Jump to content

Recommended Posts

Long story short, I accidentally visited a shady url that was mediacloud.cc

Then to make matter worse, I accidentally (yes, I didn't know how can I be that dumb) clicked on something on that website, nothing popped out because I was using uBlock Origin + Poper Blocker to block the popup. I got out of that website immediately. Now I'm very worried about my PC for these following reasons:
+ Nothing changed on my PC, like, absolutely nothing, I seriously don't know if I should be happy or I should be scared as if this virus can hide itself or something like that.

+ Second, I wanna know if that website actually contains any kind of malware, so if anyone has the time and enough knowledge about this kinda stuff, can you please help me check the website out for malware?

+ Third, I've tried using a lot of different AVs to full scan my system, but 0 detection for all of them including Kaspersky, Malwarebytes (14 days Premium Trial), ESET, heck even Windows Defender. I'm kinda worried, what if this is a UEFI/BIOS malware?

+ To end, I'd like to ask if there is a way to check 100% if my PC is clean?

Hope to receive an answer soon! Thanks in advance.

Link to post
Share on other sites

Hello KietTran and welcome to Malwarebytes,

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Next,

Lets grab some logs and see whats going on, continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

 

Link to post
Share on other sites

I've tried fresh installing Windows (once again) and here is what happened

I can't format the recovery partition to it's full capacity, could there be a specific malware that can stop me from fully formatting the partition?

And the system partition too, couldn't format the remaining 5mb however hard I tried.

After everything, I just chose to delete them, and when I got into Windows setup, there was some form of flickering, as shown in the video

PXL_20211102_101814647.MP.jpg

PXL_20211102_101628242.jpg

Link to post
Share on other sites

No I'm not meaning installing, what I meant was that when I tried to format the recovery partition, it's not the full capacity, if I format it, it should be around 594mb like the total capacity, but no matter how hard I tried to format it, it'd just be 579 free, which makes me think of a possibility where a virus may be hiding in those 15mb? Is it possible? Anyway, I simply deleted it an installed Windows normally, until the flickering thingy came.

Link to post
Share on other sites

  • Root Admin

If I may interject @KietTran @kevinf80

If you're doing a clean fresh install of Windows 10 and there is no data you want to keep then simply remove all partitions from both drives, but only if there is not data you want to keep as that would delete all data.

Drive 0 is about 465GB
Drive 1 is about 237GB

I would install Windows on Drive 0. Delete the partitions and do not create a partition or format it. Simply select Disk 0 after removing the partition and allow Windows 10 to automatically take care of sizing and formatting. After Windows is installed then you can initialize Drive 1 and format it.

Note that all hard drives lose a certain amount of disk space when formatting.

Why Do Hard Drives Show the Wrong Capacity in Windows?
https://www.howtogeek.com/123268/windows-hard-drive-wrong-capacity/

 

Here is an excellent article on installing a clean fresh install of Windows 10

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

Cheers and good luck

 

Link to post
Share on other sites

Hiya KietTran,

Can you attach the last three RTP logs please.

To get the RTP Detection log from Malwarebytes do the following:

Open Malwarebytes....
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the RTP Detection log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply

Let me see those logs in your reply. Also is your ISP Telenet..?

Thank you,

Kevin.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.