Jump to content

Task manager closing itself imminently

waleed

By waleed
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hello     :welcome:

My name is Maurice.  I will guide you.  The first thing I need is to get a set of reports about the condition of the system.

That is the first step.  I will then review and use that to guide us along.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites
waleed

waleed

Posted
  • Author
Posted

IDK what is going on. I tried to download antivirus software and unfortunately I install some unknown file name (88) and after that my YouTube channel were suspended due to suspicious activity and also my computer is working slow after that and it is getting hot too fast. I also try to run malware byte but they show no virus or anything suspicious in my laptop.

 

Please help with all these scenario.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Good day to you. I hope this year will be better for you and all.

While this case is on-going, please be sure you do not play any games, especially online games. Be sure you do no websurfing. Only go to sites I guide you to.

There a many high-suspect folders, files, and executables on this machine. Again, no game playing & also NO torrenting ( peer to peer file-sharing).

The next script is a attempt to do cleanups. If we do not make good headway, you may need to rebuild the Operating system and do all new program installs.

.

Next, a custom script to do some checks & some attempted cleanups.

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  WALEED  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .    It will rebuild the Winsock.  It will attempt to remove several suspect files.  Do keep in mind, we will still need to run many scans with other tools later on.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt

 

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTEENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Good morning. I have reviewed the log report.  While several suspect files were removed, a upload submission of 3 of those to Virustotal ( a security-community resource that has multiple scanners) indicates there was a Artemis trojan + a spyware.passwordstealer + a backdoor trojan.

Because of all of these serious malware , a serious set of advice.

These infections allow hackers to remotely control your computer, steal critical system information and Download and Execute files

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Because of the backdoor trojans, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with these malware, the best course of action would be a reformat and reinstall of the Windows OS and all applications. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

 

We can attempt to do more hunting to try to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup attempt, please proceed with the following steps.

Running this next tool is not  a one-shot-solution.  There would be lots more scanning to do after this.

Download Sophos Free Virus Removal Tool   and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result....

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

I  would want to have that report file.  Let me know what Sophos report.  Running this tool is not a one-shot-solution.  There would be lots more scanning to do.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Good morning. Thank you for the Sophos log.

We are done with Sophos VRT tool.  Now to uninstall it.

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run box-window.
2. Type  

appwiz.cpl 

and tap Enter.
The Programs and Features window will appear.   Locate on the list "Sophos Virus Removal".

Do a right-click on it.  Then choose Uninstall.   Let it proceed.

Exit Programs and Features, when done.

>

There is still lots more to do if we want to do more checks.

This ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed.

get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.

Disregard the title subject of the topic.

 

Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

 

when done, I need the MBAR logs.

Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.

 

Both files can be found in the extracted MBAR folder on your Desktop.

Please attach both files in your next reply.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

MBAR found and removed seeral serious malware.  Including Backdoor.bifrose + Spyware.stolendata + Trojan.injector

Be sure that you have done a Windows Restart since after completing the MBAR run.  It has some deletions to do to finish its task.

Then,

 would suggest that you do this next scan. This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications.   ( P U A  or  P U P ).

I would suggest a free scan with the ESET Online Scanner.  This will be another check for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.     

  • Thanks 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Did you run the Kaspersky scan several times ? I only intended one scan. It seems to me that you repeated the scan several times. I would like to point out that any files in folder C:\FRST\Quarantine were out of the way and already isolaed ( in quarantine).
^
This system does not have Malwarebytes for Windows installed. So lets get it installed & then do a scan.
Malwarebytes for Windows  can detect and remove most malware with no further actions required for free.
Since it does not appear that this machine has it, go and install Malwarebytes for Windows.
See https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows

After the setup has completed, run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. If the Kaspersky tool is still running, that is not desired. Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select  

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @waleed

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept