rxsetse Posted July 6, 2021 ID:1467671 Share Posted July 6, 2021 Recently i've noticed my PC preform slow, so i decided to scan my PC with McAfee and Malwarebytes, McAfee detected a trojan in my microsoft edge cache files ,and after that I did a MB scan and It detected a PUP called "InstantAdware", I thought the virus was gone, and didnt worry much about it until 3 days ago when a third party app called "PDF Manager" was installed, I ran a scan with McAfee, MalwareBytes, and Hitman Sophos and all detected nothing. Today, I booted into safe mode and ran a scan with MalwareBytes (I wiped temp files, and disconnected from my internet), and it detected nothing (I did forget to enable rootkit scanning so could be the problem), I'm just paranoid that my PC will get shitted by all the crypto mining thats being done. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 6, 2021 ID:1467675 Share Posted July 6, 2021 Hello My name is Maurice. I will guide you, Please always attach files / reports as we go along. I need a fuller set of reports for review so that I can review & guide you. Please download Malwarebytes' MBST Support Tool Once you start it click Advanced > Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button. You describe having run 4 different security scanners. Does any 1 currently report a infection ? Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1467946 Share Posted July 7, 2021 No security scanners have scanned any viruses. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1467948 Share Posted July 7, 2021 Plus what does the log do, just to be safe? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468019 Share Posted July 7, 2021 The tool is just a report tool. It does not make changes. The report will help me to help you. It's what I need to look for potential infections. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468020 Share Posted July 7, 2021 (edited) Further to my asking for report in first post of mine. Do this too. Let me suggest you do one scan with Adwcleaner to check for adwares. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Edited July 7, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468117 Share Posted July 7, 2021 Hi, I will use AdwCleaner and also give you my logs, but I may have found the virus (maybe could be a false positive), A month back I found a random folder in my appdata roaming called "HolocusTropicalSoft", and that day a month back I looked it up online and that HolocusTropicalSoft was a trojan that fit all my PCs symptoms, It was preforming slowly which the virus is known to make happen, the virus was also known to mine bitcoin, and etc. The articles author says using SpyHunter should be able to catch the virus, so I downloaded it and tried a scan and It detected adware with a 20% risk, and a Trojan called "Trojan.FakeMS" with a 80% risk, but the thing is the Trojan has put itself into a system file called "C:/ProgramData/WindowsPreformanceRecorder", and "C:/ProgramData/WindowsPreformanceRecorder/NGenPbds_Cache", so Im wondering if this is just a false positive or a legit virus that had actually got into my system files. And SpyHunter seems to want to delete the system files, and SpyHunter also wants to delete some file called [F] Preferences, and the program wants me to wait 48 hours to execute all this. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468119 Share Posted July 7, 2021 Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468120 Share Posted July 7, 2021 Hello Maurice, Ive used the support tool but it hasn't implemented the zip into my downloads, should I try it again as I closed the program as soon as I got the notification when it got installed? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468124 Share Posted July 7, 2021 Close "spyhunter". Dont need it. If Adwcleaner is still open, then click on Cancel button & Exit. Seems all it found are HP manufacturer provided 'applets'. You say that the support tool did not make a zip file. So do what follows & get that report attached in a new reply, when done. FRST Farbar is a report tool. Widely used. It is safe to run. Need this information report very much ! Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually Please attach both logs to your reply . To attch ( upload ) attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button. Do not go about self medicating with any other tools on youw own. If you have questions, please Stop and ask first. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468125 Share Posted July 7, 2021 ** After you have relayed the FRST reports ..... here is the next steps. This will be a scan for viruses & trojans & it will remove what it detects. It is free. It is trusted. ** The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download From the Scan options, select "FULL" scan. Patience since this can take hours. Let me know the result of this. The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468126 Share Posted July 7, 2021 Nevermind I found the zip in another folder, but the results have some personal data such as my desktop name (my real name), so can I like remove them, and I have closed spyhunter, and adwcleaner. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468127 Share Posted July 7, 2021 You can send me the ZIP file by personal message. and thenm just go ahead with the MS Safety Scanner ( by the way, other people cannot access the zip file ). Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468128 Share Posted July 7, 2021 Okay I will make sure to do that. But the logs have a lot of data which is personal, and I don't wish to share online. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468129 Share Posted July 7, 2021 Access to files is very restricted on this sub-forum !!! you are not like putting stuff out to public, especially zip files. Others are not able to get to them. Please proceed forward Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468130 Share Posted July 7, 2021 It has my real name, Im pretty sure ip adress, etc. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468131 Share Posted July 7, 2021 Send to me by P M The sooner I get them, sooner we can proceed. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468132 Share Posted July 7, 2021 Alright give me a little to think about it, I understand that you are trying to help me, I apoligize. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468133 Share Posted July 7, 2021 Safety Scanner detected fourteen files so far, I will get you the report as soon as the scan is over, and also possibly the log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468134 Share Posted July 7, 2021 NOTE I gotta have logs in order to properly help you get all malware removed. Reports are a must. and screen shots will not do. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468136 Share Posted July 7, 2021 Thank you. I will look at this and later, get back to you. Thanks very much. What I will do so you feel better is to hide that post. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468137 Share Posted July 7, 2021 Okay thank you. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468138 Share Posted July 7, 2021 Since the virus might be in a system file, will the virus scanner delete a system file in a scan? I read a little online and it seems someone had their system files deleted, and it their pc doesnt work? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2021 ID:1468139 Share Posted July 7, 2021 NO. Not with the Microsoft tool. Nor with Malwabytes. You said the Safety scanner was started. So just let it do what it needs to do. A full scan will take several hours. Take a break. Go away from pc. Do something for yourself. Link to post Share on other sites More sharing options...
rxsetse Posted July 7, 2021 Author ID:1468140 Share Posted July 7, 2021 Okay, I got a fairly decent PC, its been 30 minutes and its scanned halfway. Link to post Share on other sites More sharing options...
Recommended Posts