Jump to content

Persistent and Malicious Cookie

TitanInsane
 Share

Recommended Posts

TitanInsane

TitanInsane

Posted
  • Author
Posted

Hi @AdvancedSetup,

About the ESET scanner, I actually ran it multiple times. The first time I ran it, it found an infection, however a power cut disrupted the scan after the laptop shutdown and when I restarted the scan, it didn't find the infection again and the laptop worked fine after that. After the problem re-surfaced, I tried running the ESET scanner again but it hasn't found anything this time.

My laptop is a Toshiba SATELLITE L500 - 1UU

I've attached the scans as requested. 

Thank You

Addition.txt FRST.txt

Link to post
Share on other sites
  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, place a checkmark on all of the Repair System entries.
  • Then click on the Repair System button and allow it to run and restart the system.

image.png

 

After the restart please do the following

  • Run the MBST Support Tool again.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and follow the onscreen instructions to reinstall Malwarebytes
  • NOTE: Please have patience as it can take a while to remove and reinstall. The computer will restart to complete

 

After the restart please do the following

  • Run the MBST Support Tool again.
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please uninstall the following program @TitanInsane

CCleaner

 

 

 

CHR Notifications: Default -> hxxps://meet.google.com

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
TitanInsane

TitanInsane

Posted
  • Author
Posted

Hi @AdvancedSetup,

Uninstalled CCleaner as requested.

I'm not really sure about the notifications thing. I've usually set all of them to the default "Ask" option (not that I ever use it). Should I just block all notifications ? As for Google Meet, I use it quite a lot for my classes.

Ran the FRST scan as requested. Here is the Fixlog.

Thank You

 

Fixlog.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The script timed out due to time limit.

Please save the attached fixlist.txt file as before to the same folder location as the Farbar FRST program. Then run Farbar FRST and click on the FIX button and let it run.

fixlist.txt

When done please find and post back the new fixlog.txt file.

Thank you @TitanInsane

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If an infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Thank you

 

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Again, I do not believe this is a software or infection issue. I am not aware of any infection doing what seems to be a forced PAGE-DOWN key entry.

Possibly try hitting each of your Function type keys off and on or turning the computer off. Then see if you can wipe all of the keys with a clean cloth semi hard to ensure all the keys get pressed back and forth.

It really sounds like a keyboard with either a function key set or a key stuck

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thanks, that too found no issue or infection. @TitanInsane

 

07:55:21.0546 0x0e50  Detected object count: 0
07:55:21.0546 0x0e50  Actual detected object count: 0
08:00:58.0812 0x0a28  Deinitialize success

 

 

Please go ahead and run a Full Scan with Microsoft again. It will take a long time to run so maybe make sure SLEEP is disabled and let it run over night while you sleep.

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

Due to the age of the computer, I seriously doubt it is supported anymore or has drivers, but have you been to the support site for TOSHIBA to check and see if there are any updates?
Or, if you have drivers for the system on the hard drive or a CD you could try reinstalling to see if that helps

 

Link to post
Share on other sites
TitanInsane

TitanInsane

Posted
  • Author
Posted

Hi @AdvancedSetup,

Will run the Full Scan when possible.

I've already tried running the Microsoft Safety Scanner but it keeps overheating the computer and shutting it down before the scan can be completed. It does report that there are infected files during the scan though.

I've tried looking for drivers but it seems that there are none.

Link to post
Share on other sites
TitanInsane

TitanInsane

Posted
  • Author
Posted

Also, I don't know if this is indicative of anything but is it normal for there to be so many temporary files ? I noticed this this yesterday when you told me to run FRST with fixlist and it ended up deleting 4.2 GB of temporary files and left me with 31.0 GB of free space but I checked it again right now and it says I only have 28.6 GB now. Is this normal ?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, quite normal to have a lot of temporary files. Seems with each new version of Windows it gets worse with temp files. The space changes due to many factors but one of them being the file version mechanism used to allow removal or rollback of features, etc.

I don't see any signs that that computer is infected. If you're still having an issue with all programs performing what appears to be a page-down operation I'd think it is almost for sure a stuck key on the keyboard.

Not sure there really is much else I can do for you. Perhaps when things clear up a bit from the pandemic you can visit a local repair shop and have them take a look?

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
TitanInsane

TitanInsane

Posted
  • Author
Posted

Hi @AdvancedSetup,

Thank you so much for humoring me this long. I promise, this is the last time.

I took your advice about exploring the hardware side of things. Several online sites pointed me to KeyTweak but it doesn't seem to be working. Is there anyway to effectively disable the END key using software ?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I can't really think of any other cause. Does this happen quickly or slowly? Does it happen to all applications?

Does it still happen if you restart into Safe Mode?

What about from a Clean Boot ?
https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.