Sarfraz Posted May 31, 2021 ID:1460610 Share Posted May 31, 2021 hey i am having an issue when i try to copy any crypto address and paste it anywhere it change automatic. please help me to fix this. i run malwarebytes scan many time but still this does not fixes yet. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460651 Share Posted May 31, 2021 Hello @Sarfraz As a first thing to apply, see & do https://forums.malwarebytes.com/topic/267751-btc-clipper-malwarebytes-undetected/?do=findComment&comment=1426070 Link to post Share on other sites More sharing options...
Sarfraz Posted May 31, 2021 Author ID:1460654 Share Posted May 31, 2021 7 minutes ago, Maurice Naggar said: Hello @Sarfraz As a first thing to apply, see & do https://forums.malwarebytes.com/topic/267751-btc-clipper-malwarebytes-undetected/?do=findComment&comment=1426070 but i have many remote desktop servers which i need to connect if i follow this i think that gonna not make copy from any remote desktop server . Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460656 Share Posted May 31, 2021 Is the issue on only just 1 machine ? I do need you to do all steps on just one machine to get started. Do what is listed on this pinned post https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Sarfraz Posted May 31, 2021 Author ID:1460662 Share Posted May 31, 2021 51 minutes ago, Maurice Naggar said: Is the issue on only just 1 machine ? I do need you to do all steps on just one machine to get started. Do what is listed on this pinned post https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ i have just followed the step and uploaded the required files. please check Addition.txt FRST.txt mwblog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460667 Share Posted May 31, 2021 Thank you. The Malwarebytes for Windows reports no malicious malware. I will be guiding you to doing a series of scans. Starting with this. Let me suggest you do one scan with Adwcleaner to check for adwares. First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Note Question: This Windows 10 here, do you access it yourself from a external connection source ? Or is it only used by you in person sitting there? Link to post Share on other sites More sharing options...
Sarfraz Posted May 31, 2021 Author ID:1460673 Share Posted May 31, 2021 29 minutes ago, Maurice Naggar said: Thank you. The Malwarebytes for Windows reports no malicious malware. I will be guiding you to doing a series of scans. Starting with this. Let me suggest you do one scan with Adwcleaner to check for adwares. First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Note Question: This Windows 10 here, do you access it yourself from a external connection source ? Or is it only used by you in person sitting there? i have the log file.. i used windows 10 on my personal laptop.. meaning i m sitting there Link to post Share on other sites More sharing options...
Sarfraz Posted May 31, 2021 Author ID:1460674 Share Posted May 31, 2021 Just now, Sarfraz said: i have the log file.. i used windows 10 on my personal laptop.. meaning i m sitting there sorry file was not uploaded .. now i have attached.. AdwCleaner[C01].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460683 Share Posted May 31, 2021 Thank you. I will be getting back with you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460686 Share Posted May 31, 2021 Howdy. What follows is a custom script for this system. The script Fixlist.txt needs to be saved to the same folder that contains FRST64.exe / you have yours saved on desktop. The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Please save the (attached file named) FIXLIST.txt to the DESKTOP folder Fixlist.txt Start the Windows Explorer and then, to the DESKTOP folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots of patience when this starts. You will see a green progress bar start. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Do let me know how things are overall, after all this. Link to post Share on other sites More sharing options...
Sarfraz Posted May 31, 2021 Author ID:1460687 Share Posted May 31, 2021 Thank you it worked . and now i can copy without any interference. i have also attached the log file. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2021 ID:1460691 Share Posted May 31, 2021 That is very good to know. We need to delete one file that is a threat. On the Windows taskbar , on the Windows search box, type in cmd.exe and then look at the entire list of choices, and click on Run as Administrator. Once the Command prompt window is up, copy > paste the line in the code-box below into the command-window. del C:\Windows\System32\msh.exe Reply YES to delete when prompted. . There is one file we need uploaded for analysis at Virustotal. The site uses multiple search engines from several companies). Go to the link https://www.virustotal.com/gui/home/upload You will see Choose file button. Click that as a first step. You will then see a dialog grid from Windows. I need for you to upload C:\Windows\System32\msn.exe I need for you to save the Link to the result analysis at Virustotal. Let me know. Much thanks. Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460761 Share Posted June 1, 2021 10 hours ago, Maurice Naggar said: That is very good to know. We need to delete one file that is a threat. On the Windows taskbar , on the Windows search box, type in cmd.exe and then look at the entire list of choices, and click on Run as Administrator. Once the Command prompt window is up, copy > paste the line in the code-box below into the command-window. del C:\Windows\System32\msh.exe Reply YES to delete when prompted. . There is one file we need uploaded for analysis at Virustotal. The site uses multiple search engines from several companies). Go to the link https://www.virustotal.com/gui/home/upload You will see Choose file button. Click that as a first step. You will then see a dialog grid from Windows. I need for you to upload C:\Windows\System32\msn.exe I need for you to save the Link to the result analysis at Virustotal. Let me know. Much thanks. i have tried to follow your instruction but the file you mention msh.exe is not available in my system anymore so i can not delete with CMD and can not upload on virustotal. is there anything else i can do ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2021 ID:1460803 Share Posted June 1, 2021 Ok. I'll guide you on tools cleanup on next round. Now, just as safety checks, 2 scans that will not take a lot of time. 1. Do a new scan with Malwarebytes for Windows. 2. Do a scan with Microsoft Safety Scanner. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Select "QUICK " scan from scan Options. Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. 1 Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460807 Share Posted June 1, 2021 here is the log file.. msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2021 ID:1460814 Share Posted June 1, 2021 Thanks. OK. This is fine. Is all else in good stead ? Do you need other help ? Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460816 Share Posted June 1, 2021 i have scan with malwarebytes there i still can see the file msh.exe .. but when i go to the directory there is none.. and i tried to delete through CMD still file not found. but malwarebytes keep showing it . here the log file mwblogg.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2021 ID:1460818 Share Posted June 1, 2021 Could you please, now, do a new scan with Malwarebytes for Windows. Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460820 Share Posted June 1, 2021 here it is.. this time did not came.. mwblog2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2021 ID:1460821 Share Posted June 1, 2021 Thanks. That's better. New readout please. FRST64 is on your desktop. Right-click on FRST64.exe and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run. Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway. Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the *disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked). Press Scan button and wait. The tool will produce 2 logfiles on your desktop: FRST.txt , Addition.txt Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files. Please attach these 2 files to your next reply. Thank you. Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460823 Share Posted June 1, 2021 here is new scan file Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted June 1, 2021 Solution ID:1460836 Share Posted June 1, 2021 I have a new script for you to run. It should not take a whole lot of time. It will search for a potential malicious msn.exe If found it should remove it. It will Enable MS Microsoft Defender. It will run Windows System File Checker. . Please first the old Fixlist.txt on desktop. The new script Fixlist.txt needs to be saved to the same folder that contains FRST64.exe / you have yours saved on desktop. The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. The system will be rebooted after the script has run. Please save the (attached file named) FIXLIST.txt to the DESKTOP folder Fixlist.txt Start the Windows Explorer and then, to the DESKTOP folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. on the FRST window: Click the Fix button just once, and wait. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity . I will review your log after you send it. I will likely guide you to doing a scan with MS Defender. Link to post Share on other sites More sharing options...
Sarfraz Posted June 1, 2021 Author ID:1460871 Share Posted June 1, 2021 here is fix Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2021 ID:1460880 Share Posted June 1, 2021 Bravo. Thank you. This run squashed the other pest. Your system should be in much better state. I would recommend that you do a Scan with Microsoft Defender. A quick scan would be ok. Use guide at Tenforums https://www.tenforums.com/tutorials/84796-how-scan-windows-defender-antivirus-windows-10-a.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 5, 2021 ID:1461767 Share Posted June 5, 2021 Hello. Good afternoon. How is the situation today on this pc ? Any news ? Are you needing other help ? Link to post Share on other sites More sharing options...
Recommended Posts