Jump to content

Kernel Broker and Error Broker


Recommended Posts

hello,I got those two in my pc and I tried to remove them with malwarebytes and bitdefender but always come back and my anti virus quarantines it,when I was using malwarebytes anti virus it showed a different name something like trojan bitcoin miner something like that and it was quarantined more than once like one time every 20 mins not sure didn t count,on bitdefender anti virus it shows kernel broker and error broker and on both if I delete them they keep coming back please help me 

Screenshot (72).png

Link to post
Share on other sites

Hello @Momalaul      :welcome:

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

Please do not go to doing other tools or fixes on your own.  I will guide you.  I have 2 separate things below.

[   1    ]

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[     2    ]

Now a fresh new scan with Malwarebytes for Windows.

  • In Malwarebytes for Windows program, we want to do a special scan.

  •  

  • Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

  •  

  • Then click the Security tab.   

  • Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

  •  

  • Click it to get it ON if it does not show a blue-color

  • .

  • Next, click the small x on the Settings line to go to the main Malwarebytes Window.

  •  

  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 

[   2   ]

I need a report set for review.   This is a report only.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

Edited by Maurice Naggar
added special scan & to show all folders
Link to post
Share on other sites

After the steps above are completed, these are the next steps.

Save the attached file below named Fix,zip to the Downloads folder on your system.

Fix.zip

 

Then use File Explorer to go to the Downloads folder.  UNZIP ( extract) the content to Downloads folder.

You should then have a file named Fix.bat

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

Once the Command prompt window is up,  type in   ( or COPY  & then PASTE )

%userprofile%\downloads\fix.bat

press Enter-key to proceed.

Reply YES to allow it to proceed.

.

  • When that completes, place your mouse-pointer on the top bar of the command-window

& do a RIGHT-click & choose  "Select all"
& then choose " COPY "

then into the next Reply box on this topic, right-click on the white box and choose PASTE
You may then close the command window.

.

Trojan.BitCoinMiner is Malwarebytes’ generic detection name for crypto-currency miners that run on the affected machine without the users’ consent.

The one involved here is a bit more persistent because it uses more than one way to retain the pest. It is likely to involve a sub-folder that is hard to spot.

Link to post
Share on other sites

13 hours ago, Maurice Naggar said:

Hello @Momalaul      :welcome:

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

Please do not go to doing other tools or fixes on your own.  I will guide you.  I have 2 separate things below.

[   1    ]

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[     2    ]

Now a fresh new scan with Malwarebytes for Windows.

  • In Malwarebytes for Windows program, we want to do a special scan.

  •  

  • Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

  •  

  • Then click the Security tab.   

  • Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

  •  

  • Click it to get it ON if it does not show a blue-color

  • .

  • Next, click the small x on the Settings line to go to the main Malwarebytes Window.

  •  

  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 

[   2   ]

I need a report set for review.   This is a report only.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

I did everything you said up there I also deleted the items in quarantine and malwarebytes gave me an option to restart my pc and I did here is the report

mbst-grab-results.zip

Link to post
Share on other sites

10 hours ago, Maurice Naggar said:

After the steps above are completed, these are the next steps.

Save the attached file below named Fix,zip to the Downloads folder on your system.

Fix.zip 332 B · 1 download

 

Then use File Explorer to go to the Downloads folder.  UNZIP ( extract) the content to Downloads folder.

You should then have a file named Fix.bat

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

Once the Command prompt window is up,  type in   ( or COPY  & then PASTE )

%userprofile%\downloads\fix.bat

press Enter-key to proceed.

Reply YES to allow it to proceed.

.

  • When that completes, place your mouse-pointer on the top bar of the command-window

& do a RIGHT-click & choose  "Select all"
& then choose " COPY "

then into the next Reply box on this topic, right-click on the white box and choose PASTE
You may then close the command window.

.

Trojan.BitCoinMiner is Malwarebytes’ generic detection name for crypto-currency miners that run on the affected machine without the users’ consent.

The one involved here is a bit more persistent because it uses more than one way to retain the pest. It is likely to involve a sub-folder that is hard to spot.

I don t know why but when I paste the command in command prompt it auto closes 

Link to post
Share on other sites

9 minutes ago, Momalaul said:

I don t know why but when I paste the command in command prompt it auto closes 

and I also tried to scan again this time only keep items in quarantine and not restart not delete and still same thing command prompt closes after I execute the command

 

Link to post
Share on other sites

Hello.  Thank you for sending the mbst-grab zi[ file.  I need to review that  & then will later have for you a more specific task to do,

For now, I would like you to do what follows.

This here is what I suggest as a next step.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

  • The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

  • Select "QUICK " scan from scan options.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

  • Please attach that log with your reply.
Link to post
Share on other sites

After the Safety Scanner tool run has completed please do what follows for a different readout report.  This run does not make changes. It is intended to gather additional information on what is running on your machine,

It is a safe report tool.

Download OTL by OldTimer to your desktop:  from this link

  • Close all open windows on the Task Bar. Right click the OTL  icon and select Run as Administrator  to start the program.

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

  • Now click Run Scan at Top left and let the program run uninterrupted. It will take several minutes.

  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.

  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

  • Exit OTL by clicking the X at top right.


Attach the report files  OTL.txt;  &  Extras.txt

Edited by Maurice Naggar
Link to post
Share on other sites

4 hours ago, Maurice Naggar said:

Hello.  Thank you for sending the mbst-grab zi[ file.  I need to review that  & then will later have for you a more specific task to do,

For now, I would like you to do what follows.

This here is what I suggest as a next step.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

  • The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

  • Select "QUICK " scan from scan options.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

  • Please attach that log with your reply.

here is it

msert.log

Link to post
Share on other sites

3 hours ago, Maurice Naggar said:

After the Safety Scanner tool run has completed please do what follows for a different readout report.  This run does not make changes. It is intended to gather additional information on what is running on your machine,

It is a safe report tool.

Download OTL by OldTimer to your desktop:  from this link

  • Close all open windows on the Task Bar. Right click the OTL  icon and select Run as Administrator  to start the program.

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

  • Now click Run Scan at Top left and let the program run uninterrupted. It will take several minutes.

  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.

  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

  • Exit OTL by clicking the X at top right.


Attach the report files  OTL.txt;  &  Extras.txt

and here are the other one too

Extras.Txt OTL.Txt

Link to post
Share on other sites

Thank you very much for the reports.  I will review the OTL & have a new response later.

At this point,   lets see about doing 2 delete actions in hopes of knocking out the pest-at-hand.

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe

and then look at the entire list of choices, and click on Run as Administrator.  

Once the Command prompt window is up,   COPY  ( the whole line AS-IS  & then PASTE  into the Command-window-box

rd %userprofile%\appdata\local\vegas /s /q

press Enter-key to proceed.

Reply YES to allow it to proceed  ( if prompted).   I expect none.

Next, do what follows.

COPY  ( the whole line AS-IS  & then PASTE  into the Command-window-box

del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe"

press Enter-key to proceed.

Reply YES to allow it to proceed  ( if prompted).   I expect none.

Next, do what follows.

  • place your mouse-pointer on the top bar of the command-window

& do a RIGHT-click & choose  "Select all"
& then choose " COPY "

then into the next Reply box on this topic, right-click on the white box and choose PASTE
You may then close the command window.

Link to post
Share on other sites

I tried the command prompt thing you said for the rd %userprofile%\appdata\local\vegas /s /q command it says The system cannot find the file specified. and for the 

del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe" command it says Could Not Find C:\Users\lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe maybe because of the malwarebytes real time protection?
Link to post
Share on other sites

Please look real close for the report file named FRST.txt

I need it.  It will be is same folder as where you have Addition.txt

Plus leave the Quarantine folder of Malwarebytes alone.  Quarantine is solitary confinement jail for the boogers.  It will take a special fix to squash the pest.  That is why I need FRST.txt

.

One more point of order:   

Please review & be sure this has been done:
Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

Link to post
Share on other sites

Please EXIT / Close Discord  if you see it running.  Yes I see from Addition.txt   that Discord is somehow related to having this pest to come in.

I am still reviewing the reports.  I will get back again with you.

Note that MS Defender & Bitdefender too are flagging parts of this pest.   Meantime, close all instant messaging apps.  Close web browser tabs, such that you only maybe have the one to this forum.

Try not to do any online email reading.  No web surfing while this case is open.

Link to post
Share on other sites

Hello.  I have a custom script for your machine.  Utmost patience is needed.  I am hoping that this procedure will be less than 1 hour run.

Please save the (attached file named) FIXLIST.txt   to the   DOWNLOADS folder

Fixlist.txt

The custom script on this post is ONLY for this machine and NO other.   

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

 

  • Start the Windows Explorer and then, to the   Downloads folder.
  • RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run the tool. 
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

I will need that for review.

After this, do a SCAN run with Malwarebytes for Windows.  If it flags anything, be sure to have them all selected & click on Quarantine selected.

Plus

Then, locate the Scan run report from Malwarebytes;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

There will be much more to do after this.   Please stick with me

 

 

Edited by Maurice Naggar
Link to post
Share on other sites

scanned and nothing found also I had like 21 same virus trojan bitcoin miner in quarantine but I deleted them I am waiting to see if malwarebytes will find them and quarantine them,forgot to tell you when I had bitdefender when it detected the virus it said it is infected with some gen doina and some numbers forgot what number it had,anyways here are the reports!

Fixlog.txt report.txt

Link to post
Share on other sites

here is what I saw I opened discord and did a new scan now it detected kernel broker I will send you the report of this scan too,maybe it is because of the weird discord servers I keep getting in without my knowledge,the only server I was in was the one with my classmates and we only go there and play games but I keep getting in that weird servers with weird names some got like hacker name and other weird names,also in one of the servers someone named palestine hacker said that we are there because we got hacked now I changed my password from my phone and I hope it will be good,here is the new scan report!

report2.txt

Link to post
Share on other sites

Next first thing to do is to uninstall Discord.  That is before we do anything else.  We will have to do more things before even considering a re-install of Discord.

It is very apparent that Discord has been infected  ( compromised).

1. Press the Windows key+R to open the Run command.

2. Type control appwiz.cpl and hit Enter.
The Programs and Features window will appear.

 

3. Locate DISCORDr

and click once to select it, then click the Uninstall button.

When done, do a Windows RESTART.

.

Now a fresh new scan with Malwarebytes for Windows.

  • In Malwarebytes for Windows program, we want to do a special scan.

  •  

  • Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

  •  

  • Then click the Security tab.   

  • Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

  •  

  • Click it to get it ON if it does not show a blue-color

  • .

  • Next, click the small x on the Settings line to go to the main Malwarebytes Window.

  •  

  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

There will be much more to do after this.   Please stick with me

 

Edited by Maurice Naggar
Link to post
Share on other sites

After the steps above, do NOT re-install Discord.  We will need to do more steps before re-considering that, Here is next step after you finish those above.

and please stop playing online games.  Close / exit all games & all messaging apps.

I would urge getting a readout report as to update status of some key apps.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

  • If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

I must add a serious note here.  For security purposes, seriously consider to rebuild the Windows operating system and all application programs from scratch. There are a very very large number of file exclusions & path folder exclusions in the Microsoft Defender antivirus  that are on their face, exceptions that a human would not do on their own.  For example, several exclusions for DLL files in temporary folders.  One has to consider those done by malware.  It seems that the overall security is in question.  Let me know if you want to stop and rebuild Windows.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.