Jump to content

Constant Popups But No Malware Found


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello,

 

There are constant popup notifications from MB about blocking an outbound connection. The first MB scan quarantined many things but since then it is clean. The popup notifications persist. 

I have browsed similar threads and attached the information that was requested in those threads as well as the information requested in the instructional topic on asking for help.

Thanks in advance.

MB DETECTION HISTORY.jpg

Addition.txt AdwCleaner[C00].txt FRST.txt MB RPT DETECTION LOG 3.txt MB RTP DETECTION LOG 2.txt MB RTP DETECTION LOG.txt MB SCAN RESULT.txt

Link to post
Share on other sites

Additional Note.

At this point, do this please.

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. 

 

See Support article how-to 

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

 

Note: If your pc has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard.

Add to each browser as appropriate.

.

I will have more for you later.  :cool:

Link to post
Share on other sites

Hello,

Thank you for your fast reply.

I am using Chrome.

I appreciate your suggestion, but I am not interested in adding extensions or software to my computer. I would rather address the issue causing this so I do not need additional browser protections. 

Link to post
Share on other sites

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 Please select "FULL scan" from scan options.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites

Doing a review of the system event logs, noticed this.

Error: (05/26/2021 12:13:20 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe"

 

When did you first try to install Avast ?

Why ?

Please know, I will help you to re-enable the Microsoft Defender antivirus in a upcoming round.

.

On a separate issue, when you get to a point where you are caught up, Do the following.

It should help to reduce somewhat the frequency of Block notices.

And at minimum, it will get Malwarebytes updated to most recent release.

Start Malwarebytes for Windows. Click on the Settings ( gear icon).

 

Now click on the tab "General". scroll thru.

and then click on "Check for Updates " button.

 

Watch & follow all prompts.

 

That ought to do a check with the update server.

If it does not, try again later ( one more time ) at the Top of the clock hour.

.

By then, the MB should be at version 4.4.0.117 & with Component 1.0.1306.

 

Do one Windows Restart.

There will be more to do later.

Link to post
Share on other sites

1 hour ago, Maurice Naggar said:

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 Please select "FULL scan" from scan options.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

OK, the scan log requested is attached.

 

27 minutes ago, Maurice Naggar said:

Doing a review of the system event logs, noticed this.

Error: (05/26/2021 12:13:20 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\AvastUI.exe"

 

When did you first try to install Avast ?

Why ?

Please know, I will help you to re-enable the Microsoft Defender antivirus in a upcoming round.

.

On a separate issue, when you get to a point where you are caught up, Do the following.

It should help to reduce somewhat the frequency of Block notices.

And at minimum, it will get Malwarebytes updated to most recent release.

Start Malwarebytes for Windows. Click on the Settings ( gear icon).

 

Now click on the tab "General". scroll thru.

and then click on "Check for Updates " button.

 

Watch & follow all prompts.

 

That ought to do a check with the update server.

If it does not, try again later ( one more time ) at the Top of the clock hour.

.

By then, the MB should be at version 4.4.0.117 & with Component 1.0.1306.

 

Do one Windows Restart.

There will be more to do later.

I'm not sure exactly when, years ago though. 

MB has been updated and my system is restarted. 

msert.log

Link to post
Share on other sites

The Safety Scanner found & removed 1 trojan.

There is no need to click on "Quote" when you start a reply.

I automatically get all your replies. You & I are the only ones on this topic.

.

I have a multi-faceted custom script for this machine.

Please download the attached fixlist.txt file and save it to the Desktop 

Fixlist.txt

 

NOTE. It's important that both files,  FRST64, and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

 

Run FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

 

Note: If the tool warned you about an outdated version please download and run the updated version.

 

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also reset the Hosts file to standard. It will help also with Microsoft Windows Update. It will re-enable Microsoft Defender.

Depending on the speed of your computer this fix may take 30 minutes or more.

 

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

 

The system will be rebooted after the fix has run.

Kindly attach Fixlog.txt with next reply.

Link to post
Share on other sites

Alright. Good run. Thanks.

The Windows System File Checker corrected some issues regarding Windows System.

.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

  • When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

  • When prompted for scan type, Click on Full scan
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

  • There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

  • Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Link to post
Share on other sites

Thanks. That is a nice cleanup by ESET.

Now I suggest another scan.

Download Sophos Free Virus Removal Tool   and save it to your desktop.

 

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

 

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your reply

 

Close the Notepad document, close the Threat Details screen, then click Start cleanup

 

  • Click Exit to close the program

 

If no threats were found please confirm that result....

 

The Virus Removal Tool scans the following areas of your computer:

  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread.

  • You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Link to post
Share on other sites

Hello,

Apologies for the delay in my reply. 

Please see attached for the Sophos scan result. 

It appears that this has resolved my continuous notifications, but now there is another issue. A command prompt box pops up many times per hour, just like the notifications. I used a screen recorder to freeze frame the command prompt and screenshot it so you can see the content popping up. It is only on my screen for a fraction of a second, but will minimize whatever I'm doing when it happens.

I have attached this along with the Sophos log. 

IMAGE.png

SophosVirusRemovalTool.log

Link to post
Share on other sites

Hi Ryan.  Thanks for the report.

It's near impossible to know what that command prompt windows is all about.  What we can spot though is name of the sub-folder siggcd.

Let's have you set Windows to SHOW ALL folders, all files .  Use the tips of Option ONE or TWO of this article.

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

.

( Then NEXT )  generate a new FARBAR FRST report.  And then attach for my review.

FRST64 is on the desktop.

Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

 

  • _Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._
  • Click YES when prompted by Windows U A C prompt to allow it to run.
  • Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.

 

Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

 

  • Click Yes when the *disclaimer* appears in FRST.

The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

 

  • Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
  • Press Scan button and wait.

 

The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt 

Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

 

Please attach these 2 files to your next reply.

Hopefully this new report will show better clues as to the command window.

Thank you.

Link to post
Share on other sites

Hi again. Next we can run this custom script to take care of the issue of the odd command prompt window.

It turns out apparently it is a schedule Task for a Firefox browser agent. We can remove it along with it's use of a hidden sub-folder, as well as deleting another hidden sub-folder.

.

First, delete old Fixlist.txt on Desktop.

This new, latest  script Fixlist.txt  needs to be saved to the same folder that contains FRST64.exe   /  you have yours saved on Desktop

Fixlist.txt

The custom script on this post is ONLY for this machine and NO other.   

 

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

  • Start the Windows Explorer and then, to the Desktop folder.

 

RIGHT click on  FRST64.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run

 the tool.

  • If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots  of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.

  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Do let me know how things are overall,  after all this.

Link to post
Share on other sites

Sorry for the triple post, I can't figure out how to edit... wondering how to re-enable Windows Defender?

It appears Malware Bytes is gone from my computer since running that fix, but Defender will not allow me to activate it or the real time protections. 

Link to post
Share on other sites

Hi.  Thanks for the reports.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

 

Click the Security Tab. Scroll down to 

"Windows Security Center"

 

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

 

{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

 

Close Malwarebytes when done.

This should allow the MS Defender to be able to be re-enabled.

This action will not affect the protections of Malwarebytes if you have Premium.

Know that my help here is free.

.

For MS Defender visual look.

This is one way to do a manual scan using the Microsoft Windows Defender antivirus.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

 

Next, In Windows Security section: Click on the grey button Open Windows Security

.

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status and that protection is on.

 

 On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon.

You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom).

Link to post
Share on other sites

I am not able to update, when I follow your direction and click the check update button nothing happens.

When I try "quick scan" it stays at 0:00:00 and 0 files scanned.

All options to enable protections remain greyed out. 

Link to post
Share on other sites

Regret your trouble.

Request a new query report using Windows Powershell.

 

Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in

powershell

 

Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator".

 

Then you will see the Powershell window. Into that, we want to Copy & Paste this entire line as is

get-mpcomputerstatus

 

then tap the Enter-key and wait and watch the result.

 

When it has displayed a blue screen with lots of info , when done, then use the mouse pointer and do a RIGHT-Click on the top title bar of Powershell window.

 

Select "Select all"

 

Next then 

Select COPY

 

Next, on this forum topic, in a new Reply, Right click the white reply box 

And select PASTE 

Link to post
Share on other sites

Hi Maurice,

Here is the requested copy and paste:

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\WINDOWS\system32> get-mpcomputerstatus
get-mpcomputerstatus : Provider load failure
At line:1 char:1
+ get-mpcomputerstatus
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
   tatus], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041013,Get-MpComputerStatus

Link to post
Share on other sites

Hi Ryan.   Sorry to see that error message.  Let's get 2 readout reports.

( 1 )

This next report is just a Inquiry on some key Windows services.   Just for review.

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

(   2   )

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

 

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

  • If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

also,  Kindly FSS.txt into your reply., also with C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.