malware12 Posted November 23, 2021 ID:1489623 Share Posted November 23, 2021 i got malwared yesterday web browser crashed after making an attempt to enter youtube, i cleaned cache and it was ok. today the situation was the same, after opening a youtube website my web browser crashed and after cleaning cache it works. yesterday before turning the computer off i used option "update and turn off windows" and i used it. FRST.txt Addition.txt malwarebyter.txt malwarebytes2.txt Link to post Share on other sites More sharing options...
malware12 Posted November 23, 2021 Author ID:1489624 Share Posted November 23, 2021 i forgot to add - i have premium malwarebytes and its scanning shows that everything is good Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 23, 2021 ID:1489626 Share Posted November 23, 2021 Hello Please let me know what name you prefer to go by. My name is Maurice. I will guide you. > Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html > The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Let me know the result of this. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. 1 Link to post Share on other sites More sharing options...
malware12 Posted November 23, 2021 Author ID:1489647 Share Posted November 23, 2021 msert.log i think the job is done? Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 23, 2021 ID:1489655 Share Posted November 23, 2021 Alright. Thank you. I am listing below some other actions for you, for this machine. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > [ 2 ] We will use FRST64.exe on C:\Users\krzys\OneDrive\Pulpit folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Malware12 only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run the Windows 10 DISM to check the system integruty. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the C:\Users\krzys\OneDrive\Pulpit folder Fixlist.txt Start the Windows Explorer and then, to the C:\Users\krzys\OneDrive\Pulpit folder RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it run and finish. I will look forward to getting the log. 1 Link to post Share on other sites More sharing options...
malware12 Posted November 24, 2021 Author ID:1489815 Share Posted November 24, 2021 here you go Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 24, 2021 ID:1489826 Share Posted November 24, 2021 Thank you. This run is excellent. Plus the Windows System File Checker as well as the DISM check found no system issue. That is all good. As we go along, be sure to let me know if there are new IP blocks citing pl.nex-software.com > I would suggest that you do this next scan. This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications. ( P U A or P U P ). I would suggest a free scan with the ESET Online Scanner. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Please make sure you attach the log report. 1 Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489933 Share Posted November 25, 2021 how to check if there are new IP blocks citing pl.nex-software.com? Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489934 Share Posted November 25, 2021 i still cannot open youtube without previous cleaning CACHE after starting Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 25, 2021 ID:1489940 Share Posted November 25, 2021 (edited) Hello @malware12 A ) Be sure to explicitly tell me which web browser this last issue is involved ! B ) Have you tried to get Youtube using another ( different ) web browser ? like the EDGE browser ? C ) Is it only just Youtube that there are issues ? D) Earlier you asked about how are IP blocks shown / how you can look them up in history of Malwarebytes. First, each block event by the real-time Malwarebytes protections is displayed on a mini-message window on the lower right bottom of your monitor. Below is an example of a website blocked notification. Second, each block event is logged in history logs. See the second half of this Malwarebytes Support article https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows > I need a report set for review. This is a report only. Please download MALWAREBYRES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply BY the way, I did wish & intended and really suggest that you do the ESET Onlinescanner scan like I had listed above. Please be sure that you do that. I need to see the result. https://forums.malwarebytes.com/topic/281135-i-got-malwared/?do=findComment&comment=1489826 Edited November 25, 2021 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489945 Share Posted November 25, 2021 ESET is already in half-way so, i'm using comodo dragon, i can normally open youtube on microsoft edge and on mozilla firefox, no other page except youtube can't be open ( or i just didn't found any more yet) i had no more ip blocks from that site (i opened that site after noticing being malwared, ironically, i found that site after looking for some help on google) mbst-grab-results.zip Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489946 Share Posted November 25, 2021 here is result of ESET scan ESETscanlogs.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 25, 2021 ID:1489947 Share Posted November 25, 2021 (edited) Thanks for the 2 reports. I see that ESET found no virus, no malware on the C drive. It only found just 1 exe file on the D drive. variant detection Win32 / KingSoft.G potentially unwanted application, Win32 / KingSoft.G potentially unwanted application cured by removal. [ a P U A also known as P U P ]. We can recall that the Microsoft Safety scanner had reported no malware. Although, we are aware, that each of the scanners have their own engine & definitions. > I do not believe this case is one of a actual malware. I suspect it is just some sort of set of conditions on the Comodo Dragon browser itself. Have you been trying to get to Youtube just how ? Is there a shortcut link on the desktop ? are you clicking a shortcut link on the Taskbar ? are you clicking a link on a web page ? Just how are you trying to get to youtube with Comodo Dragon ? Are you super duper sure you are clearing all Cache & History on Comodo browser ? See this support oage at Comodo support https://help.comodo.com/topic-120-1-279-2554-Delete-Browsing-History.html You want to "clear browsing history" Clear "Cached images and files" for ALL time ( using the Advanced tab) > Also to be done. This one time special scan. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. ESETscanlogs.txt Edited November 25, 2021 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489948 Share Posted November 25, 2021 1 minute ago, malware12 said: here is result of ESET scan ESETscanlogs.txt 682 B · 0 downloads that WPS office.exe file is just text editor, i think nothing dangerous Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489949 Share Posted November 25, 2021 various ways of opening youtube caused comodo crash, like opening a link on youtube, from powerpoint presentation or writing youtube.com in search bar of browser Link to post Share on other sites More sharing options...
malware12 Posted November 25, 2021 Author ID:1489951 Share Posted November 25, 2021 result of adwcleaner scan AdwCleaner[C00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 25, 2021 ID:1489952 Share Posted November 25, 2021 The last two scheduled scans of Malwarebytes for Windows found no malware. ( 24 NOV +25 NOV) There were 2 IP blocks on the 25th of "pl.nex-software.com". One before that was on 23 NOV. Does that address in any way ring any bell for you ? Each of those block events were when Comodo Dragon was in use. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 25, 2021 ID:1489967 Share Posted November 25, 2021 In addition to the above. Could you take a good look to see all the add-on extensions on the Comodo Dragon browser ? Launch Comodo Dragon. Click the hamburger button at top-right of Comodo Dragon. Click Select 'Add-ons' What I would like you to do is to see if there are any browser extensions you do not need, or, perhaps do not recognize. In any event, make a list of all browser extensions displayed on this Comodo Dragon. > What follows is a different aspect/ feature of the Comodo that I want you to try. 1. Close all tabs in Comodo ( if any are open) 2. Exit Comodo 3. Next restart Comodo in "Incognito mode" like described on this Comnodo Support article.https://help.comodo.com/topic-120-1-279-2559-use-comodo-dragon-in-incognito-mode.html 4. Once that is done, do a test and go to https://google.com Does that work? 5. do a test and go to https://youtube.com 1 Link to post Share on other sites More sharing options...
malware12 Posted November 26, 2021 Author ID:1490010 Share Posted November 26, 2021 extensions: actually i still cannot open youtube in regular mode, but in private i can Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 26, 2021 ID:1490012 Share Posted November 26, 2021 Hello. Thank you for the screen capture on Comodo browser extensions! You report that you can get to Youtube in Incognito mode ( which is important to point out. This tends to point to one or two of those browser extensions as being the source of your problem). I would urge you to turn OFF these 2Mendeley Web Importer Online Security Pro then EXIT Comodo browser. Then later, Restart Comodo browser. 1 Link to post Share on other sites More sharing options...
malware12 Posted November 26, 2021 Author ID:1490013 Share Posted November 26, 2021 but not being able to open a youtube wasn't a thing until monday, i had these extensions since always :/ Are you sure? Mendeley is just a program for citing science researchers Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 26, 2021 ID:1490020 Share Posted November 26, 2021 Please go forward and do as I suggested. Then we will see. Laterr on, you could re-test and turn back On the Mendeley. Please understand, that it is most likely one of the Extensions that is the root of the glitch. OR else, you should migrate to a different web browser. OR uninstall and re-install the Comodo Dragon if you want to have it still. The issue is wholly with this browser. It is not a case of a "infection". 1 Link to post Share on other sites More sharing options...
malware12 Posted November 27, 2021 Author ID:1490046 Share Posted November 27, 2021 turning off these two extension gives no result, i just turned these extensions off, closed browser and then opened the browser and opened youtube, browser crashed once again Link to post Share on other sites More sharing options...
malware12 Posted November 27, 2021 Author ID:1490057 Share Posted November 27, 2021 i noticed that not only opening but also just selecting youtube on searchbar carshes my browser Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 27, 2021 ID:1490066 Share Posted November 27, 2021 You have EDGE browser and Firefix browser, Does any one of them have any issue going to "Youtube"? Does Comodo or else, Windows show a "abort message " of any kind ? 1 Link to post Share on other sites More sharing options...
Recommended Posts