Jump to content

Please may I have some further assistance with malware removal?


Recommended Posts

I have skimmed your other posts. I wanted to get clarification & detail from you. and convey some things.
If and when the Helpdesk agent at Malwarebytes Support makes the first reply, we should only have one person helping you so as to avoid conflict.
You will have to let them know I have started helping you here.
Need clarification from you on this line you posted "My P.C. freezes on restart after suspected malware found."
Which application security program was that ?
Can you relay a copy of that report?

You need to make mention if this pc is running Windows 10 or Windows 11.
and I suggest you try to restart Windows in Safe Mode with Networking  ( as much as possible)

As to "spam" flagging when & if you post; some hints
Watch carefully the phrasing you use
Try using a different web browser when connecting to this forum.

Advancedsetup should have a break to enjoy the weekend. I can help you along. Try what I have suggested, if possible. Just be sure to answer my questions above.

Link to post
Share on other sites

Let us see if you could simply just get this machine powered off and then Restarted.

*Do unplug all devices from your computer, including: Printers, copiers, external attached devices, etc.*
*The only devices you should leave attached to your computer are your monitor, mouse and keyboard, if the computer is a desktop.*
*And if this PC is a laptop or notebook be sure it is directly connected to Power with power cord.*

Turn off your pc. By pushing the power off button.
IF the machine is a laptop or a notebook, press and Hold the button all the way down until you can hear the disc to stop spinning.

  1. Wait about a minute.
  2. Then press and hold the SHIFT-key on keyboard ( and keep holding till after Windows is all loaded & settled in.)
  3. Then do a power on to Restart your pc. 
  4. Then let Windows load up.
Link to post
Share on other sites

  • Root Admin

You should be able to post now @Y01

Let us get some logs please.

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

 

 

Link to post
Share on other sites

Hello I have run the scans and attached as requested and also added a bit of background to what's happened so far, which may or may not be of some use.

I did not need to disable my antivirus software but I wanted to ask, it has a piece of malware in quarantine and so if I did need to disable it as we go along, should I delete the malware first?

Thanks for taking the time to help me.

 

 

Edited by AdvancedSetup
Removed an invalid link and logs
Link to post
Share on other sites

  • Root Admin

Let's go ahead and temporarily uninstall AVG Antivirus from the Control Panel.

Then enable Windows Defender and check for updates. Then do a Quick Scan with Windows Defender.

 

Once that has been completed let's go ahead and do a scan with ESET as well. For now, don't worry about any files in quarantine with Malwarebytes. Leave them alone, they're not a threat to you while in quarantine.

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

 

Link to post
Share on other sites

Ok. I will do all the above. I wanted to ask, what does all the code in my AVG screen shot mean? Is it the GUID for my device? I was concerned after posting that it identifies my computer and leaves me vulnerable, but I cannot delete the attachment (and too late now as it has been in the public domain). I didn't realise the attachment would be visible.

Link to post
Share on other sites

Ok. Can you see the image I posted? I am worried that the UUID after the file name relates to my MAC address. Is this the case? Please can you advise me as I am really worried and the image is public. I can see it even when I am logged out of the forum. If it is. Can you please delete the post above and the one with the logs and I will respond the logs minus the image. Thanks.

Link to post
Share on other sites

  • Root Admin

Image removed, logs removed. If you're that concerned then it may be better for you to physically take the computer to a repair shop and pay to have them fix it in private. We have cleaned thousands of computers for over 15 years and not a single incidence of anyone being targeted by logs posted here on the forums.

We need to see logs in order to help you.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.