r14v8 Posted February 1, 2022 ID:1500098 Share Posted February 1, 2022 Dear Team, For several days now, after booting up, I have been getting this message about a blocked website, which is apparently supposed to be started via some script. I don't remember installing anything except Red Dead Redemption via Steam. Please help me clear this up! Kind regards Link to post Share on other sites More sharing options...
MKDB Posted February 1, 2022 ID:1500125 Share Posted February 1, 2022 (edited) Hello @r14v8 and My name is MKDB and I will assist you. Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. As English is not my native language, please do not use slang or idoms. It may be hard for me to understand. Step 1 Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit Double-click to run it. When the tool opens, click Yes to disclaimer. Check the box in front of Shortcut.txt. Press the Scan button. FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Edited February 1, 2022 by MKDB 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 1, 2022 Author ID:1500207 Share Posted February 1, 2022 Thank you very much for helping me! Done. But before I upload this here: Who is able to download it? Because there is pretty much private info in it that I do not want to share with anyone but you... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 1, 2022 Root Admin ID:1500212 Share Posted February 1, 2022 Only Staff and Experts/Trusted Advisors trained in malware removal. @r14v8 1 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 1, 2022 Author ID:1500214 Share Posted February 1, 2022 (edited) Thank you, allright! :) Edited February 1, 2022 by AdvancedSetup Logs removed Link to post Share on other sites More sharing options...
MKDB Posted February 1, 2022 ID:1500215 Share Posted February 1, 2022 (edited) 1 hour ago, r14v8 said: But before I upload this here: Who is able to download it? Because there is pretty much private info in it that I do not want to share with anyone but you... I understand your desire for privacy @r14v8. The log files are only used to detect/remove malware and/or repair the system. Private information will not be shared. Edit: Thank you for those logfiles. I will have look on it now. Edited February 1, 2022 by MKDB 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 1, 2022 Root Admin ID:1500216 Share Posted February 1, 2022 Actually I misspoke, this forum does allow download so that members can download files from Helpers to work on their computer. We can delete your logs when done if you like though @r14v8 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 1, 2022 Author ID:1500217 Share Posted February 1, 2022 3 minutes ago, AdvancedSetup said: Actually I misspoke, this forum does allow download so that members can download files from Helpers to work on their computer. We can delete your logs when done if you like though @r14v8 Please do so! :) Thank you very much for your support! Much appreciated! Link to post Share on other sites More sharing options...
Solution MKDB Posted February 1, 2022 Solution ID:1500223 Share Posted February 1, 2022 (edited) Did Malwarebytes' Anti-Malware find anything in the past @r14v8? If so, can you attach those logfiles as well for me, please? Step 1 Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( Desktop ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. Step 2 If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed or if you don't run the newest version yet, please download it from here and install it. Once the MBAM dashboard opens, click on Settings (gear icon). Click on Security tab and make sure that all four Scan options are enabled. Close Settings and click on the Scan button on the dashboard. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop. If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run. Step 3 Please download AdwCleaner and save it to your desktop. Double-click to run it. Accept the End User License Agreement. Click Scan Now. When finished, if items are found please click Next / Quarantine. Maybe your PC will be rebooted, AdwCleaner will be opened automatically. Click View Log File. AdwCleaner will open one log (AdwCleaner[Cxx].txt). Please attach the log to your next reply. fixlist.txt Edited February 1, 2022 by MKDB 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 1, 2022 Author ID:1500230 Share Posted February 1, 2022 (edited) 20 hours ago, MKDB said: Did Malwarebytes' Anti-Malware find anything in the past @r14v8? If so, can you attach those logfiles as well for me, please? Thank you for your quick and thorough turnaround! It's not that Malwarebytes has never found ewtas (my first post in this forum was the last find), but that there was something really dangerous I can't remember. Especially not in the last half year. Unfortunately, I have been getting a lot of spam mails for quite some time, of course I have not downloaded/opened any PDF or other file, but I once fell for an image where "Unsubscribe Newsletter" was integrated, but I was redirected to an ominous page via the image hyperlink, which I quickly closed. But I was sure that MB would have warned me if there was something fishy. Well, it has to come from somewhere. But I'm also not the only one using the PC, so... Edited February 2, 2022 by AdvancedSetup Logs removed 1 Link to post Share on other sites More sharing options...
MKDB Posted February 2, 2022 ID:1500283 Share Posted February 2, 2022 Thank you for your feedback @r14v8. Good job! 👍 Can you confirm that Malwarebytes realtime-protection does not block powershell.exe anymore? Now I would like to check your windows system files. Damaged files can be repaired this way as well (Step 1). Please note: This may take some time (>10 min), so please be patient. A last scan with FRST would be great as well (Step 2). Thank you again! Step 1 Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( xxx ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. Step 2 Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. fixlist.txt 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 2, 2022 Author ID:1500303 Share Posted February 2, 2022 (edited) 4 hours ago, MKDB said: Thank you for your feedback @r14v8. Good job! 👍 Can you confirm that Malwarebytes realtime-protection does not block powershell.exe anymore? Yes, I can confirm that! Thank you very much for your time and effort - some programms didn't work as usual after the fix (I had to reinstall discord - wouldn't have to I guess when I read this earlier - and the autostart was corrupted) but now everything is fine and working like charm! Thank you!! :) Edited February 2, 2022 by AdvancedSetup Logs removed 1 Link to post Share on other sites More sharing options...
r14v8 Posted February 2, 2022 Author ID:1500305 Share Posted February 2, 2022 (edited) Oh I forgot the Scan: (Please also delete this after inspection) Edited February 2, 2022 by AdvancedSetup Logs removed 1 Link to post Share on other sites More sharing options...
MKDB Posted February 2, 2022 ID:1500308 Share Posted February 2, 2022 Thank you again for those logfiles @r14v8. Thank you for your cooperation, we're done. 😉 Step 1 Right-Click on FRST64 and choose Rename. Rename FRST64 into Uninstall. Run Uninstall. FRST and it’s files/folders will be deleted. If the tool needs a restart, please make sure you let the system restarts normally. I'm pretty sure that @AdvancedSetup will delete those logfiles after your next reply. I do not need them anymore. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 2, 2022 Root Admin ID:1500320 Share Posted February 2, 2022 The logs have been removed, thank you. 2 Link to post Share on other sites More sharing options...
MKDB Posted February 2, 2022 ID:1500330 Share Posted February 2, 2022 As this topic seems to be solved, I do not follow it any longer. Take care! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 2, 2022 Root Admin ID:1500344 Share Posted February 2, 2022 Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Install a content blocker for your browser. Malwarebytes Browser Guard (Free)Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 2, 2022 Root Admin ID:1500345 Share Posted February 2, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts