Maurice Naggar Posted September 1, 2021 ID:1477886 Share Posted September 1, 2021 Hello @Berkan This topic-thread is for Berkan only. You said that your computer has a trojan malware. I suggest this as the first step. There will be more to do later. This is not a one shot fix. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. To save attachments ( to upload ) please click the link labeled "Add Files". Then browse to where your file is located and select it and click the Open button. Please be sure to review your reply and attachment before you press the reply button. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 5, 2021 Author ID:1478493 Share Posted September 5, 2021 Hello @Berkan I have been hoping to hear back from you, on this topic thread. I had also made several replies to you by personal message last Wednesday. Are you still in need of help ? Please advise. Link to post Share on other sites More sharing options...
Berkan Posted September 5, 2021 ID:1478499 Share Posted September 5, 2021 Hello mr Maurice. Thank you so much for your concerns. The virus made my pc almost impossible to use by using %90 ish of the cpu after restarting due to a scan. So I had to format the device. I couldnt reply during that, sorry. For now It seems to run smoothly with only some corruptions on some services. If I ever encounter these kinds of stuff again I will open a post next time, thank you. But I should ask, is there a preferred antivirus to avoid these stuff cause I scanned the .exe file I downloaded before opening with malwarebytes and it found nothing. After opening it my pc was infected. And after that I downloaded and scanned with eset but eset only seems to encounter the virus under the states of “corrupted file”, “file can’t be opened” or “file/pathway not found” and therefore didn’t detect these as viruses but rather as corruptions. And my old windows isnt fully deleted as its packaged in a folder called “windows.old”. Should I be concerned about anything right now? Is there anything I should do to be sure that my system has been cleaned completely? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 5, 2021 Author ID:1478503 Share Posted September 5, 2021 Thank you for the status and information. I am unsure just how you went about "to format" this system. While the old file "Windows.old" is not a threat by itself ( it is not a threat) it being there sems to indicate you did a Windows upgrade-in-place. Windows 10 comes with the free built-in Microsoft Defender antivirus. That is normally good in most cases. Though it can be compromised & tampered with by some trojan malwares. As far as what is best all around as a antivirus, I would say the ESET. Lets get a report set for reiew. I would like to get a report set from this machine. This will be just a report collection. It does not make any changes. Please follow the tips carefully. Please download MBST Support Tool Once you start it click Advanced >> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the link marked "ADD Files". Then browse to where your file is located and select it and click the Open button. Only after you are all set plus have uploaded the ZIP file, then press the button "Submit Reply" in blue color. Please have patience throughout this case. Understand also I am a volunteer here. Cheers. Link to post Share on other sites More sharing options...
Berkan Posted September 6, 2021 ID:1478557 Share Posted September 6, 2021 Hello again Mr. Maurice. I didn't know the translation of the word "format" from my language to english so I assumed it would be the same. Basically the computers C: drive has been wiped completely. I am not sure what you mean by a "windows upgrade-in-place" but it might be true. I added the .zip file you asked as an attachment. There have been small corruptions on my pc that I encountered like some system services thinking their files are supposed to be in mbst-grab-results.zipC:\WINNT\system32 instead of C:\Windows\system32 and therefore they wouldnt work unless I made a system32 folder in a WINNT folder and carried them there. Also some stuff like the xbox gaming bar are missing for some reason. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 6, 2021 Author ID:1478560 Share Posted September 6, 2021 A serious note of caution. Do NOT go about copying or moving "files" from or to or between "Winnt" & "Windows". That is not the way to have a operating system like Windows. Do not copy things on your own while this case is active here. Thanks. I will make another reply later, as I can manage. Do keep in mind I am a volunteer doing this on personal time. I will review the report you last sent. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 6, 2021 Author ID:1478561 Share Posted September 6, 2021 As I mentioned above, do not attempt to move Windows system files. This computer runs Windows 10. The operating system main folder is C:\Windows. Do not make changes on your own. I do see that the computer has ESET Security. I suggest you do one new scan with ESET. After it has finished, let me know the result. Link to post Share on other sites More sharing options...
Berkan Posted September 7, 2021 ID:1478581 Share Posted September 7, 2021 I have finished the scan with eset. However this website doesnt allow .xml files to be uploaded. I am not sure if this is the file you asked for but I am attaching the .xml in a .zip .Scan.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 7, 2021 Author ID:1478680 Share Posted September 7, 2021 (edited) Hello. I was only just curious about the bottom line status shown by ESET. I cannot do anything with the XML file. Plus there is a issue of the language. Lets do one new Windows Update "Check for Updates" run. See Microsoft tip article https://bit.ly/3zW2EN1 In Turkish https://bit.ly/3BN9G7k The basic idea is to insure that the Windows operating system is all up-to-date with security updates. Edited September 7, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Berkan Posted September 8, 2021 ID:1478902 Share Posted September 8, 2021 Hello. Not sure what you meant by bottom line. But It says 981588 file scanned and 0 detections. However there are yellow errors on 51 different files, mostly stating that they were "unable to open [4]" and a couple of "archive damaged"s. Windows update found 2 updates. I then visited the page you posted. It updated windows to 21H1. It took quite some time and a few times. Now what should I do? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 8, 2021 Author ID:1478917 Share Posted September 8, 2021 To your last line, it is super to read that this Windows has been upgraded to build 21H1 😁 👍 😎 I cannot be sure which scanner you refer to here ? ....BUT it is normal for a security scanner to "not be able to open a file". That can and does happen. It does not equate to a "infection". Link to post Share on other sites More sharing options...
Berkan Posted September 8, 2021 ID:1478919 Share Posted September 8, 2021 I was referring to the eset scan. And I think the update fixed the WINNT folder issue. The msiexec.exe service now requires the .exe to be in C:\WINDOWS\system32\msiexec.exe instead of C:\WINNT\system32\msiexec.exe But I'm still unsure about any remaining corruptions. Should I do something to check if anythings wrong? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 8, 2021 Author ID:1478923 Share Posted September 8, 2021 C:\Windows is indeed the normal (default) system directory for the Windows 10 Operating system. [ WINNT is not typically seen on modern-day Windows 10 for consumers ( meaning home users and single users). Some corporations though might possibly engineer something specific]. What I suspect you recall about Winnt is from a old old Windows version from long ago, like maybe Windows 2000. Anyhow, put that to rest. Your Windows now is in the right place. If you wish, you can do a different other scan to scan your machine. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. NOTE: This scan can take several hours ( depending on how many files are on the system & also on the speed of the hardware ). Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. Link to post Share on other sites More sharing options...
Berkan Posted September 9, 2021 ID:1479132 Share Posted September 9, 2021 log.txt The scan is complete and it didnt detect anything. However it says in the log that the designated module couldn't be found. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 10, 2021 Author ID:1479226 Share Posted September 10, 2021 Thank you for the log. There were NO malware / NO virus found. These are the 2 most important lines of the report. Quote # scanned=443862 # found=0 That confirms that there is no malware and even no potential unwanted types. ( no PUP / no PUA ). . Please download, install, update and do a Threat Scan with Malwarebytes for Windows and post back the log https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows Link to post Share on other sites More sharing options...
Berkan Posted September 10, 2021 ID:1479289 Share Posted September 10, 2021 Scan mvb.txt It didn't detect anything. Will these also look for any corruptions in the system? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 10, 2021 Author ID:1479293 Share Posted September 10, 2021 Congratulations. The Malwartebytes for Windows report is perfect. No malicious malware here on this machine. This program checks for malware. . Lets be cautious here. We can run the Windows System File Checker tool & the Windows 10 DISM tool to do checks on this Windows 10. We will use FRSTENGLISH.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for BERKAN only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. It will run the Windows DISM tool to check the system. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the user Downloads folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Link to post Share on other sites More sharing options...
Berkan Posted September 10, 2021 ID:1479296 Share Posted September 10, 2021 Ok this question feels dumb but better be safe anyways. I have a usb hub, attached to that is a wireless mouse that is attached by a usb-entry device, a usb headphone, and an usb fan. Do I remove those as well? Or do you just mean like a flash drive? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 10, 2021 Author ID:1479309 Share Posted September 10, 2021 I meant just only a flash-thumb drive. The wireless mouse & headphone is OK where it is. Link to post Share on other sites More sharing options...
Berkan Posted September 11, 2021 ID:1479339 Share Posted September 11, 2021 Fixlog.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted September 11, 2021 Author Solution ID:1479355 Share Posted September 11, 2021 Thank you. That is a good run. The Windows System File Checker (SFC) Windows Resource Protection found corrupt files and successfully repaired them. Before that, we ran a scan with ESET Online scanner & Malwarebytes for Windows & ESET. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 25, 2021 Author ID:1481517 Share Posted September 25, 2021 Hello. I hope all is well. Are you needing other help? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 8, 2021 Root Admin ID:1483160 Share Posted October 8, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts