can't figure out how to edit... wondering how to re-enable Windows Defender? It appears Malware Bytes is gone from my computer since running that fix, but Defender will not allow me to activate it or the real time protections. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2021 ID:1461227 Share Posted June 3, 2021 Hi. Thanks for the reports. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } Close Malwarebytes when done. This should allow the MS Defender to be able to be re-enabled. This action will not affect the protections of Malwarebytes if you have Premium. Know that my help here is free. . For MS Defender visual look. This is one way to do a manual scan using the Microsoft Windows Defender antivirus. From the Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security . Now, click on the shield Virus and threat protection By the way, when you see a green check-mark on your display, it means a good status and that protection is on. On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon. You can click on that to have the system check for updates for Windows Defender. Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom). Link to post Share on other sites More sharing options...
RJK98 Posted June 3, 2021 Author ID:1461333 Share Posted June 3, 2021 I am not able to update, when I follow your direction and click the check update button nothing happens. When I try "quick scan" it stays at 0:00:00 and 0 files scanned. All options to enable protections remain greyed out. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2021 ID:1461371 Share Posted June 3, 2021 Regret your trouble. Request a new query report using Windows Powershell. Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in powershell Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator". Then you will see the Powershell window. Into that, we want to Copy & Paste this entire line as is get-mpcomputerstatus then tap the Enter-key and wait and watch the result. When it has displayed a blue screen with lots of info , when done, then use the mouse pointer and do a RIGHT-Click on the top title bar of Powershell window. Select "Select all" Next then Select COPY Next, on this forum topic, in a new Reply, Right click the white reply box And select PASTE Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 5, 2021 ID:1461750 Share Posted June 5, 2021 Hello. How is it going today ? Any news? Link to post Share on other sites More sharing options...
RJK98 Posted June 7, 2021 Author ID:1462102 Share Posted June 7, 2021 Hi Maurice, Here is the requested copy and paste: Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\WINDOWS\system32> get-mpcomputerstatus get-mpcomputerstatus : Provider load failure At line:1 char:1 + get-mpcomputerstatus + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS tatus], CimException + FullyQualifiedErrorId : HRESULT 0x80041013,Get-MpComputerStatus Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 7, 2021 ID:1462105 Share Posted June 7, 2021 Hi Ryan. Sorry to see that error message. Let's get 2 readout reports. ( 1 ) This next report is just a Inquiry on some key Windows services. Just for review. Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. ( 2 ) I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt also, Kindly FSS.txt into your reply., also with C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
RJK98 Posted June 7, 2021 Author ID:1462108 Share Posted June 7, 2021 Please see attached for the requested documentation. FSS.txt SecurityCheck.txt Link to post Share on other sites More sharing options...
Recommended Posts