Swerdnaj Posted September 27, 2021 ID:1481746 Share Posted September 27, 2021 MBAM would not run, but downloaded the MBAM utility. I have attached FRST and MBAM logs. Please help me, and Thanks! Addition.txt FRST.txt MBAM results.txt MBAM threat log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2021 ID:1481777 Share Posted September 27, 2021 Hello Thanks for the reports. My name is Maurice. I will guide you forward. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2021 ID:1481782 Share Posted September 27, 2021 Question: Are you getting help elsewhere? Are you now or perhaps recently, been getting remote help via Bomgar ? I do need to know if you are getting help elsewhere. Please advise. Link to post Share on other sites More sharing options...
Swerdnaj Posted September 27, 2021 Author ID:1481792 Share Posted September 27, 2021 I am not getting help anywhere else. The Bomgar file was used by a software company in the past to work only on it's software, and only when I called them for support. I don't allow anyone else access to this computer. Files attached. AdwCleaner[C00].txt AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Swerdnaj Posted September 27, 2021 Author ID:1481795 Share Posted September 27, 2021 My svchost files run very high. see attached. Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2021 ID:1481823 Share Posted September 27, 2021 We can do different scans with known security tools to check for malware, including malicious miners. ( By the way, I did notice you have used a handful of different apps on your own.) I would strongly suggest you not be looking at Task Manager. Svchost is a Windows service that is pervasily used to manage & run different tasks, including modules of apps. Further to that, I can guide you later to other means to reduce the load of auto-started applications. But let's keep focused to hunting for actual malware. That is the main goal here. [ 1 ] This pc runs Windows 7. I need you to insure that it does SHOW all folders / all files See https://www.sevenforums.com/tutorials/853-navigation-pane-show-all-folders.html [ 2 ] We will use FRSTENGLISH.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Swerdnaj only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will rebuild the Winsock. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Link to post Share on other sites More sharing options...
Swerdnaj Posted September 28, 2021 Author ID:1481828 Share Posted September 28, 2021 FixLog attached Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2021 ID:1481830 Share Posted September 28, 2021 That is a good run. Thanks. Next, I suggest a new scan for virsuses & other malware. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at C:\Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Swerdnaj Posted October 1, 2021 Author ID:1482280 Share Posted October 1, 2021 MSERT.log attached msert.log Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 1, 2021 Solution ID:1482312 Share Posted October 1, 2021 Thank you. Most excellent result from Safety Scanner Quote No infection found. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. Link to post Share on other sites More sharing options...
Swerdnaj Posted October 4, 2021 Author ID:1482641 Share Posted October 4, 2021 Well, that took forever! ESET scan log attached. ESET Scan Log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 4, 2021 ID:1482647 Share Posted October 4, 2021 (edited) Thank you. Well worth the run. The ESET found and removed the Ask toolbar and some other potential unwanted add-ons. Go ahead and delete esetonlinescanner.exe + also delete MSERT.exe. Advise me, How is the system at this point ? Also, I dould like you to do one new Scan with Malwarebytes for Windows. Malwarebytes is very good at finding and removing malicious miners. Let me know result of that scan. Edited October 4, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Swerdnaj Posted October 5, 2021 Author ID:1482765 Share Posted October 5, 2021 I ran the Custom Scan including all options available on Malwarebytes, results attached. The system is starting and running faster. Thanks for that! I still have a svchost process running at over 300,000K when online, and over 250,000K when not online. Those high usage rates have not gone down with all of our cleanup, so are they of any concern? (and yes, I do look at my task manager, especially when my computer is lagging like it was before we started, Sorry, can't help myself ;) MBAM log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 5, 2021 ID:1482795 Share Posted October 5, 2021 That is a perfect report from the Malwarebytes for Windows scan. Thank you. SVCHOST is an abbreviation of service host. If one uses Task Manager or Process Explorer, you’ll usually see multiple instances of it running, and sometimes even several dozen instances. That is normal & expected. Svchost is used by many services of your Windows system. Services are organized into logical groups that are all somewhat related, and then a single Service Host instance is created to host each group. For example, one Service Host process runs the three services related to the firewall. Another Service Host process might run all the services related to the user interface, and so on. What you report seeing on Task Manager is normal. This machine has no malicious miner. It does not have a infection or malware. This last full Custom scan by Malwarebytes for Windows confirms that. . We use known security scanners from trusted sources to look for and remove malware. . As to laggy computers, there are several areas that you can look into. Here are a few links to handy articles Please know that a slow condition can be due to non-infection factors. See https://support.microsoft.com/en-us/help/2746761/how-to-speed-up-your-slow-computer See Miekiemoes blog article on slow computer situation https://miekiemoes.blogspot.com/2008/02/help-my-computer-is-slow.html also, at Bleepingcomputer https://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/ Sincerely. Link to post Share on other sites More sharing options...
Swerdnaj Posted October 6, 2021 Author ID:1482955 Share Posted October 6, 2021 I connected my computer to my wired network today after the cleanup we did, and it could not find it. I then tried to search for and open secpol.msc, it is not on my computer anymore. I cannot find or connect to my private wired network. Please help fix this. Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 6, 2021 ID:1482969 Share Posted October 6, 2021 The OS on this machine is Windows 7 Home Premium Service Pack 1. Secpol.msc is not available on all Windows versions. NOTE: The Local Security Group Policy Editor will only be available in the Windows 7 Professional, Ultimate, and Enterpise editions. The Local Security Policy Editor is not available in the Windows 7 Starter and Home Premium editions. To see about running the Local Security Policy Editor on Windows 7, please see this link at Sevenforums ( which by the way, is an excellent resource for Windows 7)https://www.sevenforums.com/tutorials/7357-local-security-policy-editor-open.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2021 ID:1483033 Share Posted October 7, 2021 (edited) Hello. I'd like for you to take one-time actions to power off your PC and any powered printers attached & then power off your hardware router. Start by Shutting down Windows, and powering off your PC. Then power Off the hardware router. Also, turn off the Hub or Switch for your 'network' ( if any). Then wait for one minute. Then power up in reverse order. First get the router powered up. Then your Hub or switch for the Network. Wait for a minute. Then power up PC and then get Windows started. > After that, I'd like to get a special report with the Malwarebytes Support tool. This is a report only. Please download Malwarebytes MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. Edited October 7, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 20, 2021 Root Admin ID:1484714 Share Posted October 20, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts