Jump to content

Malwarebytes finds Trojan.browserhijack


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello  :welcome:

My name is Maurice.

Much patience is needed throughout all of this. There often is not a single quick one step solution.

 

i will need some reports as well.

Please download MBST

SAVE it first.

Once you start it click Advanced > Gather Logs

 

 once it is done. Attach the mbst-grab-results.zip from the Desktop.

Sincerely.

Link to post
Share on other sites

It is best practice to have the Windows Fastboot option OFF. ( Also sometimes called Fastart for Windows 10).

In several ways, as mentioned many times on this forum, Fastboot will lead to quirky situations. Keep it off.

See the how to guide 

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

 

Let me know after. We will then begin other steps.

Link to post
Share on other sites

Hi. Thanks.

I have two things to do with the aim being to clear up the trojan.browserhijack

 

[ 1 ]

Use option One or Two so that Windows shows ALL folders / all files 

 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

[ 2 ]

The following custom script is to do cleanups.

The script Fixlist.txt needs to be saved to the Downloads folder.

 

The custom script on this post is ONLY for this machine and NO other.   

 

Please be sure to Close any open work files, documents, any apps you started yourself before starting this.

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those.

The system will be rebooted after the script has run.

Please save the (attached file named) FIXLIST.txt to the Downloads folder 

Fixlist.txt

 

Start the Windows Explorer and then, to the Downloads folder.

 

  • RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

on the FRST window:

  • Click the Fix button just once, and wait.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Then do a new Scan with Malwarebytes for Windows.

Link to post
Share on other sites

Here follows the FIXLOG.txt file

Fixlog.txt

I've just made a scan with Malwarebytes and the report says nothing was found.

I believe, however, the problem is not entirely solved. I am having a problem with writing marks (since I am portuguese) and they all appear duplicated when i press the keyboard key... like ´´~~^^ .I am not pressing twice, I press once and it writes twice, but only on programs. On windows search tab they work fine, but if naming a folder, for instance, it doesnt't work again...

Link to post
Share on other sites

7 minutes ago, JoaoBarreio said:

Here follows the FIXLOG.txt file

Fixlog.txt 1.92 kB · 0 downloads

I've just made a scan with Malwarebytes and the report says nothing was found.

I believe, however, the problem is not entirely solved. I am having a problem with writing marks (since I am portuguese) and they all appear duplicated when i press the keyboard key... like ´´~~^^ .I am not pressing twice, I press once and it writes twice, but only on programs. On windows search tab they work fine, but if naming a folder, for instance, it doesnt't work again...

About this problem.. when I reboot the computer in the first moments it is ok.. only after a few seconds from the session start the marks problem begins.

Link to post
Share on other sites

I very much prefer to have actual Scan Report files rather than screen images.

Second, the keyboard issue is not malware.  You need to flip the keyboard case upside down & see about shaking loose any dust or foreign particles.

And look all around the keyboard area for junk. Be sure it is clear.

.

I have a new Fixlist here.

Delete the one from before.

Save this new one to Downloads.

Fixlist.txt

Do a new Fix with the FRSTENGLISH

Link to post
Share on other sites

Here goes the new fixlog file.

Fixlog.txt

It seems there is something always triggering the malware...

 scanresult.txt

Just to show you the keyboard issue: im doing it with the keyboard on screen.

testing ~~ ´´ ~~~~

As you see i press once on the key and it writes twice the mark, not even letting to put a letter...

Link to post
Share on other sites

  • AdvancedSetup changed the title to Malwarebytes finds Trojan.browserhijack

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

 

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes

 

  • When prompted for scan type, Click on Full scan
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.

 

  • There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

 

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

 

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

 

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please attach the log report.

Link to post
Share on other sites

Next.  get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.

Disregard the title subject of the topic.

 

Run the MBAR tool as listed here 

 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

 

 

when done, I need the MBAR logs.

Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.

 

Both files can be found in the extracted MBAR folder on your Desktop.

Please attach both files in your next reply.

Link to post
Share on other sites

I regret all the trouble you are having.

This last run of Malwarebytes for Windows found items in 

C:\ProgramData\Kfgk\Jebt

The MBAR tool found items in 

C:\ProgramData\Kfgk\Xznbl

 

You can delete the folder 

C:\ProgramData\Kfgk

As well as all folders below it.

.

I would like you to also do 

Run Roguekillerx64 like on this one post of mine 

https://forums.malwarebytes.com/topic/269932-random-usb-connect-noises-at-time/?do=findComment&comment=1435959

 

.

As to your last point about the Windows Operating system.

See this article at Tenforums

"How to Refresh Windows 10"

https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

 

 Consider doing a 'REFRESH'

Link to post
Share on other sites

I could not read most of that report.

Let me suggest that you do this.

1 Empty the Recycle Bin 

2 Restart Windows into Safe Mode with Networking.

Do a new Scan with Malwarebytes.

Be sure all threats are Removed.

Also, run MBAR

 

3. Restart back into Normal mode 

4. Do new Scan with Malwarebytes

Link to post
Share on other sites

If there is still problems by this point, then I would suggest you do the procedures outlined by AdvancedSetup on this one post 

https://forums.malwarebytes.com/topic/272636-i-am-in-dire-straits-computer-lock-out/?do=findComment&comment=1449678

 

 

This involves making a special USB flash thumb drive by running the Microsoft Media Creation Tool + putting FRST64 on it + booting up machine with it 

Into Recovery mode + running FRST64 

And you post back here the new reports FRST + Addition.

After which I will review & guide you.

I am concerned that this machine has a repeating re generating trojan .

The report run here would be just one first step.

Edited by Maurice Naggar
Link to post
Share on other sites

35 minutes ago, Maurice Naggar said:

I could not read most of that report.

Let me suggest that you do this.

1 Empty the Recycle Bin 

2 Restart Windows into Safe Mode with Networking.

Do a new Scan with Malwarebytes.

Be sure all threats are Removed.

Also, run MBAR

 

3. Restart back into Normal mode 

4. Do new Scan with Malwarebytes

I restarted in safe mode with network, ran Malwarebytes and nothing was found: Malwarebytes_log_safemode.txt

Then I ran MBAR and nothing was found: system-log_safemode.txtmbar-log-2021-05-27 (15-19-12)_safemode.txt

Then restarted in normal mode, ran Malwarebytes again and the 6 threats were found again (Malwarebytes_log_after.txt) on the folder I had deleted before, so definitely there is something re-generating this malware. 

My question is: is it worthy to make the USB flash procedure and FRST64 or, as I am willing to do it, is it faster and straightforward to make a hard reset to windows?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.