Jump to content

HGDC84 Muzapp.exe +Malware.Exploit.Agent.Generic


HGDC84
 Share

Go to solution Solved by Maurice Naggar,

Recommended Posts

I also got a warning from the same program and folder today. There were some earlier warnings about Malware.Exploit.Agent.Generic when trying to open a Word document.

Any help would be greatly appreciated, I haven't done much this type of virus/malware removal and would like to find out what to do, especially as it is not my own computer but my mother's.

Link to post
Share on other sites

  • Root Admin

Hello @HGDC84

Please run the Farbar FRST program and @Maurice Naggar will assist you further.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

I attempted to run the FRST scan for logs, and the scan itself seemed to go through successfully, but after the program prompted having completed the scan and creating the logs, it tries to open the logs using Notepad, only to report the log files aren't found and ask if I want to create new files. Answering "Yes" only creates an empty .txt file with the originally given name; Answering "No" closes the prompt and leaves an empty, unnamed and unsaved Notepad file open; Answering "Cancel" closes down prompt and Notepad.

I purposefully disconnected from my network connection before running the FRST scan, because the computer acted very slowly and it seemed like there were some suspicious occurrences (computer attempting to start Edge when I didn't try to start it myself, Firefox claiming it couldn't find websites, Settings window shutting down by itself when attempting to check out whether my mother's computer is 32- or 64-bit).

Any ideas how to carry on?

Link to post
Share on other sites

Hello.  Please understand that there needs to be a connection to the internet.

Did you save the FRST64.exe  ( or else the FRST.exe ) to the Downloads folder?   where is it saved ?

Also tell me, is Microsoft Windows Defender the active antivirus programs on this pc ?   if so, can you do a scan with Microsoft Defender ?

This is one way to do a manual scan using the Microsoft Defender antivirus, as well as to visually check protection status.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

image.png.53b8290f51fb52ad1f67f2be5d1a7198.png

 

Next, In Windows Security section: Click on the grey button Open Windows Security

image.thumb.png.770ff10e37da546f33963da571bd3378.png

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status and that protection is on.

 

image.thumb.png.d3c40d161bda6630f463e83ce53f9782.png 

On the next display, look at all the options.  Look down the list and see "Check for Updates" which I have highlighted with a blue icon.

You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom).

NOTE: If you have the time / opportunity, select a Custom scan & scan the C drive   ( one time as a safety check ).

 

image.thumb.png.1bfbd5b3023eeabe0dbea2025a5fa556.png

 

NOTE: On this last screen, be sure to review the section on Exclusions to be sure that nothing of the path, process, or file /folder exclusions are ones that you yourself did not place there on your own.

 

Link to post
Share on other sites

I have made an assumption that this computer runs on Windows 10.   If I am off-base, be sure to tell me which Windows version this is.

You can use this guide at Microsoft https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808

Link to post
Share on other sites

When I downloaded the file, it seemed to save it straight to the Downloads folder. From there, I moved it to Desktop. When that didn't work, I tried moving it to My Documents and made a separate folder for it there. Both times, I tried running it without having an online connection enabled after downloading the program.

I try scanning again on the Desktop with online connection enabled and see whether that makes a difference. Also, I will try the Windows Defender instructions.

And yes, the computer is running on Windows 10 (64-bit version). The main antivirus on the computer is Avast Free Antivirus, and it seems like Windows Defender is also enabled.

Link to post
Share on other sites

If possible, run the Microsoft Defender antivirus  & select Quick scan  from the Scan options.

Then, similarly, do a quick scan with Avast.

Them thirdly, if this pc has the Malwarebytes for Windows, I also would urge one new scan with Malwarebytes.

Just go careful.  Do not panic / do not rush.   Patience is a key ingredient while this case is on going.

after the Malwarebytes scan run completes, I need a scan report from Malwarebytes.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Got still time to make a status update.

Windows Defender started its scan and took a good while. I decided to go get some groceries and left the computer unattended.

After I returned from the shop and decided to check out the computer, Defender said it had completed the scan and found zero threats. However, I strongly suspect this is not the whole truth, as the scan results claimed the scan took only a bit under six minutes and had scanned 38671 files. The scan certainly went way longer and scanned way more files as I was attending it.

Started up Avast Quick Scan and will see what that will turn out.

Link to post
Share on other sites

My suspicions are rising even higher.

When I was running Avast, I noticed that the scan was stuck for a long time in C:/Program files/LibreOfice 5/program/xoflo.dll. What caught my eye was that the LibreOffice part of the folder name was only written with one f, not two. And checking the file manager, I found out that there was indeed the original folder that had two f-letters. So tried to check out about it by showing hidden folders and trying to see if that would reveal a folder with only one f. And "surprisingly" it was at that exact moment when Avast finished the scan and said no viruses nor malware was found.

This starts to look all too weird to be conicidental...

Attempting to run Malwarebytes quick scan next and see if that brings something out.

Link to post
Share on other sites

Malwayrebytes Anti-Malware log September 9th 2021.txt

Malwarebytes ran its course, took about 20 minutes and scanned about 380 000 files. No threats found according to that result, but I'm not so eager to believe it as of now. Log attached below. It seems to be in Finnish, but if you need a translation I will do one for you.

Going to call it a day for now, but will be in touch again during the weekend.

Link to post
Share on other sites

The scan from   Skannauksen päivämäärä: 2.9.2021
Skannauksen kellonaika: 20.49

was all good.   I would like to get a report set from this machine.  This will be just a report collection.  It does not make any changes.

Please follow the tips carefully.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link marked "ADD Files". Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

Only after you are all set plus have uploaded the ZIP file, then press the button "Submit Reply" in blue color.   Please have patience throughout this case.  Understand also I am a volunteer here.

Cheers.

Link to post
Share on other sites

Hello again!

I do understand that you are a volunteer, and I apologize if my multiple messages gave an impression like I was rushing you. That was never my intention, and I will wait patiently for you having the time to reply.

Anyway, the MBST Grab Results are attached to this message below.

Thank you for giving your time and efforts for helping me.

mbst-grab-results.zip

Link to post
Share on other sites

Hello.  Good morning. Thanks for the report set.  That is so very helpful.

Windows 10 comes pre-loaded with Microsoft Defender antivirus.   Here, on this machine, I notice it has TWO (2) add-on third-party antivirus programs.  There is AVAST.  Plus it also has the ZoneAlarm firewall with the ZoneAlarm antivirus.  Having Avast plus ZoneAlarm is a significant factor here that leads to quirks and potential conflicts.  There needs to be a decision as to which of the 2 to keep  and then which of the 2 to uninstall.

IF decision is made to keep Avast,  then a Uninstall of all of the Zone Alarm programs must be done.   ( and if you only want Microsoft Defender then be sure to let me know).

If you keep Avast, then

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-windoww.
2. Type 

appwiz.cpl 

and tap Enter.

3. The Programs and Features window will appear.   Locate on the list "ZoneAlarm Anti-Spyware".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.

Then look for "ZoneAlarm Firewall".   Uninstall if found.

Then look for "ZoneAlarm Antivirus".   Uninstall if found.

Exit Programs and Features.

4,  NEXT, whatever the case or result, need for you to get and save, and then run the ZoneAlarm UNINSTALL tool.   A general purpose uninstaller for ZoneAlarm.

First get and save from this link at Bleepingcomputer  https://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/

Click the green-color Download Now button.

Save the file.

Then run the tool.

When all completed, then Restart Windows.

Link to post
Share on other sites

Good morning there, or good evening here in Finland!

I'm using these on my own for now, but decided to contact you before making anything bigger myself. I downloaded the DDS in case I need it, but I haven't executed it as of now. I may remove it if you say it should be.

Checked the appwiz.cpl, did not see any mentions of ZoneAlarm there. Also checked the Programs menu from Windows Settings, and found a mention of ZoneAlarm LTD Toolbar, but when I clicked on it to see if I can unistall it that way, both the options of modifying and uninstalling were greyed out.

Also saved and tried to execute the ZoneAlarm Uninstall Tool, but got an error message saying (roughly translated):

"Program compatibility program

This program cannot be executed on this computer

ZoneAlarm
Check Point Software Technologies LTD

This program cannot be executed, because it causes security or performance problems on Windows. A new version of the program may be available. Check from the program vendor whether there is an updated version of the program available, that works with this version of Windows".

There are two buttons below it. The other one says "More information" and opens up a Microsoft support site that contains information about some apps not working with Windows 10. The other one says "Close" and closes the prompt.

Is there some other specific place where I could look for a newer version of the ZoneAlarm Uninstall Tool?

Link to post
Share on other sites

DDS is a good report tool.   We will not be needing it.  Please check with me first before you do something on your own.

Go ahead and just delete the download file you have "Zonealarm Uninstall tool".   We can manage without it.

.

Here below is a custom run intended to help this Windows machine.  Please take time to read carefully & apply all directions below.

If you have a question, stop and ask me first.

[    1    ]

As a next basic step, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[    2    ]

We will use FRSTENGLISH.exe  on Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  HGDC84  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.    It will run the Windows DISM tool to check the system. It is also intended to remove a couple of remnants of Zonealarm; plus a handful of Kaspersky drivers; plus some obsoleted scheduled tasks.

 

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt

 


Start the Windows Explorer and then, to the Downloads   folder.


RIGHT click on  FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


We will do more after this.  Persistence & patience are called for here.

Stick with me because there will be more for later.

Edited by Maurice Naggar
Link to post
Share on other sites

Ran the process, the fixlog is attached below. I don't have a huge knowledge about these things, but decided to look at the log and see if I understood something out of it. Seems like it was semi-successful: Did remove and/or fix some stuff, but also got some errors. Quite many ATTENTION! notifications there.

The part with "Tiedostonimen, hakemistonimen tai levynimen syntaksi ei kelpaa." means file name, directory name or disk name syntax error.

It also seems like the process was terminated after running for 60 minutes.

When I checked at the computer, it seems like the program closed by itself. I was prepared for it to run for the whole night, but decided to play on my games console while waiting and checked it now. Not sure if it was supposed to close or not, wasn't attending the computer constantly as I thought I could do something else while waiting. I don't think the computer restarted itself as the File Manager was still open on the desktop when I came back to see the computer.

I'll await for your response. I won't expect it to come immediately (I understand you have your own life to live too!), but can check the computer once or twice before going to bed. We'll check it later if you don't have the time for the rest of my night.

 

Fixlog.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.