Jump to content

Attention Maurice

OC507

By OC507
in Resolved Malware Removal Logs

 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted

Hello @OC507   :welcome:

My name is Maurice.  I will be guiding you.  Thanks for the reports.  The scan report from Malwarebytes for Windows is perfect.

You can start this task here  & then after it is started, you should go get a good  break.   Just let the computer run this, once you start it.

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select QUICK scan.

Then start the scan. Have lots of patience. Any intermediate displays are information only.  It is the end results that count.

 

Let me know the result of this, along with the report.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply. 

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thanks. The result from the Safety Scanner is normal and expected.  Since this computer has Norton, it is expected that the Microsoft Defender antivirus & anti-spyware will be off.

Now to attempt to cure the clipboard issue.

We will use FRST64.exe  on Desktop folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  OC507  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will rebuild the Winsock.  It will run the Windows DISM tool to check the system. It is also intended to help on clipboard issue.

 

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Desktop  folder   

Fixlist.txt


Start the Windows Explorer and then, to the Desktop   folder.


RIGHT click on  FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

  • Thanks 1
Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted

Thanks for the log-report.  Let us give the following one try.

Start a Elevated Powershell command prompt-window. On the Windows taskbar, on the Search box, type in  

powershell

Wait and look for the results list. Click on the line that shows Powershell with "Run as Administrator".

 

2   Then you will see the Powershell window. Into that, we want to Copy & Paste this entire lines AS-IS  

Restart-Service -Name "cbdhsvc*" -force

then tap the Enter-key and wait and watch the result.

 

3    When it has displayed a blue screen with information on result , when done, then use the mouse pointer and do a RIGHT-Click on the top title bar of Powershell window.

.

4    Select "Select all"

Next then 

.

5    Select COPY

Next, on this forum topic, in a new Reply, Right click the white reply box 

.

6    

And select PASTE onto a Reply box-window here.   Close the Powershell window.

Providing the above ran properly, the clipboard history should be clear.

  • Thanks 1
Link to post
Share on other sites
OC507

OC507

Posted
  • Author
Posted

I don't know if I did it wrong but I think nothing happened ...

 

Windows PowerShell
Copyright (C) Microsoft Corporation. Todos los derechos reservados.

Prueba la nueva tecnología PowerShell multiplataforma https://aka.ms/pscore6

PS C:\WINDOWS\system32> Restart-Service -Name "cbdhsvc*" -force
PS C:\WINDOWS\system32>

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I notie that there is no "error message".  I have to assume it did work.

I would suggest a free scan with the ESET Online Scanner.  This will be another check for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.

  • Like 1
Link to post
Share on other sites
OC507

OC507

Posted
  • Author
Posted

Hello, I send you the scan log, I did find 4 threats, 3 solved them and one could not because it had access denied, from what I saw it was a Norton file, I don't know if you recommend uninstalling it. I did some testing copying addresses and apparently it's fine. Please review the attached log and let me know if we need to do anything else.

Scan.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I am happy to read that the clipboard & copying issue is now normal.

About Norton Security ( since 1 exe file was flagged) I must ask if Norton was from a official Norton source?  If it is not, then I would suggest to do a full Uninstall of Norton Security.

We can also upload a copy of Ncrypt.exe up to Virustotal for analysis & also delete that one file  ( if possible).

Please know that Windows 10 comes with its own antivirus, Microsoft Defender antivirus.  If Norton Security is uninstalled, the Microsoft Defender antivirus will be turned back on.

.

Now a new custom script.

Please first DELETE the old file named Fixlist.txt  on the Desktop.

We will use FRST64.exe  on Desktop folder to run a new custom script.    The system will be rebooted after the script has run.

This custom script is for  OC507  only / for this machine only.

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Desktop  folder   

Fixlist.txt


Start the Windows Explorer and then, to the Desktop   folder.


RIGHT click on  FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt at your next opportunity.

  • Thanks 1
Link to post
Share on other sites
OC507

OC507

Posted
  • Author
Posted
24 minutes ago, Maurice Naggar said:

Thank you for the report.  At this point, how is the original issue that started this case ?

I believe you had reported that the copy / paste issue is normal.

Until now, the copy / paste problem has not been repeated.
If you consider that I should do or correct something else, let me know.
I have no words to thank you, a thousand times thanks for your help, your time and dedication to this issue.

  • Like 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

You are very welcome.

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download
Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard


Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).
.
You can delete msert.exe

Delete esetonlinescanner.exe

To remove the FRST64 tool & its work files, do this. Go to your Desktop folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to 

UNINSTALL.exe

 
Then run that ( double click on it) to begin the cleanup process.

Any other download file I had you download, you may delete. 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

Stay safe.  I wish you all the best.     :cool:
I am marking this case for closure.

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept