Fantina Posted November 20, 2021 ID:1489260 Share Posted November 20, 2021 I have tried eset online scan, Malwarebytes scan, Microsoft Security Scanner as well. but Windows Defender still says that the above malware is detected. I can't seem to remove this virus. This got infected when my son installed some app related to roblox. Ever since this happened, my gpu driver tends to get an error as well (but it usually fixes itself but its annoying as the HDMI sound gets disabled for a while) I need help, i can't reformat the drive because i have no external storage to backup the important work-related files. Link to post Share on other sites More sharing options...
Fantina Posted November 20, 2021 Author ID:1489264 Share Posted November 20, 2021 FRST Logs attached. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489266 Share Posted November 20, 2021 Hello @Fantina Please let me know what name you prefer to go by. My name is Maurice. I will guide you. > Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html > The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489267 Share Posted November 20, 2021 Looking at the section of system event logs that record Microsoft Defender Antivirus events, U do notice that it has flagged several trojans on this machine. What sort of things has been downloaded today, the day before, or past week or recently as to Excuse letter Spectre 2015 1080p BluRay x264 DTS-JYK dirk rablaks.rar KRNLWRD.rar Sid Meiers Civilization Beyond Earth Where were they obtained ? any sort of dogy site ? I am very concerned because Microsoft Defender antivirus has identified several trojans. 1 Link to post Share on other sites More sharing options...
Fantina Posted November 20, 2021 Author ID:1489281 Share Posted November 20, 2021 Hello Maurice. I'm not sure if my decision to run the Offline Scan of windows defender fixed it. I am attaching the MSERT Log here, and as you can see on the first scan (Nov 20 scan) There are multiple detections. These are what i did by the way from the time of the detection. 1. I ran Windows Defender (still detecting the trojan) 2. I ran Malwarebytes (Detected some and deleted some but there are items flagged as not removed completely) 3. I ran MSERT (Nov 20 log) 4. I ran eset online scan (still detecting the Trojan) 5. Posted here in the forum, and done the FRST 6. While waiting, I ran Windows Defender Offline Scan (because i saw that this helps because it kind of boots the pc in safe mode then eprforms the scan and removal) 7. <This is the time i saw your reply and did the 2nd MSERT, i aborted it because i havent done the show all folders step. then ran it again> 8. Right now there are no detections. And as attached are the logs. I believe the stuff you mentioned are downloaded by my son Dirk, he plays those games (Roblox and Civilization) msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 20, 2021 ID:1489284 Share Posted November 20, 2021 Thank you. This last run of MSERT is extremely helpful. In that, it did find and remove several threats. By the way, at some point later, I would urge a discussion with your son about being much more cautious as to any downloading, any online games, only to go to known safe venues. There is more cleanup and scanning to do just to insure there is no further threats. Please do not run other tools on your own. Here below I have prepared a custom fix script just for this particular machine. The goal is to attempt to do fixes & to hopefully check for remaining threats. Hopefully this will not exceed one hour of run time. Please do not be using other apps or web browsers during these next procedures. Only use web browser for purpose to get to this forum. [ 1 ] As a next basic step, Please make very very sure to set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] We will use FRST64.exe on Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for FANTINA only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also rebuild the Winsock. It will clear the cache files for Chrome & for Edge. It will attempt to look for the "dpeditor" that has been flagged & if found will remove it. NOTE-2: It will attempt to run batch mode scans with Microsoft Defender on the sub-folder(s) AppData\roaming + AppData\Local + Downloads + a Quick scan. Hopefully they will run & hopefully all in under 60 minutes Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to your Downloads folder. Fixlist.txt Start the Windows Explorer and then, to the Downloads folder RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it run and finish 1 Link to post Share on other sites More sharing options...
Fantina Posted November 21, 2021 Author ID:1489308 Share Posted November 21, 2021 Hello Maurice, Here is the FIXLOG.txt as requested. I had a talk with my son already and explained to him the effects of the suspicious files he downloads. I really hope he won't do it again. Is there anyway i can restrict him from downloading files without creating a new user? Fixlog.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted November 21, 2021 Solution ID:1489311 Share Posted November 21, 2021 (edited) Is there anyway i can restrict him from downloading files without creating a new user? The thing is more than just downloading. It is the act of going thru and installing questionable apps as well .....before first Scanning all with the Antivirus before they are opened , before they are installed. It may help to simply just downgrade his user-account to one of "Standard" user if you have him now as a "administrator" level account. See https://www.windowscentral.com/how-change-user-account-type-windows-10# > And to beef-up your web browsers, if they do not each have the free Malwarebytes Browser Guard. Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). > Thanks for the log report. The Windows System File Checker did correct some issues with some system files. I would highly suggest that you do this next scan. I would suggest a free scan with the ESET Online Scanner. This will be another check for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. There will be more to do later. Edited November 21, 2021 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
Fantina Posted November 22, 2021 Author ID:1489395 Share Posted November 22, 2021 Hello Maurice, Apologies for the lateness, i just came home from a double work shift, and i did the eset scan. Here's the log as requested. ESET.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 22, 2021 ID:1489456 Share Posted November 22, 2021 Hello. Do take care to rest up. Thanks for the ESET scan report, which is perfectly good. It reports no virus / no malware. Go ahead and delete the download file named esetonlinescanner.exe Do let me know, How is the system now as regards the Microsoft Defender antivirus ? 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 22, 2021 ID:1489459 Share Posted November 22, 2021 One other action: Malwarebytes for Windows can detect and remove most malware with no further actions required for free. Since it does not appear that this machine has it, go and install Malwarebytes for Windows. See https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows After the setup has completed, run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply.See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 😉 1 Link to post Share on other sites More sharing options...
Fantina Posted November 24, 2021 Author ID:1489740 Share Posted November 24, 2021 Hello Maurice, Microsoft Defender doesnt show any hits now. Here is the log for the Malwarebytes Scan as requested. Thank you so much for being patient with me, Malwarebytes detected an installer of an emulator but i use it in my work. malwarebytes.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 24, 2021 ID:1489764 Share Posted November 24, 2021 (edited) Hello. Good to know about Microsoft Defender. As to the Malwarebytes for Windows scan, I take it that you trust the file "LDPLAYER_ENS_2091_LD.EXE". PUP.Optional.DotSetupIo.BundleInstaller is Malwarebytes’ detection name for a bundler that install a video-player but also offer additional installs. Here is more about what Malwarebytes research team reports about it.https://blog.malwarebytes.com/detections/pup-optional-dotsetupio-bundleinstaller/ I would simply suggest much caution. > Now then, since you report that Microsoft Defender's last status is good, and, the scan with ESET was good, I believe we could wrap up this case. We can proceed with cleanup of tools we used. To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. Delete msert.exe Delete esetonlinescanner.exe Any other download file I had you download, you may delete. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. Edited November 24, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 24, 2021 ID:1489767 Share Posted November 24, 2021 Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard Note: If your pc has Windows 10 EDGE browser, or Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). > Have the Premium Malwarebytes so that your system has full protections in real-time. I believe ther is currently a Black Friday sale https://www.malwarebytes.com/premium > Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. SAFETY TIPS: Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/ It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use. Best practices & malware prevention: Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources. First rule of internet safety: slow down & think before you "click". Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos). Free games & free programs are like "candy". We do not accept them from "strangers". Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing. Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program. Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next". Use a Standard user account rather than an administrator-rights account when "surfing" the web. See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html Only using the Standard-access-level user account when surfing and downloading / installing would have been a tremendous way to prevent the infections of this machine. Don't remove ( or change ) your current login. Just use the new Standard-user-level one for everyday use while on the internet. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. For other added tips, read "10 easy ways to prevent malware infection" > I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 24, 2021 ID:1489768 Share Posted November 24, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts