Jump to content

Riskware - shownewpic.com

Sue123

By Sue123
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @Sue123 and :welcome:

Let us get some logs please to see what might be going on.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download the attached fixlist.txt file and save it to the C:\Users\suesu\Downloads\  folder.
NOTE. It's important that both files, C:\Users\suesu\Downloads\FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run the Farbar program  C:\Users\suesu\Downloads\FRSTEnglish.exe  and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log in this folder C:\Users\suesu\Downloads\ (Fixlog.txt) or wherever you ran Farbar from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
Sue123

Sue123

Posted
  • Author
Posted

Thank you for these next steps.

 

I have disabled the Malwarebytes real-time anti-virus. I have also disabled Windows Defender. However, when I ran Farbar program as per your above instructions, after 4 hours it still said

“scanning and repairing drive” even though it stated 100% complete it stil appeared to be working. After 4 hours I had to turn off my computer and restart it as I needed to get some work done. Should it take that long?

Or did I do something wrong with how I disabled the Malwarebytes and Window's defender programs?  Sorry, but I'm not good at this stuff at all.

Sue 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hi. I'm making suggestions here, till @AdvancedSetup returns.
You report having restarted the system so 2 things.
Insure that Windows Defender is ON & if you have Malwarebytes Premium, be sure it is ON.
The other thing, look for Fixlog.txt and be sure to attach it on your next reply.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites
Sue123

Sue123

Posted
  • Author
Posted

Thank you Maurice. But, I don't think the scan and repair worked as it never stopped working on it (had that circle thinking image for 4 hours today - I forced a shut off as I had to get work done and couldn't wait any longer)
I tried to find the c drive to get the fixit log and didn't see anything so figure something went wrong - hence my above question.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Good morning. Any news on the Fixlog ?
also, I suggest you do what follows:

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then be sure to close all web browsers.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Good day @Sue123

Sorry for the delay, my wife wanted to take a small trip.

Please restart your computer. Then right-click on the Malwarebytes tray icon and exit out of the program if it's running.

Then download the FIXLIST.txt file again to your downloads folder. Then right-click on C:\Users\suesu\Downloads\FRSTEnglish.exe as before and click on the FIX button.

 

If you have other questions or issues, please let me know.

Thank you

 

Link to post
Share on other sites
Sue123

Sue123

Posted
  • Author
Posted

Thank you Ron. I did that already. Did you see my question above right after that initial instruction?  I did that and my computer did it's thing and then went to restart mode. It was in that mode for over 4 hours and etc (as above).  My question is is that ok and did I just not wait long enough? I don't wnat to go through that all again if there is something wrong.

thank you.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Did it create a log named FIXLOG.txt ?  If so I'd like to get that log.

If not then go ahead and run the Farbar scanner with Admin rights and just click on the SCAN button as before and let me get those new logs, but if you have FIXLOG.txt I'd like to get that.

  • FRST.txt
  • Addition.txt
  • FIXLOG.txt
  •  

Thanks

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you.

Overall the cleaning went pretty well. Microsoft found and fixed some Operating System file issues.

Some unwanted items were removed and the system check-up went pretty well. 

 

Please review your search and see if you can fix it or reindex it.

 

How to Reset & Rebuild Windows Search Index Completely
https://www.winhelponline.com/blog/reset-rebuild-windows-search-index-fix-problems/

 

Then, please open Malwarebytes. Go to Settings, General, and click on the Check for updates button. Then after it updates restart your computer.

Then run the following scan for me. I'll check back on you tomorrow if possible, if not then on Monday for sure. I'm heading to get some rest.

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Link to post
Share on other sites
Sue123

Sue123

Posted
  • Author
Posted

HI - thank you for your very late help last night. Amazing.

I've run the scan as you suggested via Online Scanner and it detected zero viruses or other infections. Therefore there is no scan log file to attach for you.
Does this mean I'm ok now?
Sue

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The fixlog you posted shows it did complete, so that's good for us.

Please right-click over Malwarebytes tray icon and exit out of the program and run the following

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites
Sue123

Sue123

Posted
  • Author
Posted

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 25.04.2022 00:34:32
Path starting: C:\Users\suesu\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: suesu
VersionXML: 9.73is-23.04.2022
___________________________________________________________________________

Windows 10(6.3.19043) (x64) Professional Release: 2009 Lang: English(0409)
Installation date OS: 15.06.2021 00:08:56
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [464.6 Gb] Used: [67.2 Gb] Free: [397.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
Malwarebytes (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.4.168 v.4.5.4.168 Warning! Download Update
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.15028.20204
LibreOffice 7.2.4.1 v.7.2.4.1 Warning! Download Update
Dell SupportAssist v.3.10.4.18
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.065.0412.0004
-------------------------- [ IMAndCollaborate ] ---------------------------
GoToMeeting 10.19.0.19950 v.10.19.0.19950
WhatsApp v.2.2212.8
Zoom v.5.9.1 (2581) Warning! Download Update
Telegram Desktop version 3.7.1 v.3.7.1
---------------------------- [ ProxyAndVPNs ] -----------------------------
ProtonVPN v.1.25.2 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Google Chrome v.100.0.4896.127
Microsoft Edge v.100.0.1185.50
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1250
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1035
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please go ahead and uninstall, update, or otherwise address the items above as appropriate for your system.

Then download and run the following scanner as well. You will need to send them your email address to get a link to download the scanner.

 

 

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient...

 

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your next reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result...

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Please attach that log on your next reply

Thank you

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.