Jump to content

I have fileless malware on my system and dont know how to remove it


Recommended Posts

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Yes, it should work from Safe Mode

 

You should be able to do one with Windows Defender as well

 

 

Please perform a Windows Defender Offline scan and post back the results

Windows Defender Offline is a powerful offline scanning tool that runs from a trusted environment, without starting your operating system.
This topic describes using Windows Defender Offline in Windows 10, Windows 8.1, and Windows 7.

Using Windows Defender Offline on Windows 10

  1. Select Start , and then select Settings  > Update & Security  > Windows Security  > Virus & threat protection .
  2. On the Virus & threat protection screen, do one of the following:
    • In the current version of Windows 10: Under Current threats, select Scan options.
    • In previous versions of Windows: Under Threat history, select Run a new advanced scan.
  3. Select Windows Defender Offline scan, and then select Scan now.

 

Where can I find scan results?

To see the Windows Defender Offline scan results:

  1. Select Start , and then select Settings  > Update & Security  > Windows Security  > Virus & threat protection .
  2. On the Virus & threat protection screen, do one of the following:
    • In the current version of Windows 10: Under Current threats, select Scan options, and then select Threat history.
    • In previous versions of Windows: Select Threat history,

 

 

Link to post
Share on other sites

  • Root Admin

Thank you. That looks good.

After you've scanned again please update Windows.

 

Your version: 20H2 19042.1469

Current version: 21H2 19044.1469

image.png

 

Please visit the following link to update to the latest version of Windows 10

https://www.microsoft.com/en-us/software-download/windows10

image.png

 

Once that update has been installed and the computer restarted, click on Start / Search and type in "Check for updates" and have Windows scan for new updates.

Install any new updates found.

When all updates have been completed, please restart the computer two more times and then run the Farbar program again and click on SCAN and post back both new log files.

 

Thanks

 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

also hey my lil sis went to this site http://www.mediafire.com/download_repair.php?flag=4&dkey=qjzcu5lxr7l&qkey=u1hb7vjlt85rpk3&ip=31.60.74.151&ref=https%3A%2F%2Fwww.youtube.com%2F

is it safe?? i putted that link in virustotal and went to details and got this

Forcepoint threatseeker personal network storage and backup

Sophos personal network storage

and mobile communication

bitdefender filesharing

 

Link to post
Share on other sites

  • Root Admin

Using an APK file requires that you disable security on your Android phone which by itself is not a recommended practice. In some rare cases if you truly trust the site because it is a very well known site and not known to practice in any type of phishing or deceptive practices, etc. But even then you would normally just play it on the safe side and wait for a released version from the Play Store.

In this case the file is a threat.

https://www.virustotal.com/gui/file/152622eae877b4a6f7db366c96ea497c5e1e56f2739b5c7a72a5373d56d5849c?nocache=1

Windows Defender on a local computer also flags it as a Trojan. You sister hopefully did not install it and simply just deleted it.

image.png

 

Link to post
Share on other sites

  • Root Admin

You do have one faulting service. Not sure exactly  why, but sometimes these type of faults are random and don't often repeat. @decent_strawberry_34

Error: (01/26/2022 03:17:22 PM) (Source: Application Error) (EventID: 1000) (User:)
Description: Faulting application name: SensorDataService.exe, version: 10.0.19041.746, time stamp: 0x9411a0ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Error offset: 0x0000000000000000
Faulting process id: 0x840
Faulting application start time: 0x01d812bf6f4edc7e
Faulting application path: C: \ WINDOWS \ System32 \ SensorDataService.exe
Faulting module path: unknown
Report ID: 9b610c7d-79d9-45ea-a38e-b18341719f6e
Faulting package full name:
Application ID relative to the error package:

 

Aside from that the computer looks to be clean from any type of malware or other threats. The computer overall has also been cleaned up in general for normal maintenance type work.

Unless there is something else we should be done looking at this computer. It is not infected at this time.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  3. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  4. Install a content blocker for your browser. Malwarebytes Browser Guard (Free)
    Firefoxhttps://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/  
    Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee 
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • Root Admin

You can but I would not personally recommend it.

AVG has some of it's own issues and does not score any better than Windows Defender so you're adding software that's actually not as good.
Emsisoft Anti-Malware is a good product but would be better if you had a paid license.
Hitman Pro isn't helping you if  you already have security software you're using. It's overkill to add too many security products.
SuperAntiSpyware - up to you but it too is not helping your computer and is consuming resources for no good reason
Malwarebytes if it's not the licensed version then it too is just an after the fact scanner and would not prevent an attack in the free version.

 

If you have a paid license for Malwarebytes my suggestion would be to leave all those off the system and use Malwarebytes with Windows Defender. That is a very strong solution.

Again, up to you but that's my current advice. Pay for Malwarebytes or Emsisoft and you'll have better protection than just Windows Defender alone.

 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

Windows Defender already protects for Ransomware. Again, it scores better than AVG. Up to you but you're hampering your computer picking AVG over Windows Defender

For cookies use a browser extension. That's a rather huge impact on resources to use an entire application to clean cookies.

https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/

 

 

Please install the following Content Blockers for your Web browsers if you haven't done so already.

Malwarebytes Browser Guard

uBlock Origin

 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.