Vasma25559006 Posted November 12, 2021 ID:1488099 Share Posted November 12, 2021 Im attaching the required files. Could you please let me know what is the next step ? Thanks in advance! FRST.txt Addition.txt MB threat scan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 12, 2021 ID:1488101 Share Posted November 12, 2021 (edited) Hello Please let me know what name you prefer to go by. My name is Maurice. I will guide you. > Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html > The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. Edited November 12, 2021 by Maurice Naggar corrected font issue Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 12, 2021 Author ID:1488105 Share Posted November 12, 2021 Hello Maurice, My name is Peter. I started running the scan, once it is finished I will upload. Thanks! Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 12, 2021 ID:1488106 Share Posted November 12, 2021 OK. As I said, this Microsoft Safety Scanner will run for many hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 13, 2021 Author ID:1488148 Share Posted November 13, 2021 Hello Maurice, Im attaching the file. Also I found a PASSWD.LOG file in the Windows/debug folder with SamChangePasswordUser2 Please advise on the next step(s). Thank you! msert.log PASSWD.LOG Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 13, 2021 ID:1488185 Share Posted November 13, 2021 Hello. Thank you. This run of the MS Safety Scanner did not find any actual malware. That is a good thing. I would highly suggest that you do this next scan. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 13, 2021 Author ID:1488186 Share Posted November 13, 2021 Dear Maurice, I started the scan, when its done I will upload the log report. Also what to do with the 96 quarantined items by the MalwareBytes ? Thanks in advance! Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 13, 2021 ID:1488188 Share Posted November 13, 2021 Leave alone the items in Quarantine. There is no need to do anything about or for those. That is the "jail lockup". All those items are no longer any threat. Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 13, 2021 Author ID:1488203 Share Posted November 13, 2021 Dear Maurice, Here is the log attached. Eset_online_scanner_log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 13, 2021 ID:1488207 Share Posted November 13, 2021 (edited) Hello, Peter. Thank you. Allow me to suggest one other scan. This is a different special tool to check your pc for viruses, trojans & other malware. Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me know what Sophos reports. Edited November 13, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488247 Share Posted November 14, 2021 Desr Maurice, It came back with 0 threats, Im attaching the results. SophosVirusRemovalTool.log SophosVirusRemovalTool_cloud4.log Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488281 Share Posted November 14, 2021 Hi Maurice, Today I also installed Advanced Identity Protector from the Systweak website (https://www.systweak.com/) and the MalwareBytes quarantied the exe, which I whitelisted then after running it I run another MB scan and found 86 alerts which got quarantined, all related to this product. Do I have to worry about this also ? Thanks! MalwareBytes_scan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2021 ID:1488291 Share Posted November 14, 2021 Most "optimizers" are snake oil junk. Why o why ow why did you ever go to "systweak" ?? Please do not do anything like that. Always ask me first before you actually do anything on your opwn ...while this case is on-going. > We are done with Sophos VRT tool. Now to uninstall it. 1. Press & hold the Windows key on keyboard & then tap the R key to open the Run box-windoww. 2. Type appwiz.cpl and tap Enter. The Programs and Features window will appear. Locate on the list "Sophos Virus Removal". Do a right-click on it. Then choose Uninstall. Let it proceed. Now check closely: Be sure Advanced Identity Protector from the Systweak is no longer installed. Exit Programs and Features. > This is a special one time run to do a different check of this system. This ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed. get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it. Disregard the title subject of the topic. Run the MBAR tool as listed here https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes when done, I need the MBAR logs. Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop. Please attach both files in your next reply. Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488316 Share Posted November 14, 2021 Hi Maurice, I understood Im not gonna anything stupid like this ever again. It has quarantined the Advanced Identity Protector from the Systweak and i deleted the folder it was installed since i did not find that in the installed programs list. I run the scan and once its done ill attach the logs. Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488318 Share Posted November 14, 2021 Hi Maurice, I have run the test and here are the logs. mbar-log-2021-11-14 (21-49-13).txt system-log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2021 ID:1488319 Share Posted November 14, 2021 Alright. Thanks. You can delete mbar.exe You can delete the folder \mbar The scan found no rootkit. Nor any malware. We have run several scans to this point in time. How is the overall situation ? Is there any other help you need ? Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488320 Share Posted November 14, 2021 I have changed all the password was stored in the chrome, but it was encrypted with a passphrase which i dont remember so I just changed all those pws including all of my pws even those are not stored there like FB, email, etc and use 2 factor auth where it is possible and also a password manager ( bitwarden). Do I have to run more scans? I have using BitDefender Free and MalwareBytes Premium (trial for now, but I definitely will purchase as this one is helping a lot) Are you suggesting any apps to use ? Thanks! Link to post Share on other sites More sharing options...
Vasma25559006 Posted November 14, 2021 Author ID:1488321 Share Posted November 14, 2021 And I forgot. Should I keep all those 178 items quarantined or just make MalwareBytes to delete it? Thank you Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted November 14, 2021 Solution ID:1488326 Share Posted November 14, 2021 Hello, Peter. There is zero need to be worried about what is in the Quarantine in Malwarebytes for Windows. NO rush. Wait another week or 10 days, after that, you can delete permanently. Open Malwarebytes for Windows. Click the Detection History card. In the Quarantined items tab, check the boxes of the items you want to delete. Click the Delete button. Deleting the items permanently removes them from Quarantine. > Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). > We can proceed with cleanup of tools we used. To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete msert.exe Delete esetonlinescanner.exe Adwcleaner you may keep and use as needed. Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. SAFETY TIPS: Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/ It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Only using the Standard-access-level user account when surfing and downloading / installing would have been a tremendous way to prevent the infections of this machine. Don't remove ( or change ) your current login. Just use the new Standard-user-level one for everyday use while on the internet. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" > I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2021 ID:1488327 Share Posted November 14, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts