Lemniscate Posted August 11, 2021 ID:1474158 Share Posted August 11, 2021 My Malwarebytes keeps detecting these malwares. I've removed them both via Malwarebytes(quarantine and remove) and manually looking for the directory itself and deleting it. After some restarts it keeps coming back. What can I do to protect my computer? Thank you! I've seen a thread same as this one but there was a note that I should not apply that fix to my computer for that fix was for that specific user who asked the question. Link to post Share on other sites More sharing options...
kevinf80 Posted August 11, 2021 ID:1474162 Share Posted August 11, 2021 Hello Lemniscate and welcome to Malwarebytes, Lets grab some logs and see whats going on, continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... If our tools do not run because of windows smart screen or your security, consider the following: Disable smart screen if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted August 13, 2021 ID:1474545 Share Posted August 13, 2021 Any progress..? Link to post Share on other sites More sharing options...
Lemniscate Posted August 13, 2021 Author ID:1474551 Share Posted August 13, 2021 Hi kevinf80. I am sorry I just now saw your reply. I checked my notifications here daily but your reply didn't show in the notifications tab. I am currently doing what you said last time. I am sorry for the delay and thank you for your patience. Link to post Share on other sites More sharing options...
kevinf80 Posted August 13, 2021 ID:1474552 Share Posted August 13, 2021 Hiya Lemniscate, I believe there is an issue with the forum notifications, I do not receive push notifications through my browser... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Lemniscate Posted August 13, 2021 Author ID:1474553 Share Posted August 13, 2021 I am now on the Farbar Recovery Tool step. Thank you for your patience. Link to post Share on other sites More sharing options...
Lemniscate Posted August 13, 2021 Author ID:1474554 Share Posted August 13, 2021 AdwCleaner[C01].txtMalwarebytes Log2.txtMalwarebytes Log.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 13, 2021 ID:1474561 Share Posted August 13, 2021 Got to go out, back in 1 to 2 hours... 1 Link to post Share on other sites More sharing options...
Solution kevinf80 Posted August 13, 2021 Solution ID:1474569 Share Posted August 13, 2021 Do not see any evidence of Malware or Infection showing in your FRST logs. It would seem you had AutoKMS on your system at some point, is that no longer installed..? We see many systems with AutoKMS software that has suffered some kind of infection, malware writers do take advantage of such freely available software, just be aware of that point. Can you run another scan with Malwarebytes, see if it flags anything else... Link to post Share on other sites More sharing options...
Lemniscate Posted August 13, 2021 Author ID:1474580 Share Posted August 13, 2021 Currently scanning with Malwarebytes. Will keep you updated thank you once again. Link to post Share on other sites More sharing options...
Lemniscate Posted August 13, 2021 Author ID:1474582 Share Posted August 13, 2021 And yes I had AutoKMS which was for IDM . I uninstalled it upon reading a same thread like 2 days ago. I apologize for not mentioning this in the same reply box. UPDATE : Finished scanning with malwarebytes. It didnt detect anything. Link to post Share on other sites More sharing options...
kevinf80 Posted August 13, 2021 ID:1474600 Share Posted August 13, 2021 Hiya Lemniscate, I`d say your system is clean, continue to finish up: Right click on FRST here: C:\Users\Admin\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Lemniscate Posted August 14, 2021 Author ID:1474752 Share Posted August 14, 2021 Thank you very much! Kudos to you sir. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2021 Root Admin ID:1474755 Share Posted August 14, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts