Jump to content

Allowed threats - viruses


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello,

First, I would like to apologize for any grammar mistakes in advance. English is not my native language...

I need help with removing any possible viruses from my pc...

As you can see below, when I open Firewall settings and go to allowed threats, there is a list of viruses that are for some reason allowed on my pc. When I click on Don't allow and come back again to allowed threats they are still there. I have done quick scan and full scan, but scans show no threats.

Screenshot_1.thumb.png.3748938fdd4e2e1b7d5807ec7f4c2604.png

Link to post
Share on other sites

Hello.      :welcome:

My name is Maurice.  I will guide you.   Those surely are about Microsoft Defender antivirus.

I will guide you along on looking for potential malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • ...things can go very wrong!
  • Backup
  • any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a USB-storage drive or flash/thumb drive
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Please stick with me until I give you the "all clear".

Your topic will be closed if you haven't replied within 4 days!
If I have not replied to your last post after 36 hours, please then send me a P M.

 

The first thing I need is to get a set of reports & logs from the Malwarebytes for Windows application.

 

That is the first step.  I will then review and use that to guide us along.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 [   2    ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Link to post
Share on other sites

Thank you very much for the report file, Markan99.  We will be doing a series of procedures in order to get to the goal of getting Microsoft Defender to be in good shape. As I noted before, do not make changes or run other things on your own.  If you have questions or something is not clear, Stop and ask me first.  

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

[    2    ]

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.   This step is not a cure-all.  We have much more work to do later.  Stick with me.

Link to post
Share on other sites

I would prefer that you not be web-surfing.  But if you absolutely must, then do that.   When done, close the web browser.

Just please no playing of online games.  Just only do what is a 'must' do.  Then exit out.  We prefer that the scan run as a stand-alone run.

Link to post
Share on other sites

Thank you for the log from the MS Safety scanner.  It really truly found no malware. What counts the most is the bottom lines of the Safety Scanner log. 

Microsoft Safety Scanner v1.355, (build 1.355.2280.0)
Started On Fri Jan 21 22:41:20 2022

Engine: 1.1.18900.2
Signatures: 1.355.2280.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sat Jan 22 00:33:49 2022

We are done with the MSERT tool.

^

That said, there are remainders of a few boogers that we need to remove via a custom script.   

Next, a custom script to do some checks & some attempted cleanups.

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Markan99  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .    It will rebuild the Winsock.  It will attempt to remove several suspect files.  Do keep in mind, we will still need to run more efforts later. Especially for the "allowed threats".

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome,  and Opera  & BRAVE caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt             <<< - - - - - -

 

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTEENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

There will be one more Fixlist run to do after this to removing mentions of "allowed threats" on Microsoft Defender.  This run is not a cure-all-one-shot.

Link to post
Share on other sites

  • Solution

Hello. Thank you for the log report.  A very good run.  We have additional work to do. 

Next, a  new   custom script to do some checks & some attempted cleanups.  First, please go to the Downloads folder. Delete the old file named Fixlist.txt

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  Markan99  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will run faily quickly.

NOTE-1:  This script will  run remove 2 folders from the exclusion list of Microsoft Defender.  It will run a new quicfk scan with Defender antivirus. It will attempt to a get full status report about Windows Defender antivirus.

 

  •  
  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
  • Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt             <<< - - - - - -

 

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTEENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

There will be more to do after.   Please stick with me.

  • Thanks 1
Link to post
Share on other sites

Thank you.  Bravo.  The run is very good.  This system is in beter state.  

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

  • Thanks 1
Link to post
Share on other sites

Hello.  Good morning.  About the Malwarebytes scan report: first of all notice each line in report mentions 

No Action By User

which makes me think you did not TICK the check-box on each line so it could be removed.  Secondly, they are all about the Microsoft Edge brower. Plus, they are all 

PUP.Optional.PCVARK

Here if the next step to do.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

[   2   ]

Delete cache in the new Microsoft Edge browser.
Open Microsoft Edge, select Menu (3 dots icon on top right corner of the browser) > 
Settings> Privacy & services.

2. Under Clear browsing data
select Choose what to clear.
Select the

Cached images and files check box 


and then select Clear

[  NEXT  ]

 Next, start Malwarebytes for Windows.

Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

😉

  • Thanks 1
Link to post
Share on other sites

Thank you.  Notice this most recent Malwarebytes scan report shows 2 occurrence of a extension 

KACLJCBEJOJNAPNMIIFGCKBAFKOJCNCF

on Edge browser as removed & Quarantined.

PUP.Optional.PCVARK C:\USERS\MARKAN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Local Extension Settings\kacljcbejojnapnmiifgckbafkojcncf, Quarantined,
PUP.Optional.PCVARK, C:\USERS\MARKAN\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\KACLJCBEJOJNAPNMIIFGCKBAFKOJCNCF, Quarantined
Link to post
Share on other sites

Those "extensions" ought to be gone.  But lets get fresh reports so I can review.

The report tool FRSTENGLISH is on the Downloads folder.

  • Double-click FRSTENGLISH.exe  to start it. When the tool opens click Yes to the disclaimer.
  • Be sure to tick the check-box Addition.txt
  • Press the Scan button.

_frst_scan.jpg

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually
  • Please attach FRST.txt + Addition.txt
  • Thanks 1
Link to post
Share on other sites

It seems pretty good. I would say that there is no more threats, but I'm not the one that should say so. There are no more threats allowed in Defender, and Malwarebytes shows nothing as a threat. So I would say that our job is done, and that we have successfully cleaned my pc. 

Just want to thank you very much for your work and kindness, really appreciate it, without you I would just wander around probably causing more damage to my pc...

Link to post
Share on other sites

You are welcome.  Yes, I do belive this pc is free of malware. 

I would recommend getting a readout report as to update status of some key apps.

 

  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.