machinelearning/anomalous.100%

[anxious]

So a couple of weeks ago malewarebytes detected this machinelearning/anomalous file. It quarantined and deleted it but I'm still nervous. Besides from 2 blue screens, it's been acting normally. It's been a little slow sometimes, but I did leave it on for like 2 days so that could be the culprit too. 

The file that it said it was, I have never seen before nor do I remember deleting it (it was in the recycle bin).

I will include what the log said below. How scared should I be?

-Log Details-

Scan Date: 11/21/21

Scan Time: 11:47 PM

Log File: 45f57684-4b4f-11ec-a555-00f48d59282c.json

 

-Software Information-

Version: 4.4.11.149

Components Version: 1.0.1513

Update Package Version: 1.0.47489

License: Trial

 

-System Information-

OS: Windows 10 (Build 19042.1348)

CPU: x64

File System: NTFS

User: LAPTOP-KRR9UCJE\18133

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 328579

Threats Detected: 2

Threats Quarantined: 0

Time Elapsed: 39 min, 58 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

FFile: 2

MachineLearning/Anomalous.100%, C:\$RECYCLE.BIN\S-1-5-21-1586680042-2755691978-1425723347-1001\$RY1M41K.EXE, No Action By User, 0, 392687, 1.0.47489, , shuriken, , 0C614FD51EB9D510E93402B3769E073E, 477600D27BABB0CDF8142430B5AC30C1DAF761BEF950B1BC33FC19081C0667A

MachineLearning/Anomalous.100%, C:\$RECYCLE.BIN\S-1-5-21-1586680042-2755691978-1425723347-1001\$RMFNHI1.7Z, No Action By User, 0, 392687, 1.0.47489, , shuriken, , 820118840D5407868138DF60DAA1317E, AEF131FEB45E9D6F60B759072EA3CD25D188AED5A8B7FC19120E879887ADEA1

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

[Maurice Naggar]

Hello 

My name is Maurice.

I would recommend that you do Empty the Recycle Bin.

Should you be worried?  I do not think so.  But do do a new Scan with Malwarebytes for Windows and let me know that result.

The 2 files previously tagged would appear to have been some sort of temporary files.

[anxious]

1 hour ago, Maurice Naggar said:

Hello 

My name is Maurice.

I would recommend that you do Empty the Recycle Bin.

Should you be worried?  I do not think so.  But do do a new Scan with Malwarebytes for Windows and let me know that result.

The 2 files previously tagged would appear to have been some sort of temporary files.

Hi Maurice, 

Thank you for replying.

Are you sure? ;-; How do you know it was a temporary file? One said .exe.

After deleting it, I have done a few scans but I'm scared maybe Malwarebytes missed something.

[Maurice Naggar]

The files had been in Recycle Bin.  Please confirm you have emptied the Recycle Bin.

The files had a name with $ as first character which tends to indicate they were intended as temporary.

Curiious to know if you have scanned with the resident antivirus program on this pc ?

>

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

>

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

• Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

[anxious]

2 hours ago, Maurice Naggar said:

The files had been in Recycle Bin.  Please confirm you have emptied the Recycle Bin.

The files had a name with $ as first character which tends to indicate they were intended as temporary.

Curiious to know if you have scanned with the resident antivirus program on this pc ?

>

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

>

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

• Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

I believe I cleared my recycle bin as soon as I got that alert, but just in case I cleared it again and also showed all the folders. 

By resident anti-virus, do you mean windows defender? If you do, then it has scanned and hasn't found any issues as far as I know. Also, im downloading the scanner now and will get back to you with the results.

[anxious]

Here are the results ;--; Any ideas of what I should do next? 

Microsoft Safety Scanner v1.353, (build 1.353.1929.0)
Started On Wed Dec  1 17:51:37 2021

Engine: 1.1.18800.4
Signatures: 1.353.1929.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Full Scan Results:
------------------
Threat Detected: VirTool:Win32/DefenderTamperingRestore and Removed!
  Action: Remove, Result: 0x00000000
    regkeyvalue://hklm\software\microsoft\windows defender\\DisableAntiSpyware
        SigSeq: 0x0000055555C57273

Results Summary:
----------------
Found VirTool:Win32/DefenderTamperingRestore and Removed!
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Wed Dec  1 23:45:27 2021

Return code: 6 (0x6)

[Maurice Naggar]

Thanks for the report. I will be guiding you to do a few additional / different scans.  I would ask that you always just "attach" each report file as you go along.  Instead of copying & pasting into main Reply box.

[   1    ]

 would suggest that you do this next scan. This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications.   ( P U A  or  P U P ).

I would suggest a free scan with the ESET Online Scanner.  

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get it started.

 

• When presented with the initial ESET options, click on "Computer Scan".
• Next, when prompted by Windows, allow it to start by clicking Yes
• When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

• Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

• When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.     

[    2    ]

I would recommend getting a readout report as to update status of some key apps.

• Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

• and save the tool on the desktop.
• If Windows's  SmartScreen block that with a message-window, then
• Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Please only just attach the report.

• To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

I am glad to have read your note saying that Microsoft / Windows Defender has reported no infection.  The result from the Microsoft Safety scanner is simply just a report that the Microsoft Defender has been re-adjusted to re-enable its anti-spyware option. That by itself is not any finding of actual infection.

Cheers.

[anxious]

I'm trying the Eset one right now, it's taking longer than I expected by a long shot ;--; so sorry about that. I'm a little nervous to try the SecurityCheck one, just since it's not like a brand or anything. When the results from the Eset come in though, I'll post them up !

[anxious]

49 minutes ago, anxious said:

I'm trying the Eset one right now, it's taking longer than I expected by a long shot ;--; so sorry about that. I'm a little nervous to try the SecurityCheck one, just since it's not like a brand or anything. When the results from the Eset come in though, I'll post them up !

Eset came back with finding nothing so there was nothing I could attach... that is assuming I did it right, but as far as I saw there was no where I could save any type of log.

[Maurice Naggar]

I am understanding that the ESET Onlinescanner reported no malware / no virus.

I am encouraging you to go ahead with the run for SecurityCheck.  It is a trusted & known app.  We use it here as a standard routine to get a reading of the security status.  It will help me to help you to check the protection status of your system.

<

If you are done with the ESET, go ahead and delete the downloaded file esetonlinescanner.exe

[anxious]

Took my laptop to the shop, turned out I did have a virus, a malware, and a spyware ;-;. They're going to wipe it but now I'm scared of how my personal data will be effected.

[anxious]

Now, I'm just concerned what's going to happen going forward. How do I know that they haven't already stolen all my personal data? It's been on there probably around a week or 2.

[Maurice Naggar]

Hello.

I am quite surprised to read that you took the machine to a shop.  Did they inform you of actual details on exactly what tools they ran, plus exactly what was found ?

If they will wipe the system ( you said wipe it) that means all information on disk will be gone.   Do you have a backup of your system from before all this?

I am surprised of this news since we know that ESET Online reported no malware, as well as the Microsoft Safety Scanner reporting no malware.

As far as "stolen data", it is doubtful that there was any real loss since the 2 things flagged on November 21 were in the Recycle Bin.  They were not located in the active storage. Meaning they were not active.  Plus, odds are that the detection engine was overly aggressive.

To protect in future, if you are anxious about your personal data, here as a bunch of tips.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

also see

Tips to help protect from infection
https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/#comment-1372004

 

I do regret to read that your system is being wiped.  I do wish you well.

Backup is your best friend.  Keep a set of backups ( taken on some regular basis) on offline backup media.

Also I would suggest having the Premium Malwarebytes so that your machine has real-time active protections.

[anxious]

Honestly, I think that if I didn't take it to the shop, my anxiety would get worse and I wouldn't be able to function properly 😅

I backed up all my most important things, the rest was disposable. Sad, but oh well. I'm just glad to not be super anxious anymore. Thank you so much for all the help :D And no he didn't say any of the actual details, just explained what I had on there.

I will take all your advice pertaining to backups and keeping my personal information safe.

[Maurice Naggar]

Glad we could help.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Edited December 5, 2021 by Maurice Naggar