Shadyrook Posted March 23, 2022 ID:1508176 Share Posted March 23, 2022 ive used adware cleaner and malwarebytes to try to find and get rid of adware but I can not seem to get rid of it. Even tried doing it in safemode Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508184 Share Posted March 23, 2022 Hello. My name is Maurice. I will guide you. Let me know what name you prefer to go by. I will guide you along on looking for potential malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Please stick with me until I give you the "all clear". Your topic will be closed if you haven't replied within 4 days!If I have not replied to your last post after 36 hours, please then send me a P M. The first thing I need is to get a set of these reports & logs. That is the first step. I will then review and use that to guide us along. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] I would like a report set for review. This is a report only. Please download MALWAREBYRES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply , like displayed here. To send ( upload) attachments please click the "ADD Files" link . Then browse to where your file is located and select it and click the Open button. The set of data from the report will provide much needed information. Please always attach reports as we go along. There will be lots more to do after this. Stick with me. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508186 Share Posted March 23, 2022 Additional request for some details about "adware". Does any of it involve a web browser? If yes, which one. OR else, is it a mini ad window ( small) at bottom right od monitor display ? Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508193 Share Posted March 23, 2022 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508199 Share Posted March 23, 2022 I think it is mainly firefox. mini ads from the "scottish sun" newspaper pop up on the bottom right cotner on my screen Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508214 Share Posted March 23, 2022 See this article on our Malwarebytes Bloghttps://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera. Scroll down to the tips section "How do I disable them". You especially want Firefox to NOT allow "push notifications" by "scottish.sun", or really, any other website ....unless you are super positive on a given site. 1 Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508217 Share Posted March 23, 2022 Is that all I need to do? Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508219 Share Posted March 23, 2022 Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. See Support article how-to https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard For Firefox, get the Firefox extension. The Windows EDGE browser is capable of using the same extension as the Chrome one. Note: If your pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate). Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508221 Share Posted March 23, 2022 I have the add on already :) 1 Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted March 23, 2022 Solution ID:1508223 Share Posted March 23, 2022 There is one adjustment + 1 run to get a newer/more recent release version of Malwarebytes + 1 new scan. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Now click on the GENERAL tab Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Next, the Malwarebytes scan. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply.See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 There will be more to do. Stick with me, please. Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508232 Share Posted March 23, 2022 report.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508234 Share Posted March 23, 2022 Very good report. And this pc has the latest Malwarebytes. You need to uninstall Adobe Flash Player 32 NPAPI. It is no longer supported. It is a security risk. Uninstall. Then, after that, run this I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508235 Share Posted March 23, 2022 R.I.P Adobe Link to post Share on other sites More sharing options...
Shadyrook Posted March 23, 2022 Author ID:1508237 Share Posted March 23, 2022 SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2022 ID:1508246 Share Posted March 23, 2022 These items need attention & follow thru for ipdates / some for considering to uninstall. Microsoft 365 Apps for enterprise - en-us v.16.0.14326.20852 Warning! Download UpdateHow Install Office updates? 7-Zip 21.06 (x64) v.21.06 Warning! Download UpdateUninstall old version and install new one. Cisco Webex Meetings v.41.6.3 Warning! Download Update Discord v.0.0.309 Warning! Download Update Microsoft Teams v.1.4.00.8872 Warning! Download Update WhatsApp v.2.2144.11 Warning! Download Update Zoom v.5.7.4 (804) Warning! Download Update Java 8 Update 261 (64-bit) v.8.0.2610.12 Warning! Download UpdateUninstall old version and install new one (jre-8u321-windows-x64.exe). iTunes v.12.11.3.17 Warning! Download Update^Please use Apple Software Update tool.^ ---------------------------- [ potential Unwanted Apps ] ----------------------------- Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. HD Video Player v.1.0.0.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it Link to post Share on other sites More sharing options...
Shadyrook Posted March 24, 2022 Author ID:1508380 Share Posted March 24, 2022 okay, I have deleted/updated the relevent applications Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2022 ID:1508438 Share Posted March 24, 2022 Great. This is the all clear for this case. This next tool is to cleanup the tools we used during this case.What follows is just a tools cleanup. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) NOTE: IF you do not have the Malwarebytes Premium, I would encourage you to buy the Malwarebytes Premium license & activate it so that this machine has real-time protections. Link to post Share on other sites More sharing options...
Shadyrook Posted March 24, 2022 Author ID:1508443 Share Posted March 24, 2022 kprm-20220324220030.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2022 ID:1508445 Share Posted March 24, 2022 Good run. This pc is good-to-go. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2022 ID:1508446 Share Posted March 24, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2022 ID:1508447 Share Posted March 24, 2022 1 tool + 1 report you can delete. Delete mb-support-1.8.n.nnn.exe Delete mbst-grab-results.zip on the Desktop. Link to post Share on other sites More sharing options...
Recommended Posts