Jump to content

Spyware.StolenData.E

Vasma25559006
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello :welcome:

Please let me know what name you prefer to go by.

My name is Maurice.   I will guide you.

>

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

>

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

Edited by Maurice Naggar
corrected font issue
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

OK.  As I said, this Microsoft Safety Scanner will run for many hours. 

Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello.  Thank you.  This run of the MS Safety Scanner did not find any actual malware.  That is a good thing.

would highly suggest that you do this next scan.

I would suggest a free scan with the ESET Online Scanner.  This will be another check for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report. 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello, Peter.   Thank you.

Allow me to suggest one other scan.

This is a  different special tool to check your pc for viruses, trojans & other malware.

Download Sophos Free Virus Removal Tool   and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result....

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Let me know what Sophos reports.   

Edited by Maurice Naggar
Link to post
Share on other sites
Vasma25559006

Vasma25559006

Posted
  • Author
Posted

Hi Maurice,

 

Today I also installed Advanced Identity Protector from the Systweak website (https://www.systweak.com/) and the MalwareBytes quarantied the exe, which I whitelisted then after running it I run another MB scan and found 86 alerts which got quarantined, all related to this product.

Do I have to worry about this also ?

 

Thanks!

 

MalwareBytes_scan.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Most "optimizers" are snake oil junk.  Why o why ow why did you ever go to "systweak" ??

Please do not do anything like that.   Always ask me first before you actually do anything on your opwn ...while this case is on-going.

>

We are done with Sophos VRT tool.  Now to uninstall it.

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-windoww.
2. Type  

appwiz.cpl 

and tap Enter.
The Programs and Features window will appear.   Locate on the list "Sophos Virus Removal".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.

Now check closely:  Be sure Advanced Identity Protector from the Systweak is no longer installed.

Exit Programs and Features.

>

This is a special one time run to do a different check of this system.   This ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed.

get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.

Disregard the title subject of the topic.

 

Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

 

when done, I need the MBAR logs.

Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.

 

Both files can be found in the extracted MBAR folder on your Desktop.

Please attach both files in your next reply.

 

Link to post
Share on other sites
Vasma25559006

Vasma25559006

Posted
  • Author
Posted

I have changed all the password was stored in the chrome, but it was encrypted with a passphrase which i dont remember so I just changed all those pws including all of my pws even those are not stored there like FB, email, etc and use 2 factor auth where it is possible and also a password manager ( bitwarden).

Do I have to run more scans?

I have using BitDefender Free and MalwareBytes Premium (trial for now, but I definitely will purchase as this one is helping a lot)

Are you suggesting any apps to use ?

 

Thanks!

Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted

Hello, Peter.

There is zero need to be worried about what is in the Quarantine in Malwarebytes for Windows.  NO rush. Wait another week or 10 days, after that, you can delete permanently.
Open Malwarebytes for Windows.
Click the Detection History card.
In the Quarantined items tab, check the boxes of the items you want to delete.
Click the Delete button. Deleting the items permanently removes them from Quarantine.
>
Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard


Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).
>
We can proceed with cleanup of tools we used.

To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to 

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete msert.exe
Delete esetonlinescanner.exe

Adwcleaner you may keep and use as needed.
Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

SAFETY TIPS:

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

Only using the Standard-access-level user account when surfing and downloading / installing would have been a tremendous way to prevent the infections of this machine.


Don't remove ( or change )  your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"  

>

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.