Marcus024 Posted September 14, 2021 ID:1479802 Share Posted September 14, 2021 (edited) Hello, A family member of mine who is not so good with computers has fallen for a cheap software redistribution bait. Some crappy site that has OpenOffice bundled with malware, claiming to be the official site. I have already ran malwarebytes and malwarebytes AdwCleaner multiple times. Both found a few things, but now neither are finding anything. Even tho i doubt this is anything serious, the paranoia and curiosity got to me and im wondering if there could be any residue. Would be nice if someone could help me try a few other things and maybe those will find something. Checked my startup programs. Found nothing suspicious there. Heres a few logs. Sorry that they are in German.adwcleaner_scan2.txtadwcleaner_scan1.txtmbam_scan2.txtmbam_scan1.txtmbam_realtime_protection_exploit_detected.txtmbam_realtime_protection_malware_detected.txtadwcleaner_clean2.txtadwcleaner_clean1.txt Edited September 14, 2021 by Marcus024 Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2021 ID:1479805 Share Posted September 14, 2021 Hiya Marcus024, Run the following scan and post the two produced logs... Disable smart screen if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Run the following scan, lets see if anything shows up: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
Marcus024 Posted September 14, 2021 Author ID:1479806 Share Posted September 14, 2021 Hello Kevin, Thank you for helping. Here are the two logs you have requested.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 14, 2021 ID:1479819 Share Posted September 14, 2021 Hiya Marcus024, FRST logs are clean, what do you believe is wrong with this system...? Thank you, Kevin. Link to post Share on other sites More sharing options...
Marcus024 Posted September 15, 2021 Author ID:1479927 Share Posted September 15, 2021 Hello Kevin, Thats great to hear! Means mbam and adwc really seem to have gotten all of it, damn. Oh nothing in particular, its just i wanted to do a FRST check just in case. Link to post Share on other sites More sharing options...
Solution kevinf80 Posted September 15, 2021 Solution ID:1479939 Share Posted September 15, 2021 Hiya Marcus024, Absolutely nothing wrong with having your system checked out, that`s why we are here. Continue to finish up: Right click on FRST here: C:\Users\schurik\Desktop\FRST\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Condsider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted September 19, 2021 ID:1480634 Share Posted September 19, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts