Random error log

[Nkvd]

Hello, I got this random error log on my windows temporary files and I think its related to malwarebytes.

Ive had a virus in the past but a friend looked over my pc and suposedly it was mostly fixed and shouldnt be an issue again but I noticed things like a random file named "temp" appearing on my C drive and now the following error, just wanted to see if it was any major concern or even related to MB.

mb_errors999.log

Edited April 2, 2022 by Nkvd

[Maurice Naggar]

Hello @Nkvd  I will guide you. First, let me say it is unclear from what log exactly those few lines were obtained. Anyhow, please do not do things on your own. 

• Next, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 [   3    ]

• I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along. 

There will be lots more to do after this. Stick with me.

[Nkvd]

Hello, I apologize for not instantly getting back to you as it was already past midnight so I did not have the time to follow the instructions. I will do them in a few hours in the morning and provide the logs as soon as I can afterwards so feel no need to check this thread until then (around 10 hours or so). 

[Nkvd]

Here are the reports. I apologize for the delay as I only had the free time now.

Ive included a screenshot of my C drive's main folders where the "temp" folder mentioned previously is located. The folder reappears with every shut down and restart but is always empty even when allowing the file explorer to show system files.

I should add that the virus I originally got was decent at staying under the radar but with the paging file and hybernation file it went either inert or completely was disabled as it hid in the windows paging file, it was after I made windows stop getting a paging file that the following folder appeared. Looking through the logs I think for whatever reason MB's self procetion early start is off when it should be on but that seemed like the only thing out of the normal and could be from me forgetting to toggle that option.

mbst-grab-results.zip

Edited April 3, 2022 by Nkvd

[Maurice Naggar]

Having a c:\temp folder does not mean there is some kind of "threat".  Not just it being there. 

 Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

• Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

also, on Security tab

1. Disable the Expert Systems Algorithms setting IF it is on

• Now click on the GENERAL tab

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

• Next, the Malwarebytes scan.
• Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

[Nkvd]

I usually unplug the desktop from the internet beforeshutting off and then from power but last night I forgot to do it and when I turned it back on I noticed about 4GB of extra disk space on the affected disk. This might be an issue as ive found before that everytime Id try to get help over the forum something like this would happen when presumebly the main part of the malware would be removed leaving just the basics needed to reinfected, Ive also switched out the router meanwhile aswell.

The virus was hidding in the hibernation and paging files from windows so I removed both and it seemed to fix the issue for the most part aswell but later on after re enabling the paging file it became apparent again.

As of now the scan is stuck searching for rootkits and it wont go past 210 scaned items even after 15 minutes which is rather unusual as usually thats about half the time a full scan will take and it gets through the first 5 stages in a few seconds.

EDIT: Its been just about an hour and its still stuck at the same

Edited April 3, 2022 by Nkvd

[Nkvd]

Ive restarted the scanner and this time it seems to be going along nicely, I'll attach the log for the fail scan bellow incase it might be of interest. I looked them over briefly and the only weird thing I can see is the user having a name that does not show up as shown bellow, though granted I did temporarely create a local account with that name but I had to switch out of it as there was incompatibility with a microsoft store game.

 

MBLogFailed.txt MBLogSuccessful.txt

Edited April 3, 2022 by Nkvd

[Nkvd]

Just had my game randomly close itself twice in a row, second time I got some error saying firefox had crashed even though neither were corelated. Ive been getting this type of errors now and then. I noticed in the maintenance service logs the following lines which I think might be related, ive had the issue of apps being remotely shut off before aswell as seemingly random inputs, sometimes my keyboard even switches the layout to match an english one. I attached the full maintenance log bellow. Under Program Data I had a second Mozilla folder with random numbers after it which I deleted and seemingly did nothing which might be what was causing the issue, files were very similar but the shady one had extra content to it, I noticed it had a file with FLTK on it which I deleted and a similarly odd microsoft folder which I havent seen before, inside there was a document that when opened with notepad had the following link  http://standards.iso.org/iso/19770/-2/2009/schema.xsd

maintenanceservice.log

Edited April 3, 2022 by Nkvd

[Maurice Naggar]

Next to do 

This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get it started.

 

• When presented with the initial ESET options, click on "Computer Scan".
• Next, when prompted by Windows, allow it to start by clicking Yes
• When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

• Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

• At screen "Detections occured and resolved" click on blue button "View detected results"
• On next screen, at lower left, click on blue "Save scan log"
• View where file is to be saved. Provide a meaningful name for the "File name:"
• On last screen, set to Off (left) the option for Periodic scanning
• Click "save and continue"
• Please attach the report file so I can review

Edited April 4, 2022 by AdvancedSetup
Corrected font issue

[Nkvd]

Here is the log from the scan.

Apologies for the late reply saw the message a bit late

ESETScan.txt

[Maurice Naggar]

It sure looks as if you select a "quick" scan with the ESET online scanner.  I am looking for a FULL scan. Please redo my request with a FULL scan.

[Nkvd]

I will re-do the scan but I clicked the full scan option, for some reason it just did not do it. Unless it only checks the C drive I have over 1 million files. It's an issue I've found before, don't know if it's related to malware or not, I will do a custom scan selecting all drives as it usually gets around the issue and post back the results afterwards 

[Nkvd]

Apologize for how long its taken. Yesterday I let the scan run and left my desktop unattended for some time while it ran and when I came back for some reason it was hibernating with ESET closed and Im unsure if it finished the full scan or not. I noticed 4GB of space filled out of the blue but 2 were free'd up on restart. As for the scan I'll let it run for a few hours and post back once its finished

[Maurice Naggar]

I look forward to having the scan report. [ a small note of caution.] Free space can possibly flux due to Windows system hibernation and the mere fact of running multiple applications on Windows. Let's be patient and not wonder off suspecting things here & there.
I use proven, known security tools to determine whether there is a real actual infection.
I believe here there is just a few glitches that are a normal occurence on any Windows machine.

[Nkvd]

Here is the scan result, for whatever reason it seemed to scan about the same ammount of files as the full scan did which is still nowhere near as much as I have. Ive run MSERT and KVRT before and both scanned at least double or tripple the ammount of files MBAM and ESET are scanning.

As for hibernation I have it disabled via command line same for the windows paging file which is why the fluctuation is odd. Ive ran tests on my laptop which I suspected was infected and while disconnected from the internet there would be no fluctiations at all aswell as the screen not locking and it not going into sleep as I told it to in the settings, however when plugged to the ethernet it would go into sleep as regular and lock the screen as if it was being managed by an outside source with different windows settings.

My friend who looked it over said there was a chance he was running a virtual machine on my desktop to be able to use it as his own pc while Im on it since the cpu would allow for it but that would explain the sudden unexpected performance drops but he looked it over fairly quickly so that might not be the case.

ESETScan2.txt

Edited April 5, 2022 by Nkvd

[Maurice Naggar]

Please get your friend to disable / turn off any VM he has.  When that has been done, kindly confirm that for me.

[Nkvd]

I'm unaware of what a VM is I'm sorry. He looked it over in person but I suspect that the person who initially gave me the virus has been using my desktop as a virtual machine. 

I'm not sure if this helps but originally the virus was that Trojan pretending to be a copy of Word 2010 that was spread around a few years ago. I'm currently running a custom scan of everything except the D drive to see if it makes a difference 

[Nkvd]

Here are the results of the custom scan. Again no detections.

However I did notice something odd, when running DXDIAG from the start menu the system information shows a paging file still being used despite me having it disabled as shown bellow, I think this might be part of the issue as how my friend had previously stated likely the virus was hidden in the paging file, it would eat up the RAM so the desktop would be forced to use it to load and maintain any apps Id open and keep track of what I was doing/crash them by simply keeping track of what was in the paging file

ESETScan3.txt

Edited April 5, 2022 by Nkvd

[Maurice Naggar]

These ESET scans report no malware; no anything. You have also indicated that you have run the MS Safety Scanner & also Kaspersky Virus Removal Tool.

That means we can rule out what you said a bit earlier 

Quote

 originally the virus was that Trojan pretending to be a copy of Word 2010 that was spread around a few years ago.

The scans have reported no infection or malware. I honestly think we need to slow down & regroup. If on your original case with Ron you had wiped/erased the system, and rebuilt Windows with a clean install then there should be zero suspicion as to any outside person having a hook into your system.

At the top of this case, someone grabbed a loose bit out of some log and then was wondering about Malwarebytes for Windows. Granted at some point it seemed to stall ( last Sunday ). But that can happen & is not suspicious malware. If needed, I can guide you on a new scan.

Close any un-needed other extra windows that may be hogging the monitor screen.

[ A ]

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• Close Notepad if it should open.

[ B ]

• The support tool is mb-support-1.8.7.918(3).exe on the Downloads folder.
• Launch the mb-support-1.8.7.918(3).exe
• Once you start it click Advanced >>> then Gather Logs
• Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

• Please attach  mbst-grab-results.zip    to your reply 

[Maurice Naggar]

PS.  Please do not go poking about the system. Like the preceding post about "dxdiag".  Stop rummaging about on your own, please.

[Nkvd]

Here is the zip file along with the kprm file incase its needed. I didnt really thhink my system was infected up until I had that random error log pop up and later it filled the SSD seemingly by itself but ever since I had it infected originally its been rather iffy even after the clean install.

As for the DXDIAG I had to run it as Im currently seeking game related support on another forum since the microsoft store is filled with bugs and a game kept going back to the title screen everytime Id tab out then the support fix just made it close on start

mbst-grab-results.zip kprm-20220405163015.txt

[Maurice Naggar]

Do not play games , nor get games while this case is on-going. Do not make changes on your own. As I said, please Stop poking about. I am going to review the support tools report. Then later get back to you.

I will guide you along on looking for potential malware ( IF any are actually present). Lets keep these principles as we go along.

• Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
• Only run the tools I guide you to.
• Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.

[Nkvd]

Will do.

For whatever reason the check results point to 35 detections even though Ive never had any actual nofitication of a detection.

[Maurice Naggar]

Pleae ...please...stop trying to self-diagnose. Let's halt your poking about. First, the most recent MB scans did not report a threat. The latest support-report shows there have been 39 scan runs since the last setup of Malwarebytes app. Anyhow, leave the diagnosis to me. I want to guide you and get this squared away.
[ 1 ]
Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[ 2 ]

Close all web browsers  ( Chrome, Firefox, Edge, etc.)
Launch Malwarebytes for Windows.
Cick the gear-like Settings icon on the top-right bar.
On the General tab
look down to "Manual scan perfoirmance" impact
click the selection "Manual scans take less priority ( less performamnce impact"

click the Security column tab
Look down to "Scan options"
on the line "Scan for rootkits) set that to the left-side ( off position)
That is the normal default position.

Now, click the small x on the second bar at top
Now, click the blue Scan button on the Scanner section.
After the scan has finished, Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

[Nkvd]

Here is the scan log.

My apologies for the self diagnosing, its a habit I developed since where Im from thats the only way to make sure everything is looked at. I trust your services and know they are of quality but still have that bad habit of mine.

MBScanLog.txt