Jump to content

Recommended Posts

Hi,

I have just upgraded a Windows 10 machine to Windows 11. I was setting up my printer and fell victim to a Bing ToolBar be Installed. I have tried to find a way to get rid of it, it is not installed so Add & Remove is not possible. I have set my Default search engine in Edge to a couple of different choices but these choices are ignored. I have run HitmanPro hoping it would allow me to get rid of the Toolbar (I have seen elements of it whilst virus scanning), it did not. I have run AdwCleaner which got rid of several other infections but not this one. I would really appreciate a bit of help here, not sure how proceed.

 

Helter_Skelter

Link to post
Share on other sites

Hello @Helter_Skelter and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

Step 1

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

 

Link to post
Share on other sites

Thank you very much for those logfiles @Helter_Skelter.

 

There is no sign of a "Bing Toolbar" in Microsoft Edge in your logfiles so far.

Please run the following steps, maybe we can find and fix the problem this way.

 

 

Step 1

  • If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed or if you don't run the newest version yet, please download it from here and install it.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

 

Step 2

  • Please download the attached fixlist.txt file and save it to the location where FRST was run from ( C:\Users\Andrew\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Thank you!

 

fixlist.txt

Link to post
Share on other sites

I would like to add something to my statement about the Bing Toolbar:

There may be such a toolbar on Windows 11, but I don't think it's malware. Rather, it will be a toolbar that has been installed by default.

Link to post
Share on other sites

Hi MKDB,

Thanks for all your work on this. Some things went smoothly and notably one did NOT.

I did a clean Install of the latest (v4.5.2) version of Malwarebytes. I did this with F-Secure disabled just in case they interfered (I know from another of my machines that Defender and Malwarebytes do NOT interfere). Ran a ThreatScan after ticking the settings you mentioned. The Scan results are attached, nothing detected. 

I enabled F-Secure (My Main Antivirus) and ran a scan to see if Installing Malwarebytes effected it's functioning. It did NOT and they seemed to Co-exist OK.

I thought things were  going well. I downloaded FRST and your fixlist and in the application clicked on FIX, I was quickly getting boxes from F-Secure saying that DeepGuard had blocked access, I closed one and another 4 followed. I did not want to do anything that might effect your script so all I did was close them as they appeared.

The fixing continued and I was asked in a box to Restart and that I would not see any further responses from this mechanism after the Boot. I clicked, Restart proceeded and I got a BOOT Menu, with only 1 entry, by the time I had read it the timer chose Windows 11 for me.

After the Reboot I collected the log files you requested and I provide here.

I must confess to being a little unnerved that the script was being responded to, especially as I was not familiar with the Notification.

Thanks for handling this issue for me. 

I was a little sceptical about how Malwarebytes would be in combination with F-Secure as this is not a Powerful Laptop, it seemed acceptable Though.

Thanks again MKDB,

Regards,

Helter_Skelter

First MalwareBytes Scan.txt Fixlog.txt

  • Thanks 1
Link to post
Share on other sites

Thank you very much @Helter_Skelter for your logfiles.

 

Please note:

Some of the programs we use here may be misidentified as a threat by your antivirus or antimalware program (like the FRST-fix in your case). Due to a certain program behavior, the security programs cannot distinguish between "good" and "bad" and sound the alarm. These are false alarms, which you can safely ignore.

As I'm aware of the fact that some antivirus programs may be able to interfere (like F-Secure did on your system), I do always post the following sentence in my first post:

Quote

Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.

Maybe I need to clarify that more in the future. I can understand if you were unsettled, but you can trust me: Your system can't be damaged by FRST.

 

 

How is your system running at the moment?

 

Let's talk about this "Bing Toolbar" you were talking about. All scans came back clean.

Did you read my last answer? I think this toolbar is legit and comes with Windows 11/Edge:

Quote

There may be such a toolbar on Windows 11, but I don't think it's malware. Rather, it will be a toolbar that has been installed by default.

Do you still believe that this toolbar is malware-related?

We can do a reset/reinstall of Edge as well if you want... just let me know.

 

 

Can you do a final scan with FRST for me, please (disabling F-Secure might be a good idea)?

Step 1

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Thanks again for your cooperation!

 

 

Link to post
Share on other sites

Hi MKBD,

Sorry about the F-Secure failure to disable.

I have disabled it now and run FRST scan, I attach the 2 files produced.

I may have got the Bing toolbar wrong as the version of software installed on Windows 10 machines had that. It looks like the printer manufacturer did NOT include it in Windows 11 installer.

Can you help me understand the Pros and Cons of having BOTH F-Secure & and Malwarebytes Premium registered with the Windows security Centre. On another machine I have just MalwareBytes and Defender, here Defender is registered and is MalwareBytes is NOT. Is there any conflict here, as I have not seen any so far. I have looked at the reliability log and MalwareBytes has stopped working both Yeserterday once when I installed it and also today. I am used to seeing few errors created by MalwareBytes in the log of this other machine.

I had not thought in terms of buying MalwareBytes Premium as I thought the low hardware spec of the is machine could only handle F-Secure. I am suprised that it performs OK with both.

Not sure if the two in tandem is a reliable and resource tolerated long term option. Any thoughts?

Thanks for your continued help,

Regards 

Helter_Skelter

FRST.txt Addition.txt

Link to post
Share on other sites

Hi @Helter_Skelter,

thank you again for posting the newest logfiles of FRST. Everything looks fine, there is no sign of malware. 🙂

 

Regarding using F-Secure and MBAM at the same time and Windows Security Center registration, I would like to consult @AdvancedSetup.

He can help you competently with such questions. 😉

 

I do use MBAM premium since some years now. There is no reason/need for me to use another antivirus program at the same time.

 

Link to post
Share on other sites

  • Root Admin

Windows Defender is purposefully programmed by Microsoft to automatically no longer function in it's full protection mode if any other antivirus product is installed.

In most cases all other antivirus programs do register in the Security Center (Malwarebytes does offer an option to not register in the Security Center in which case Windows Defender still remains fully functional)

As long as you're not having any specific issues running F-Secure with Malwarebytes then there shouldn't be too much of an issue. You can setup exclusions between all the programs to help try to prevent possible issues.

https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

We have a lot of customers that use Malwarebytes along with Windows Defender and both work very good together as well. Working with other full suite antivirus programs though like F-Secure can potentially cause conflicts as neither product is designed to allow the other to manage antiviral operations.

 

Please let us know if you need anything else.

Thanks @Helter_Skelter

 

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

Hi MKDB & Advanced Setup,

thanks very much for all your help, I have just closed F-Secure & MalwareBytes and run a Defender scan which had NO detections. I have been monitoring the machine performance as it is only a Celeron 1.1 GHz and 3.8 GB usable RAM and a 5,400 HDD (it is a low spec laptop). This low spec is why I choose run F-Secure, as it is very low on System Resources. I have used MalwareBytes Premium for the last couple of days and found that after booting 77% of RAM is being used, before running any Programs. With just F-Secure the figure is 55%. I understand your comments on Defender & MalwareBytes as I am using that combination on a more powerful Desktop. 

Thanks again for all your help MKDB,

Regards,

Hellter_Skelter

Link to post
Share on other sites

Hi @Helter_Skelter,

thank you for the information regarding HP Printer Assistant and Bing Toolbar.

 

Finally you can remove FRST and it's components with Step 1 if you like.

Step 1

  • Right-Click on FRST64 and choose Rename.
  • Rename FRST64 into Uninstall.
  • Run Uninstall.
  • FRST and it’s files/folders will be deleted.
  • If the tool needs a restart, please make sure you let the system restarts normally.

 

 

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Link to post
Share on other sites

  • Root Admin
  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  3. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  4. Install a content blocker for your browser. Malwarebytes Browser Guard (Free)
    Firefoxhttps://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/  
    Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee 
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.